Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

BIT-788: use DNS QR field to better identify flow direction.

Browse source
This commit is contained in:
Jon Siwek 2015-03-19 11:53:40 -05:00
parent 3956df4407
commit 8efaae96cd
9 changed files with 38 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log
View file

@ -3,10 +3,10 @@
#empty_field (empty)
#unset_field -
#path weird
#open 2015-03-18-17-30-43
#open 2015-03-19-15-44-23
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1363716396.798286 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 DNS_RR_unknown_type 46 F bro
1363716396.798374 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 dns_unmatched_reply - F bro
1363716396.798374 - - - - - dns_unmatched_msg - F bro
#close 2015-03-18-17-30-44
#close 2015-03-19-15-44-23