Following directions, I did:
Yeah, networks.cfg will be used only when running from broctl. For
testing, broctl has a command "process" that processes a trace with
(almost) the same configuration that it's using when running live See
the corresponding entry in
http://www.bro.org/sphinx-git/components/broctl/README.html#command-reference
Robin
Well, now I have a different problem, but the issue is somewhat tangential - unless that’s the only way for me to get Bro/broctl to tell me what it thinks my local networks are.
Issue with process: It bombs out with messages like:
error in /usr/local/bro-2.2/share/bro/policy/misc/loaded-scripts.bro, line 4: syntax error, at or near “module"
I’m running with
[BroControl] > process /path/to/pcap /path/to/test.bro
and I’ve also tried
process — /path/to/test.bro
process /path/to/pcap — /path/to/test.bro
Poor johanna was trying to help me, and his install works just fine.
So now I don’t *know* if I’ve got one issue, or two issues. 
Any ideas, Robin?
Mike
Actually I get this too, just tried it. That looks like a bug. Here's
a work-around that works for me: when you run the "process" commnand,
it prints out a long command line. Copy that, leave broctl, paste it
into your shell and then move your test script from its position
somewhere in the middle to the very end.
I don't know if this helps solving the original problem but it should
tell you if broctl sets the local networks correctly.
I'm also filing a ticket for this, I believe broctl should always move
the the custom scripts to the end of the command line.
Robin
error in /usr/local/bro-2.2/share/bro/policy/misc/loaded-scripts.bro, line 4: syntax error, at or near “module"
Actually I get this too, just tried it. That looks like a bug.
It worked for johanna as I’d originally described it. Maybe we should steal his test machine. 
Here's
a work-around that works for me: when you run the "process" commnand,
it prints out a long command line. Copy that, leave broctl, paste it
into your shell and then move your test script from its position
somewhere in the middle to the very end.I don't know if this helps solving the original problem but it should
tell you if broctl sets the local networks correctly.
Your workaround worked for me, and did print out what I thought local networks should be set to.
Justin had pointed out to me that I could use
bro $PREFIX/bro/spool/installed-scripts-do-not-touch/auto/local-networks.bro test.bro
which worked equally well.
He also suggested a slight change to my hook:
Site::is_local_addr(n$id$orig_h)
to
Site::is_local_addr(n$src)
and now I’m working on trying to trigger the flipping SSH password guessing logic so I can test, and not having a lot of luck. I have a remote host I can ssh scan with impunity, so I’ve fired hydra and a simple “connect to port 22 and disconnect” script at it with no joy. I should have picked an easier notice to start with, I guess.
Mike
However, if I write a test script:
----
@load base/utils/siteprint Site::local_nets;
----and run “bro test.bro” output is empty unless I first redef Site::local_nets += {}; with my ranges.
Obviously I’m doing something incorrect, but which is the most correct way to fix it? redef local_nets in my local.bro, or have I mistaken the format of the networks.cfg file? It contains:
Johanna points out that if the script is: