Hi all,
Please ignore my previous unfinished Email.
I am a new Bro user, I did few experiments to read the same DNS trace file via Bro online version and Bro from my personal PC. The version number is 2.3.1.
I got some interesting results. the online version checks UDP port 53 5353 and 5355.
id.resp_p proto trans_id query
5353 UDP 0 sc-cs
53 UDP 533 2.0.0.0.0.0…ip6.arpa
But, the one on my PC only checks port 5353 and 5355.
id.resp_p proto trans_id query
5353 UDP 0 sc-cs
53 UDP 533 -
Is this a configuration issue? And is there a way that I can configure my Bro to check port 53?
Thanks
Steven