Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base/protocols
History
Christian Kreibich b0f96fa22c Expand Conn::Info$duration comment to clarify TCP end-of-connection handling 
From Vern in GH-846: This is a conscious decision in the TCP analysis to
consider a connection's "duration" to run up through the end of its
productive (= data can be delivered) lifetime, not extending beyond that. So
once it's closed, packets seen subsequently (until the state-holding for the
connection times out) get processed in terms of updating the associated
history, but not the duration. This can include (unnecessarily) retransmitted
data packets, like in one of the examples above. An advantage of this definition
of "duration" is it allows more accurate computation of connection data rates.
2022-11-30 09:39:57 -08:00
..
conn Expand Conn::Info$duration comment to clarify TCP end-of-connection handling 2022-11-30 09:39:57 -08:00
dce-rpc Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
dhcp Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
dnp3 Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
dns Update DNS type strings to match correct mappings 2022-11-02 14:22:46 -07:00
ftp ftp: Limit pending commands to FTP::max_pending_commands (default 20) 2022-11-08 16:44:17 -07:00
http {http,smtp}/entities: Align header regexes with extract_filename_from_content_disposition() 2022-11-08 16:45:25 -07:00
imap Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00
irc annotate base scripts with &is_used as needed 2022-05-26 17:39:17 -07:00
krb Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
modbus Add a field to Modbus/TCP log to indicate the Modbus PDU type 2022-07-24 02:41:26 +00:00
mqtt Disable MQTT by default 2019-08-05 17:04:39 -07:00
mysql Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
ntlm scripts/dce-rpc,ntlm: Do not load base/frameworks/dpd 2022-08-31 16:50:37 +02:00
ntp &is_set => &is_assigned 2021-02-04 12:18:46 -08:00
pop3 Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
radius deprecation messages for unused base script functions 2022-05-27 14:36:30 -07:00
rdp Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
rfb Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
sip Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
smb smb: Drop references to uid_map in state. 2022-11-23 18:19:53 +01:00
smtp {http,smtp}/entities: Align header regexes with extract_filename_from_content_disposition() 2022-11-08 16:45:25 -07:00
snmp Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
socks Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
ssh ssh: Test for c$ssh$analyzer_id existence 2022-11-16 16:35:57 +01:00
ssl Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
syslog Remove trailing whitespace from script files 2021-10-20 09:57:09 -07:00
tunnels Add Teredo packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
xmpp Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00