[Zeek] Method to detect tcp urgent flag
Tyrone Smith
tyrone at udel.edu
Wed Apr 1 09:39:07 PDT 2020
Hi,
First time posting. Links to documentation and RTM comments are welcome
responses. Please be patient.
Is there an easy method to trigger an event based on the TCP urgent flag?
I am looking at Zeek::TCP tcp_packet but it is listed as a low level and
noisy event. I'd like to setup something that leverages Zeek instead of a
separate tcpdump. I'd like to use connection events but I do not see an
easy way to detect if the urgent flag is set.
If anyone has ideas/solutions better than tcp_packet or tcpdump, I'd love
to get that feedback. Thanks.
Tyrone Smith
University of Delaware
Security Operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200401/3abe3e07/attachment.html
More information about the Zeek
mailing list