[Bro] GSSAPI - kerberos issue
Seth Hall
seth at icir.org
Wed Oct 26 05:57:43 PDT 2016
> On Oct 26, 2016, at 8:01 AM, william de ping <bill.de.ping at gmail.com> wrote:
>
> By looking with wireshark through pcaps containing relevant transactions, i found out that these bytes are preceded by 6 more bytes in both smb1 and smb2 (they change from session to session, possibly a part of the ASN1Meta that is wrongly parsed?)
I would like to fix this for the 2.5 release. Do you have some packets I could take a look at?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list