[Oisf-users] smb1/smb2

erik clark philosnef at gmail.com
Mon Dec 11 17:46:58 UTC 2017

Is there a convenient way to do app-layer protocol alerting to see what on
the network is using smb1 and what is using smb2? I see from:


   - smb
   - smb2 (disabled internally inside the engine)

We would like to classify all smb traffic by its version, and an app-layer
alert seems to be the best way to go about that, but I don't see how you
can alert on smb2? Just smb(1)? Thanks!

This would be a single purpose box with just those two rules on it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171211/1a308355/attachment.html>

More information about the Oisf-users mailing list