zeek/testing/btest/core/ether-addrs.bro at 81a8961f16d72354022a97b51e0dd566f87232d6 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00

Jan Grashoefer 50cf694aae Moved link-layer addresses into endpoints.

The link-layer addresses are now part of the connection endpoints
following the originator-responder-pattern. The addresses are printed
with leading zeros. Additionally link-layer addresses are also extracted
for 802.11 plus RadioTap.

2016-06-02 01:46:26 +02:00

11 lines

321 B

Text

Raw Blame History

 # @TEST-EXEC: bro -C -b -r $TRACES/wikipedia.trace %INPUT >>output
 # @TEST-EXEC: bro -C -b -r $TRACES/radiotap.pcap %INPUT >>output
 # @TEST-EXEC: btest-diff output
 event new_connection(c: connection)
 	{
 	if ( c$orig?$l2_addr && c$resp?$l2_addr )
 		print c$orig$l2_addr, c$resp$l2_addr;
         else
 		print "-", "-";
 	}