zeek/testing/btest/core/raw_packet.bro at 81a8961f16d72354022a97b51e0dd566f87232d6 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00

Jeff Barber 30fdc37479 Refactor to make bro use a common Packet object.

Do a better job of parsing layer 2 and keeping track of layer 3 proto.
Add support for raw packet event, including Layer2 headers.

2015-05-29 10:37:39 -04:00

9 lines

213 B

Text

Raw Blame History

 # @TEST-EXEC: bro -b -r $TRACES/raw_packets.trace %INPUT >output
 # @TEST-EXEC: bro -b -r $TRACES/icmp_dot1q.trace %INPUT >>output
 # @TEST-EXEC: btest-diff output
 event raw_packet(p: raw_pkt_hdr)
 	{
 	print p;
 	}