hi all ;
i am new and i don't have experience with zeek
i try to test this script to detect dns cache poisoning with zeek :
global query_and_id: set[string, int] &write_expire=1min;
event dns_query_reply (c: connection, msg: dns_msg, query: string, qtype: count, qclass: count)
{
if([c$dns$query , c$dns$trans_id] in query_and_id){
print fmt ("Possible DNS cache poisoning attempt --> Source IP: %s, Destination IP: %s, Query: %s", c$id$orig_h, c$id$resp_h, c$dns$query);
return;
}
if(!([c$dns$query, c$dns$trans_id] in query_and_id)){
add query_and_id[c$dns$query, c$dns$trans_id];
}
}
but when i try this script i face this issue
1462583138.084234 expression error in ././try.zeek, line 5: field value missing (c$dns$query)
any help plz