mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 07:08:19 +00:00
2696ca3005
Mostly rewrote the parsing logic to support incremental parsing and to support parsing of client messages. Though I did not add events for client messages, that's easy to add later. Parsing now stops for both client and server if either encounters any parsing error or invalid state. After a complete handshake, server messages are no longer parsed. Support for that is incomplete and not sure it's that useful anyway since it mostly contains pixel data.
10 lines
539 B
Text
10 lines
539 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path rfb
|
|
#open 2019-04-03-20-57-33
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p client_major_version client_minor_version server_major_version server_minor_version authentication_method auth share_flag desktop_name width height
|
|
#types time string addr port addr port string string string string string bool bool string count count
|
|
1551120432.417278 CHhAvVGS1DHFjwGM9 192.168.0.11 46381 10.0.0.149 5900 003 008 003 008 VNC F - - - -
|
|
#close 2019-04-03-20-57-33
|