mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
2c8b97c522
The NTP mode provides us with the identity of the endpoints. For the simple CLIENT / SERVER modes, flip the connection if we detect orig/resp disagreeing with what the message says. This mainly results in the history getting a ^ and the ntp.log / conn.log showing the corrected endpoints. Closes #2998.
11 lines
717 B
Text
11 lines
717 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path conn
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.95 123 17.253.4.253 123 udp - 0.959285 96 0 S0 T F 0 D^ 2 152 0 0 -
|
|
#close XXXX-XX-XX-XX-XX-XX
|