Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add support for DLT_LINUX_SLL2 PCAP link-type

Browse source
This commit is contained in:
Simeon Miteff 2022-08-15 15:32:20 +10:00
parent c887bcb517
commit b8f0acb5f1
13 changed files with 144 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
scripts/base/packet-protocols/linux_sll2/__load__.zeek Normal file
View file

@ -0,0 +1 @@
@load ./main

11
scripts/base/packet-protocols/linux_sll2/main.zeek Normal file
View file

@ -0,0 +1,11 @@
module PacketAnalyzer::LINUXSLL2;
event zeek_init() &priority=20
{
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x0800, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x86DD, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x0806, PacketAnalyzer::ANALYZER_ARP);
# RARP
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 0x8035, PacketAnalyzer::ANALYZER_ARP);
}