policy/frameworks/dpd/packet-segment-logging.zeek

DPD

This script enables logging of packet segment data when a protocol parsing violation is encountered. The amount of data from the packet logged is set by the DPD::packet_segment_size variable. A caveat to logging packet data is that in some cases, the packet may not be the packet that actually caused the protocol violation.

Namespace:DPD
Imports:base/frameworks/dpd

Summary

Runtime Options

DPD::packet_segment_size: int &redef Size of the packet segment to display in the DPD log.

Redefinitions

DPD::Info: record
New Fields:

DPD::Info

packet_segment: string &optional &log

A chunk of the payload that most likely resulted in the protocol violation.

Detailed Interface

Runtime Options

DPD::packet_segment_size
Type:int
Attributes:&redef
Default:255

Size of the packet segment to display in the DPD log.