Hi,
i’m a newbie and i’m studying BRO: i’m using BRO in standard configuration without any plugin.
I have some problems with NetBIOS protocol: i’ve executed the test described below
-
nbtstat “a specific IP”: i’ve obtained the NetBIOS name. Wireshark and Bro were in background
-
From Wireshark i’m able to see two packets: the first is the NBSTAT name query, the second one its response.
-
In Bro (under dns.log) i’m able to see only the query, but not its response…so i’m not able to see the netbios name.
What’s wrong?
Thanks in advance,
Alvin