Hi,
I just started using bro for doing traffic analysis. It seems to be hanging for some of the traces and i don’t know how to use the -t (timeout) option because the problem might be related to unanswered dns requests.
$bro -r trace.pcap tcp alarm weird
/opt/local/share/bro/policy/scan.bro, line 92: warning: no such host: j5004.inktomisearch.com
/opt/local/share/bro/policy/scan.bro, line 92: warning: no such host: j5005.inktomisearch.com
/opt/local/share/bro/policy/scan.bro, line 93: warning: no such host: j5006.inktomisearch.com
/opt/local/share/bro/policy/scan.bro, line 93: warning: no such host: j100.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 93: warning: no such host: j101.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 94: warning: no such host: j3002.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 94: warning: no such host: si3000.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 94: warning: no such host: si3001.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 95: warning: no such host: si3002.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 95: warning: no such host: si3003.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 95: warning: no such host: si4000.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 96: warning: no such host: si4001.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 96: warning: no such host: si4002.inktomi.com
/opt/local/share/bro/policy/scan.bro, line 96: warning: no such host: wm3018.inktomi.com
line 1: warning: event handlers never invoked:
line 1: warning: account_tried
Thanks for your help,
diana