[ https://bro-tracker.atlassian.net/browse/BIT-755?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
grigorescu updated BIT-755: --------------------------- Resolution: Fixed Status: Closed (was: Open) Seth managed to dig up the trace, and I ran master against it. At some point, this was fixed. > Bogus DNS_truncated_ans_too_short notice in weird.log for NetBIOS DNS > responses > ------------------------------------------------------------------------------- > > Key: BIT-755 > URL: https://bro-tracker.atlassian.net/browse/BIT-755 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Affects Versions: git/master > Reporter: Matthias Vallentin > Fix For: 2.4 > > > As part of the trace testing for 2.0, I found an issue with NetBIOS DNS > traffic. (To reproduce, run Bro on slice 10 trace 6.) The issue is that aach > NetBIOS DNS response elicits a {{DNS_truncated_ans_too_short}} notice. > Presumably this occurs because the DNS analyzer is not aware when it analyzes > NetBIOS traffic and always uses default DNS settings. > Here is an excerpt of {{weird.log}}: > {noformat} > #separator \x09 > #path weird > #fields ts uid id.orig_h id.orig_p id.resp_h > id.resp_p name addl notice peer > #types time string addr port addr port string string bool > string > 1258595204.973641 zXeo86cfbm7 192.168.1.1 137 192.168.1.103 > 137 DNS_label_len_gt_pkt - F bro > 1258595204.973641 zXeo86cfbm7 192.168.1.1 137 192.168.1.103 > 137 DNS_truncated_ans_too_short - F bro > 1258595929.455451 z4HTnleZ5K7 192.168.1.1 137 192.168.1.103 > 137 DNS_truncated_ans_too_short - F bro > 1258596653.936597 JabVxb51nSh 192.168.1.1 137 192.168.1.103 > 137 DNS_truncated_ans_too_short - F bro > 1258597378.402488 wP49IojzMDi 192.168.1.1 137 192.168.1.103 > 137 DNS_truncated_ans_too_short - F bro > 1258598102.868114 yFYuqEzJF87 192.168.1.1 137 192.168.1.103 > 137 DNS_truncated_ans_too_short - F bro > [..] > {noformat} -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev