mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
6 lines
248 B
Text
6 lines
248 B
Text
# Capture TCP fragments, but not UDP (or ICMP), since those are a lot more
|
|
# common due to high-volume, fragmenting protocols such as NFS :-(.
|
|
|
|
redef capture_filters += { ["frag"] = "(ip[6:2] & 0x3fff != 0) and tcp" };
|
|
|
|
redef frag_timeout = 5 min;
|