Newbie question on Bro and NetBIOS protocol

Hi,

i’m a newbie and i’m studying BRO: i’m using BRO in standard configuration without any plugin.

I have some problems with NetBIOS protocol: i’ve executed the test described below

  1. nbtstat “a specific IP”: i’ve obtained the NetBIOS name. Wireshark and Bro were in background

  2. From Wireshark i’m able to see two packets: the first is the NBSTAT name query, the second one its response.

  3. In Bro (under dns.log) i’m able to see only the query, but not its response…so i’m not able to see the netbios name.

What’s wrong?

Thanks in advance,

Alvin


That should be working. The best way to help debug this would be if you provided us with a trace containing some packets that exhibit this problem.

Thanks,
  .Seth