base/misc/find-filtered-trace.zeek

FilteredTraceDetection

Discovers trace files that contain TCP traffic consisting only of control packets (e.g. it’s been filtered to contain only SYN/FIN/RST packets and no content). On finding such a trace, a warning is emitted that suggests toggling the detect_filtered_trace option may be desired if the user does not want Zeek to report missing TCP segments.

Namespace

FilteredTraceDetection

Summary

State Variables

FilteredTraceDetection::enable: bool &redef

Flag to enable filtered trace file detection and warning message.

Detailed Interface

State Variables

FilteredTraceDetection::enable
Type

bool

Attributes

&redef

Default

T

Flag to enable filtered trace file detection and warning message.