mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 12:38:20 +00:00
ee12a7a6e7
Using pcaps from https://interop.seemann.io/ as samples for QUIC protocol data didn't produce a conn.log for the contained data. `tcpdump -r` and Wireshark do show the contained IP/UDP packets. Teach Zeek how to handle link type DLT_PPP 0x09 using a new PPP analyzer based on the PPPSerial analyzer code. Usual update to files/x509 baseline after adding new analyzer due to enum values changing.
4 lines
196 B
Text
4 lines
196 B
Text
# @TEST-DOC: PCAP from https://interop.seemann.io/ with DLT_PPP linklayer and no HDLC framing.
|
|
#
|
|
# @TEST-EXEC: zeek -r $TRACES/ppp/quic-interop-retry.pcap %INPUT
|
|
# @TEST-EXEC: btest-diff conn.log
|