Le 24/05/2013 15:32, Seth Hall a écrit : > On May 24, 2013, at 5:04 AM, [email protected] wrote: > >> Today I am looking at the SMB Analyzer, and I have few questions. >> -Why did you choose to anlayse the SNIA-CIFS version, and not the others >> ? (http://www.cifs.org/wiki/SMB/CIFS_References). Some of them have new >> dialects and don't match anymore :s . (I know, the SMB documentation is >> a real mess.. ). > Why do you say that we are implementing the SNIA-CIFS version? Because the version is given in the SMB.h file. Also, I have started to compare the SNIA documentation with the binpac code, and I confirm the SNIA version. > >> -Some events are not well written into the event.bif : >> For instance, the smb_com_negotiate event is build with 3 arguments > > What's in the release is not where the current development is. The current > version of the development is in the topic/seth/smb-smb2-work branch. ho.. so someone is still working on it? It has changed a lot, I will look closer at this branch. It will be merged for the next release?
Nicolas > .Seth > > -- > Seth Hall > International Computer Science Institute > (Bro) because everyone has a network > http://www.bro.org/ > _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
