policy/frameworks/dpd/packet-segment-logging.zeek

DPD

This script enables logging of packet segment data when a protocol parsing violation is encountered. The amount of data from the packet logged is set by the DPD::packet_segment_size variable. A caveat to logging packet data is that in some cases, the packet may not be the packet that actually caused the protocol violation.

Namespace

DPD

Summary

Runtime Options

DPD::packet_segment_size: int &redef

Size of the packet segment to display in the DPD log.

Redefinitions

DPD::Info: record

New Fields

DPD::Info

packet_segment: string &optional &log

A chunk of the payload that most likely resulted in the analyzer violation.

Detailed Interface

Runtime Options

DPD::packet_segment_size
Type

int

Attributes

&redef

Default

255

Size of the packet segment to display in the DPD log.