[Bro] Parsing Extension Mechanisms for DNS (EDNS0) Fields
Jim Mellander
jmellander at lbl.gov
Thu Oct 5 12:22:29 PDT 2017
Hi Ben:
If you look at share/bro/base/protocols/dns/main.bro, you will find that
the EDNS section is commented out, and labeled: TODO: figure out how to
handle these
So, its another area of Bro that Needs Work™
Take care,
Jim Mellander
ESNet
On Thu, Oct 5, 2017 at 4:31 AM, Benjamin Klimkowski <bhklimk at gmail.com>
wrote:
> All,
>
> I am trying to analyze the client subnet option (RFC 7871) in some of the
> network traffic where it is set. It is not appear in dns.log. Also it
> appears to cause an issue in weird.log.
>
> Is this a known issue or bug?
>
> Thanks,
>
> Ben
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171005/19dcbac0/attachment.html
More information about the Bro
mailing list