[Zeek] Minimal packets to trigger events
Justin Azoff
justin at corelight.com
Mon May 13 12:33:48 PDT 2019
Perhaps not minimal in all cases, but the test suite is full of pcaps.
Take a look at https://github.com/zeek/zeek/tree/master/testing/btest/Traces
On Fri, May 10, 2019 at 5:02 PM Woot4moo <tscheponik at gmail.com> wrote:
>
> I am in the process of covering my team's feature set and we are using Behave (Python) to generate reports. Is there a collection of minimal PCAPs that the community maintains / scapy scripts to generate minimal PCAPs to trigger the events that Zeek supports?
>
> For example to trigger the "ssh_server_version(...)" event [https://docs.zeek.org/en/stable/scripts/base/bif/plugins/Bro_SSH.events.bif.bro.html#id-ssh_server_version] it requires 4 packets (TCP handshake + 1 additional packet)
>
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
More information about the Zeek
mailing list