[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bro
Subject:    [Zeek] not extracting file transmitted via smb2
From:       antwerp log <antwerplog44 () gmail ! com>
Date:       2021-08-15 11:43:44
Message-ID: CAKU3F_31Cjdw69L4d3Y9aD1-1J0PFV86tjjKbeTxogq=2grrEQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi everyone

I have a pcap file of a SMB2 file transfer.
tshark can extract the transferred file without any issue.
when running zeek with extract-all-files I do not see the file being
extracted.
Moreover, running dump-events on the pcap file, I see no file_new,
file_sniff events, only get_file_handle events

any suggestions ?
thanks

[Attachment #5 (text/html)]

<div dir="ltr">Hi everyone<div><br></div><div>I have a pcap file of a SMB2 file \
transfer.</div><div>tshark can extract the transferred  file without any \
issue.</div><div>when running zeek with extract-all-files I do not see the file being \
extracted.</div><div>Moreover, running dump-events on the pcap file, I see no \
file_new, file_sniff events, only  get_file_handle \
events</div><div><br></div><div>any suggestions ?</div><div>thanks</div></div>



--
zeek mailing list -- zeek@lists.zeek.org
To unsubscribe send an email to zeek-leave@lists.zeek.org

[prev in list] [next in list] [prev in thread] [next in thread]