Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols/dce-rpc
History
Jon Siwek 31f60853c9 GH-646: add new "successful_connection_remove" event 
And switch Zeek's base scripts over to using it in place of
"connection_state_remove".  The difference between the two is
that "connection_state_remove" is raised for all events while
"successful_connection_remove" excludes TCP connections that were never
established (just SYN packets).  There can be performance benefits
to this change for some use-cases.

There's also a new event called ``connection_successful`` and a new
``connection`` record field named "successful" to help indicate this new
property of connections.
2019-11-11 19:52:59 -08:00
..
__load__.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
consts.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
dpd.sig Fixes for DCE_RPC analyzer 2016-10-08 10:00:26 -04:00
main.zeek GH-646: add new "successful_connection_remove" event 2019-11-11 19:52:59 -08:00
README Added missing README files for documentation 2016-10-10 22:55:50 -05:00

README 

Support for DCE/RPC (Distributed Computing Environment/Remote Procedure
Calls) protocol analysis.