You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Victor Julien e4023b5182 pcap: implement LINKTYPE_NULL ... Implement LINKTYPE_NULL for pcap live and pcap file. From: http://www.tcpdump.org/linktypes.html "BSD loopback encapsulation; the link layer header is a 4-byte field, in host byte order, containing a PF_ value from socket.h for the network-layer protocol of the packet. Note that ``host byte order'' is the byte order of the machine on which the packets are captured, and the PF_ values are for the OS of the machine on which the packets are captured; if a live capture is being done, ``host byte order'' is the byte order of the machine capturing the packets, and the PF_ values are those of the OS of the machine capturing the packets, but if a ``savefile'' is being read, the byte order and PF_ values are not necessarily those of the machine reading the capture file." Feature ticket #1581		10 years ago
..
Makefile.am	Make sure tls-events is part of the dist	12 years ago
decoder-events.rules	pcap: implement LINKTYPE_NULL	10 years ago
dns-events.rules	dns: fix message of decoder rule 2240008	12 years ago
files.rules	file handling: add example files.rules file	14 years ago
http-events.rules	http: add event for suspicious method delimeter	11 years ago
smtp-events.rules	Add example smtp decoding events rules file.	14 years ago
stream-events.rules	stream: detect and filter out bad window updates	11 years ago
tls-events.rules	tls: check SSL3/TLS version per record	11 years ago