[Bro] GSSAPI - kerberos issue

Seth Hall seth at icir.org
Wed Oct 26 05:57:43 PDT 2016

> On Oct 26, 2016, at 8:01 AM, william de ping <bill.de.ping at gmail.com> wrote:
> By looking with wireshark through pcaps containing relevant transactions, i found out that these bytes are preceded by 6 more bytes in both smb1 and smb2 (they change from session to session, possibly a part of the ASN1Meta that is wrongly parsed?)

I would like to fix this for the 2.5 release.  Do you have some packets I could take a look at?


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list