This is probably a bug. That smb torture pcap is a notoriously bad
example (although it does exhibit some far, far edge case type of
behavior). I deliberately did not use that pcap as an example while I
was writing the SMB analyzer because it sent me down a lot of rabbit
holes that didn't pro
Bro-Dev Group,
ISSUE: I encountered an issue where Bro is not logging some rather
significant SMB1 commands in the smb_cmd.log file. I understand that some
SMB commands are deliberately omitted from the log (such as Negotiate
Protocol, Session Setup, and Tree Connect); however, I observe that an
