BIT-788: use DNS QR field to better identify flow direction.

2025-10-05 08:08:19 +00:00 · 2015-03-19 11:53:40 -05:00 · 2015-03-19 11:53:40 -05:00 · 8efaae96cd
commit 8efaae96cd
parent 3956df4407
9 changed files with 38 additions and 9 deletions
--- a/testing/btest/scripts/base/protocols/dns/flip.bro
+++ b/testing/btest/scripts/base/protocols/dns/flip.bro
@ -0,0 +1,3 @@
+# @TEST-EXEC: bro -r $TRACES/dns53.pcap
+# @TEST-EXEC: btest-diff dns.log
+# If the DNS reply is seen first, should be able to correctly set orig/resp.