Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

BIT-342: add "icmp_sent_payload" event.

Browse source
This commit is contained in:
Jon Siwek 2015-03-18 16:16:24 -05:00
parent 567073ac09
commit 981be3b670
6 changed files with 51 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/Baseline/core.icmp.icmp_sent/out Normal file
View file

@ -0,0 +1,2 @@
icmp_sent, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T]
icmp_sent_payload, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T], 20

BIN
testing/btest/Traces/icmp/icmp_sent.pcap Normal file
View file

Binary file not shown.

12
testing/btest/core/icmp/icmp_sent.bro Normal file
View file

@ -0,0 +1,12 @@
# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out
# @TEST-EXEC: btest-diff out
event icmp_sent(c: connection, icmp: icmp_conn)
{
print "icmp_sent", c$id, icmp;
}
event icmp_sent_payload(c: connection, icmp: icmp_conn, payload: string)
{
print "icmp_sent_payload", c$id, icmp, |payload|;
}