base/misc/find-filtered-trace.zeek¶
- FilteredTraceDetection¶
Discovers trace files that contain TCP traffic consisting only of
control packets (e.g. it’s been filtered to contain only SYN/FIN/RST
packets and no content). On finding such a trace, a warning is
emitted that suggests toggling the detect_filtered_trace
option may be desired if the user does not want Zeek to report
missing TCP segments.
- Namespace
FilteredTraceDetection
Summary¶
State Variables¶
Flag to enable filtered trace file detection and warning message. |
Detailed Interface¶
State Variables¶
- FilteredTraceDetection::enable¶
-
Flag to enable filtered trace file detection and warning message.