mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
ee12a7a6e7
Using pcaps from https://interop.seemann.io/ as samples for QUIC protocol data didn't produce a conn.log for the contained data. `tcpdump -r` and Wireshark do show the contained IP/UDP packets. Teach Zeek how to handle link type DLT_PPP 0x09 using a new PPP analyzer based on the PPPSerial analyzer code. Usual update to files/x509 baseline after adding new analyzer due to enum values changing.
13 lines
925 B
Text
13 lines
925 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path conn
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
|
0.000000 CHhAvVGS1DHFjwGM9 :: 135 ff02::1:ff00:3 136 icmp - 0.008000 48 0 OTH T F 0 - 2 144 0 0 -
|
|
0.016059 ClEkJM2Vm5giqnMf4h :: 135 ff02::1:ff00:4 136 icmp - 0.002000 48 0 OTH T F 0 - 2 144 0 0 -
|
|
0.669020 C4J4Th3PJpwUYZZ6gc 193.167.0.100 42834 193.167.100.100 443 udp - 0.112400 4039 11996 SF F F 0 Dd 10 4319 12 12332 -
|
|
#close XXXX-XX-XX-XX-XX-XX
|