Hi there,
I have numerous of these errors in my logs: no matching case in switch statement (/usr/local/zeek/var/lib/zkg/clones/package/spicy-dns/analyzer/analyzer.spicy:133:5-149:7)
While looking at the packets, it turns out they all are Netbios host announcements (broadcast packets) on port 138.
Plugin version:
$ zkg info spicy-dns
“GitHub - zeek/spicy-dns: Spicy-based analyzer for the DNS protocol” info:
url: GitHub - zeek/spicy-dns: Spicy-based analyzer for the DNS protocol
versions: [‘v0.0.1’, ‘v0.0.2’, ‘v0.0.3’, ‘v0.0.4’, ‘v0.0.5’]
install status:
current_hash = 986c747b790c77f1a7c15bd05d73fa6dd2471b7b
current_version = v0.0.5
is_loaded = True
is_outdated = False
is_pinned = False
tracking_method = version
metadata file: /usr/local/zeek/var/lib/zkg/clones/package/spicy-dns/zkg.meta
metadata (from version “v0.0.5”):
build_command = mkdir -p build && cd build && SPICYZ=$(command -v spicyz || echo %(package_base)s/spicy-plugin/build/bin/spicyz) cmake … && cmake --build .
description = Spicy-based analyzer for the DNS protocol.
plugin_dir = build/spicy-modules
script_dir = analyzer
summary = Spicy-based analyzer for the DNS protocol
test_command = cd tests && PATH=$(zkg config plugin_dir)/packages/spicy-plugin/bin:$PATH btest -d -j $(nproc)
Anyone interested in a packet capture? Or should I report this somewhere else?
Friendly regards, John