Error in Netbios analyzer

Danilo_Nicolo · March 27, 2015, 5:22pm

Hi all,

I’m working on an application based on Bro and we need to use SMB and Netbios analyzers at the moment.
If I try to use the NetBIOS SSN analyzer found in the master git, I receive an error when I try to enable the analyzer.

Analyzer::enable_analyzer(Analyzer::ANALYZER_NETBIOSSSN);

Analyzer::register_for_ports(Analyzer::ANALYZER_NETBIOSSSN, ports);

This is the received error:

Internal error: unknown analyzer name NETBIOS; mismatch with tag analyzer::Component?

So I have seen the NetbiosSSN.cc file and I have found the line that should be fixed.

At line 458 you can see that

NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(Connection* conn) :tcp::TCP_ApplicationAnalyzer(“NETBIOS”, conn)

I’ve changed “NETBIOS” string to “NETBIOSSN”, then re-built it and Bro worked.

Can you let me know that this fix is correct?

Thank you.

Best regards,
Danilo

Seth_Hall3 · March 27, 2015, 6:43pm

If you’re working with master, that code is no longer current. You also don’t want to rely on Bro for SMB analysis right now either as the analyzer is incomplete and broken.

.Seth

Danilo_Nicolo · March 30, 2015, 9:06am

Hi Seth,

Sorry, but I don’t understand.I’m only using your NetBIOS analyzer in the master branch (without SMB) and I’ve found that code in the tree master at https://github.com/bro/bro/blob/master/src/analyzer/protocol/netbios/NetbiosSSN.cc line 459.

Could you explain me where I’m making mistakes?

Thank you very much.

Regards,
Danilo

Topic		Replies	Views
Bro 2.5.4 release (security update) Zeek	1	61	May 6, 2022
SMB Event Prototype Issue Zeek	4	66	May 6, 2022
DNS Zeek	2	68	May 6, 2022
SMB2 module Zeek	10	104	May 6, 2022
analysis-groups Zeek	2	55	May 6, 2022

Error in Netbios analyzer

Related Topics