i’m a newbie and i’m studying BRO: i’m using BRO in standard configuration without any plugin.
I have some problems with NetBIOS protocol: i’ve executed the test described below
nbtstat “a specific IP”: i’ve obtained the NetBIOS name. Wireshark and Bro were in background
From Wireshark i’m able to see two packets: the first is the NBSTAT name query, the second one its response.
In Bro (under dns.log) i’m able to see only the query, but not its response…so i’m not able to see the netbios name.
Thanks in advance,