Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

add signature for dtls client hello

Browse source
This commit is contained in:
Johanna Amann 2015-03-18 11:58:46 -07:00
parent 90bc5add6e
commit 58ed2eb9ae
2 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
scripts/base/protocols/ssl/dpd.sig
View file

@ -13,3 +13,10 @@ signature dpd_ssl_client {
payload /^(\x16\x03[\x00\x01\x02\x03]..\x01...\x03[\x00\x01\x02\x03]|...?\x01[\x00\x03][\x00\x01\x02\x03]).*/
tcp-state originator
}
signature dpd_dtls_client {
ip-proto == udp
# Client hello.
payload /^\x16\xfe[\xff\xfd]\x00\x00\x00\x00\x00\x00\x00...\x01...........\xfe[\xff\xfd].*/
enable "dtls"
}