Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

A few more changes to handling encryption in RDP.

Browse source
This commit is contained in:
Seth Hall 2015-03-05 13:38:54 -05:00
parent b92a68e2bd
commit 276e072e6e
6 changed files with 54 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

10
testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path rdp
#open 2015-03-05-05-26-13
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent selected_security_protocol encryption_level encryption_method
#types time string addr port addr port string string string string string string count count string string count bool string string string
1423755598.202845 CXWv6p3arKYeMETxOg 192.168.1.1 54990 192.168.1.2 3389 JOHN-PC Success English - United States RDP 8.1 JOHN-PC-LAPTOP 3c571ed0-3415-474b-ae94-74e151b 1920 1080 16bit X.509 2 F RDP Client compatible 128bit
#close 2015-03-05-05-26-13
#open 2015-03-05-18-38-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method
#types time string addr port addr port string string string string string string string count count string string count bool string string
1423755598.202845 CXWv6p3arKYeMETxOg 192.168.1.1 54990 192.168.1.2 3389 JOHN-PC Success RDP English - United States RDP 8.1 JOHN-PC-LAPTOP 3c571ed0-3415-474b-ae94-74e151b 1920 1080 16bit X.509 2 F Client compatible 128bit
#close 2015-03-05-18-38-10