[Zeek] Minimal packets to trigger events
Woot4moo
tscheponik at gmail.com
Fri May 10 13:54:07 PDT 2019
I am in the process of covering my team's feature set and we are using
Behave (Python) to generate reports. Is there a collection of minimal PCAPs
that the community maintains / scapy scripts to generate minimal PCAPs to
trigger the events that Zeek supports?
For example to trigger the "ssh_server_version(...)" event [
https://docs.zeek.org/en/stable/scripts/base/bif/plugins/Bro_SSH.events.bif.bro.html#id-ssh_server_version]
it requires 4 packets (TCP handshake + 1 additional packet)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190510/3a25a12b/attachment.html
More information about the Zeek
mailing list