You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently a protocol analyzer needs to be declared to analyze either TCP or UDP traffic, and it is e.g., not possible to declare a Spicy analyzer which can analyze both TCP or UDP.
This restriction can be worked around by declaring two separate analyzers which share the same grammar, but analyze different traffic. The analyzers might even produce identical data and only differ artificially in name (e.g., OpenVPN_TCP and OpenVPN_UDP in zeek/spicy-analyzers); these names also appear in user-visible Zeek logs.
We should consider extending the EVT glue layer so protocol analyzers can be declared which could analyze both TCP and UDP.
The text was updated successfully, but these errors were encountered:
Currently a protocol analyzer needs to be declared to analyze either TCP or UDP traffic, and it is e.g., not possible to declare a Spicy analyzer which can analyze both TCP or UDP.
This restriction can be worked around by declaring two separate analyzers which share the same grammar, but analyze different traffic. The analyzers might even produce identical data and only differ artificially in name (e.g.,
OpenVPN_TCPandOpenVPN_UDPin zeek/spicy-analyzers); these names also appear in user-visible Zeek logs.We should consider extending the EVT glue layer so protocol analyzers can be declared which could analyze both TCP and UDP.
The text was updated successfully, but these errors were encountered: