[Bro] - mismatch between conn's service and analyzer
william de ping
bill.de.ping at gmail.com
Thu Sep 27 07:04:27 PDT 2018
Hi all,
At various occasions I've came across a conn log indicating a session's
service as dns (udp port 53).
Yet I do not see that UID from bro's DNS log.
Any ideas why ?
Does conn's service field should indicate the bro analyzer being used ?
Thank you
B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180927/a59b6e31/attachment.html
More information about the Bro
mailing list