[Zeek] non_ip_packet_in_ethernet on a TCP three way handshake
Johanna Amann
johanna at icir.org
Mon Jun 24 13:46:09 PDT 2019
Hi Hui,
Just to check the obvious - did you look at the trace in
tcpdump/something else to check that it actually has correct ethernet
headers, etc?
Johanna
On 24 Jun 2019, at 13:24, Hui Lin (Hugo) wrote:
> Hi,
>
> I have a pcap containing only a TCP three way hand shake. When I tried
> this
> pcap in "try zeek" online with a simple tcp_packet event handler,
> nothing
> is print out and an non_ip_packet_in_ethernet warning is generated in
> the
> wierd log. Any idea what is going on?
>
> Best regards,
>
> Hui Lin
>
>
>
>
> --
> Hui Lin
> Ph.D. Candidate (http://hlin33.web.engr.illinois.edu/)
> DEPEND (http://depend.csl.illinois.edu/)
> ECE, Uni. of Illinois at Urbana-Champaign
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list