base/misc/find-filtered-trace.zeek
- FilteredTraceDetection
Discovers trace files that contain TCP traffic consisting only of
control packets (e.g. it’s been filtered to contain only SYN/FIN/RST
packets and no content). On finding such a trace, a warning is
emitted that suggests toggling the detect_filtered_trace
option may be desired if the user does not want Zeek to report
missing TCP segments.
- Namespace:
FilteredTraceDetection
Summary
State Variables
Flag to enable filtered trace file detection and warning message. |
Detailed Interface
State Variables
- FilteredTraceDetection::enable
-
Flag to enable filtered trace file detection and warning message.