Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 20:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Adding more dcerpc operations and fixing a bug with how log records are handled.

Browse source
This commit is contained in:
Seth Hall 2016-04-01 10:16:02 -04:00
parent e70a528ad6
commit 086519e851
2 changed files with 44 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
scripts/base/protocols/dce-rpc/main.bro
View file

@ -80,9 +80,9 @@ event dce_rpc_request(c: connection, opnum: count, stub: string) &priority=5
{
set_session(c);
if ( c?$dce_rpc && c$dce_rpc?$endpoint )
if ( c?$dce_rpc )
{
c$dce_rpc$ts = network_time();
}
}
@ -95,8 +95,15 @@ event dce_rpc_response(c: connection, opnum: count, stub: string) &priority=5
c$dce_rpc$operation = operations[c$dce_rpc$uuid, opnum];
if ( c$dce_rpc$ts != network_time() )
c$dce_rpc$rtt = network_time() - c$dce_rpc$ts;
}
}
event dce_rpc_response(c: connection, opnum: count, stub: string) &priority=-5
{
if ( c?$dce_rpc )
{
Log::write(LOG, c$dce_rpc);
delete c$dce_rpc;
}
}