• Support
  • Forums
  • Blogs

Events from Snare have blank src/dst IPs (0.0.0.0) - WINS lookup problem, perhaps?

vsolemvsolem

Big Time
+6
In the events that arrive from Snare I see blank source and destination IP addresses.  Is this because the windows host name is not in DNS, but in a WINS server?

If so, can I do one of the following?
(1) Have it use the hostname instead of doing the lookup.
(2) "Teach" it to ask the wins server for the address (e.g. to check nslookup and then smblookup).

Any pointers are welcome.
-Vik

Share post:

This discussion has been closed.