Spicy-dns error: expecting 1 bytes for unpacking value (/usr/local/zeek/var/lib/zkg/clones/package/spicy-dns/analyzer/analyzer.spicy:109:10)

zeek / spicy-dns

Spicy-based analyzer for the DNS protocol

Other

2 stars 1 forks source link

Spicy-dns error: expecting 1 bytes for unpacking value (/usr/local/zeek/var/lib/zkg/clones/package/spicy-dns/analyzer/analyzer.spicy:109:10) #10

Closed Politie-SOC closed 1 year ago

Politie-SOC commented 1 year ago

Hi,

I found another Spicy-DNS error which occurs numerous times in our logs: expecting 1 bytes for unpacking value (/usr/local/zeek/var/lib/zkg/clones/package/spicy-dns/analyzer/analyzer.spicy:109:10)

DNS response packet caused above error, see attached pcap with 2 packets. Plugin version v0.0.6

Thanks for looking into this.

unpack_error:109:10.pcap.gz

bbannier commented 1 year ago

@Politie-SOC, it looks like the PCAP you attached above contains no traffic and does not trigger the issue for me. Could you attach another PCAP which shows this behavior?

Politie-SOC commented 1 year ago

Sorry, that was the wrong file I attached. The following should be the one. analyzer.spicy:109:10.pcap.gz