Parser DNS TXT data parsing and logging
I am trying to detect DNS Tunneling.
For this I use the DNS logger in Suricata 2.0.
But when TXT answers have lot of data, the DNS logger say '<no data>'.
Sorry is not the parser but the DNS logger.
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 2.0.1rc1
I think this is only matter of extending the dns loggers. If it turns out to be more involved it will likely go into 2.1.
- Target version changed from 2.0.1rc1 to 2.0.2
- % Done changed from 0 to 50
- Tracker changed from Bug to Feature
- Subject changed from Parser DNS no parsing TXT data to Parser DNS TXT data parsing and logging
I have tested it but it seems still not working,saying again <no data> with 90dns22.pcap
I'm not getting any 'no data' with this branch, are you sure you tested the branch from pull request 967?
Sorry, i made a mistake with my suricata.
It's logging correctly the answers now.
Thank you for your help. You can close the ticket. :)
- Status changed from Assigned to Closed
- % Done changed from 50 to 100
Also available in: Atom