mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
c1b3c9593b
Any port in that set found as either source or destination port of a UDP packet will cause the "udp_contents" event to be raised.
9 lines
263 B
Text
9 lines
263 B
Text
# @TEST-EXEC: zeek -b -r $TRACES/rpc-portmap-sadmind.pcap %INPUT >out
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
redef udp_content_ports += { 54790/udp };
|
|
|
|
event udp_contents(c: connection, is_orig: bool, contents: string)
|
|
{
|
|
print "Contents:", c$id, is_orig, |contents|;
|
|
}
|