Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log
Jon Siwek 2f918ed9b2 Merge branch 'topic/dopheide/known-services' of https://github.com/dopheide-esnet/zeek 
- Updated the logic significantly: still filters out ICMP from being
  considered an active service (like before) and adds a new
  "Known::service_udp_requires_response" option (defaults to true) for
  whether to require UDP server response before being considered an
  active service.

* 'topic/dopheide/known-services' of https://github.com/dopheide-esnet/zeek:
  Log services with unknown protocols
2020-05-29 17:19:47 -07:00

13 lines
401 B
Text
Raw Blame History

#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path known_services
#open 2020-05-29-22-19-22
#fields ts host port_num port_proto service
#types time addr port enum set[string]
1308930691.089263 172.16.238.131 22 tcp SSH
1308930694.550308 172.16.238.131 80 tcp HTTP
1308930703.068148 172.16.238.2 53 udp DNS
1308930718.361665 172.16.238.131 21 tcp FTP
#close 2020-05-29-22-19-22
Reference in a new issue View git blame Copy permalink