[Zeek-Dev] Dealing with directional out-of-order packet?
Jon Siwek
jsiwek at corelight.com
Tue Jun 25 10:18:20 PDT 2019
On Mon, Jun 24, 2019 at 6:34 PM Song <oldpopsong at qq.com> wrote:
> So my question is: is this other-side gap information available in
> Binpac?
Is it already available in the form you'd prefer? Possibly not. You
can maybe look at whether TCP_Analyzer::IsPartial() and
TCP_Analyzer::HadGap() could be used to detect the situation.
Can the exact information you want be made available? If this is in
the context of your own custom analyzer, you can store any arbitrary
state in the analyzer that you want and access it from BinPAC code.
Ideally, this sounds like something to fix in the capture setup, not
to try to generally workaround in BinPAC/Zeek.
- Jon
More information about the zeek-dev
mailing list