Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

NTP: Detect out-of-order packets

Browse source 
The NTP mode provides us with the identity of the endpoints. For the
simple CLIENT / SERVER modes, flip the connection if we detect
orig/resp disagreeing with what the message says. This mainly
results in the history getting a ^ and the ntp.log / conn.log
showing the corrected endpoints.

Closes #2998.
This commit is contained in:
Arne Welzel 2023-05-04 17:23:14 +02:00
parent 12252743b1
commit 2c8b97c522
8 changed files with 66 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/Baseline/scripts.base.protocols.ntp.misordered-ntp/ntp.log Normal file
View file

@ -0,0 +1,12 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ntp
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version mode stratum poll precision root_delay root_disp ref_id ref_time org_time rec_time xmt_time num_exts
#types time string addr port addr port count count count interval interval interval interval string time time time time count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.95 123 17.253.4.253 123 4 4 1 256.000000 0.000001 0.000000 0.000992 GPSs XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 0
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.95 123 17.253.4.253 123 4 3 0 256.000000 1.000000 0.000000 0.000000 \x00\x00\x00\x00 0.000000 0.000000 0.000000 XXXXXXXXXX.XXXXXX 0
#close XXXX-XX-XX-XX-XX-XX