[Bro] Help enabling SMB protocol detection
Will Hawkins
whh8b at virginia.edu
Mon Aug 6 11:29:36 PDT 2018
Hello Bro Community!
First, let me apologize for asking a very dumb question. I have
sincerely tried to RTFM and I have done my research (Google, right/)
but cannot seem to find the answer. I am attempting to analyize a pcap
file that contains lots of SMB traffic using bro. I have a version of
bro with built-in SMB protocol support:
$ bro -n Bro::SMB
Bro::SMB - SMB analyzer (built-in)
That said, when I run
bro -C -r ../XXX.pcapng
I do not get a smb.log. That leads me to believe that SMB analysis is
not enabled. I've tried looking for bro files in /usr/share/protocols/
(etc) and cannot seem to find any. Editing a bro config file and
adding
@load base/protocols/smb
gives me an error on bro startup.
Can you tell me what stupid thing I am doing wrong? Thank you very
much for your help. Again, I am sorry that this is such a silly
question. I wish that I could answer it on my own!
Will
More information about the Bro
mailing list