Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

A few more changes to handling encryption in RDP.

Browse source
This commit is contained in:
Seth Hall 2015-03-05 13:38:54 -05:00
parent b92a68e2bd
commit 276e072e6e
6 changed files with 54 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path rdp
#open 2015-03-05-05-25-45
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent selected_security_protocol encryption_level encryption_method
#types time string addr port addr port string string string string string string count count string string count bool string string string
1297551041.284715 CXWv6p3arKYeMETxOg 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI - - - - - - - - - 0 - HYBRID - -
1297551078.958821 CjhGID4nQcgTWjvg4c 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI - - - - - - - - - 0 - HYBRID - -
#close 2015-03-05-05-25-45
#open 2015-03-05-18-38-05
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method
#types time string addr port addr port string string string string string string string count count string string count bool string string
1297551041.284715 CXWv6p3arKYeMETxOg 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - 0 - - -
1297551078.958821 CjhGID4nQcgTWjvg4c 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - 0 - - -
#close 2015-03-05-18-38-05