[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: Re: [Zeek] Minimal packets to trigger events
From: Justin Azoff <justin () corelight ! com>
Date: 2019-05-13 19:33:48
Message-ID: CAPfnCuhueC8BZSyr5_k9mLEitpe-KianhD=2TF6NPJKfrs-LOA () mail ! gmail ! com
[Download RAW message or body]
Perhaps not minimal in all cases, but the test suite is full of pcaps.
Take a look at https://github.com/zeek/zeek/tree/master/testing/btest/Traces
On Fri, May 10, 2019 at 5:02 PM Woot4moo <tscheponik@gmail.com> wrote:
>
> I am in the process of covering my team's feature set and we are using Behave \
> (Python) to generate reports. Is there a collection of minimal PCAPs that the \
> community maintains / scapy scripts to generate minimal PCAPs to trigger the events \
> that Zeek supports?
> For example to trigger the "ssh_server_version(...)" event \
> [https://docs.zeek.org/en/stable/scripts/base/bif/plugins/Bro_SSH.events.bif.bro.html#id-ssh_server_version] \
> it requires 4 packets (TCP handshake + 1 additional packet)
>
> _______________________________________________
> Zeek mailing list
> zeek@zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
_______________________________________________
Zeek mailing list
zeek@zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic