mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 17:48:21 +00:00
Fixing well-known port.
This fixes the remaining test.
This commit is contained in:
Robin Sommer
parent
0e7f51f78c
commit
36c2433075
3 changed files with 77 additions and 8 deletions
|
|
@ -1,14 +1,8 @@
|
||||||
|
|
||||||
signature dpd_dnp3_client {
|
# DNP3 packets always starts with 0x05 0x64 .
|
||||||
ip-proto == tcp
|
|
||||||
# dnp3 packets always starts with 0x05 0x64 .
|
|
||||||
payload /\x05\0x64/
|
|
||||||
tcp-state originator
|
|
||||||
}
|
|
||||||
|
|
||||||
signature dpd_dnp3_server {
|
signature dpd_dnp3_server {
|
||||||
ip-proto == tcp
|
ip-proto == tcp
|
||||||
# dnp3 packets always starts with 0x05 0x64 .
|
|
||||||
payload /\x05\x64/
|
payload /\x05\x64/
|
||||||
tcp-state responder
|
tcp-state responder
|
||||||
enable "dnp3"
|
enable "dnp3"
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@ redef record connection += {
|
||||||
dnp3: Info &optional;
|
dnp3: Info &optional;
|
||||||
};
|
};
|
||||||
|
|
||||||
const ports = { 502/tcp };
|
const ports = { 20000/tcp };
|
||||||
redef likely_server_ports += { ports };
|
redef likely_server_ports += { ports };
|
||||||
|
|
||||||
event bro_init() &priority=5
|
event bro_init() &priority=5
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,75 @@
|
||||||
|
#separator \x09
|
||||||
|
#set_separator ,
|
||||||
|
#empty_field (empty)
|
||||||
|
#unset_field -
|
||||||
|
#path dnp3
|
||||||
|
#open 2013-08-11-22-53-35
|
||||||
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
|
||||||
|
#types time string addr port addr port string string count
|
||||||
|
1097501938.504844 UWkUyAuUGXf 10.0.0.8 2789 10.0.0.3 20000 - UNSOLICITED_RESPONSE 4096
|
||||||
|
1097501941.569134 UWkUyAuUGXf 10.0.0.8 2789 10.0.0.3 20000 WRITE RESPONSE 0
|
||||||
|
1097502061.912093 UWkUyAuUGXf 10.0.0.8 2789 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 0
|
||||||
|
1097502623.047417 arKYeMETxOg 10.0.0.8 2803 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097504102.257400 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 - UNSOLICITED_RESPONSE 4096
|
||||||
|
1097504103.409070 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 WRITE RESPONSE 0
|
||||||
|
1097504186.667107 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 ENABLE_UNSOLICITED RESPONSE 0
|
||||||
|
1097504195.106257 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097504196.566493 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
|
||||||
|
1097504197.887726 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
|
||||||
|
1097504199.597084 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
|
||||||
|
1097504200.719510 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
|
||||||
|
1097504202.513608 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
|
||||||
|
1097504203.324245 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
|
||||||
|
1097504204.663060 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
|
||||||
|
1097504205.750705 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
|
||||||
|
1097504210.792443 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
|
||||||
|
1097504223.905294 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 COLD_RESTART RESPONSE 0
|
||||||
|
1097505719.083365 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 COLD_RESTART UNSOLICITED_RESPONSE 0
|
||||||
|
1097505719.083898 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097505719.084451 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - RESPONSE 0
|
||||||
|
1097505754.654239 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 READ RESPONSE 32768
|
||||||
|
1097505754.654731 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 32768
|
||||||
|
1097505754.756391 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 32768
|
||||||
|
1097505754.864882 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 WRITE RESPONSE 0
|
||||||
|
1097505754.977534 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 READ RESPONSE 0
|
||||||
|
1097505769.716268 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097505784.797836 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097505799.908753 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097505839.916865 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097505880.043946 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097505920.204187 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097505960.308661 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097506000.396024 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097506013.373353 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 ENABLE_UNSOLICITED RESPONSE 0
|
||||||
|
1097506013.373850 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097506020.703162 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 ENABLE_UNSOLICITED RESPONSE 0
|
||||||
|
1097506028.446245 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
|
||||||
|
1097507785.885063 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 - UNSOLICITED_RESPONSE 36864
|
||||||
|
1097507788.624309 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 36864
|
||||||
|
1097507788.834395 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WRITE RESPONSE 32768
|
||||||
|
1097507788.944297 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 32768
|
||||||
|
1097507789.167700 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WRITE RESPONSE 32768
|
||||||
|
1097507789.274806 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 32768
|
||||||
|
1097507789.484975 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WRITE RESPONSE 0
|
||||||
|
1097507789.797226 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 READ RESPONSE 0
|
||||||
|
1097507835.030339 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WARM_RESTART RESPONSE 0
|
||||||
|
1097507856.091024 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WARM_RESTART RESPONSE 0
|
||||||
|
1097510947.094289 TEfuqmmG4bh 10.0.0.8 1159 10.0.0.3 20000 - UNSOLICITED_RESPONSE 256
|
||||||
|
1097510959.359091 TEfuqmmG4bh 10.0.0.8 1159 10.0.0.3 20000 DISABLE_UNSOLICITED - -
|
||||||
|
1097512255.236054 FrJExwHcSal 10.0.0.8 1184 10.0.0.3 20000 - UNSOLICITED_RESPONSE 4096
|
||||||
|
1097512264.723894 FrJExwHcSal 10.0.0.8 1184 10.0.0.3 20000 STOP_APPL RESPONSE 4097
|
||||||
|
1097512267.537969 FrJExwHcSal 10.0.0.8 1184 10.0.0.3 20000 STOP_APPL RESPONSE 4097
|
||||||
|
1097513177.297272 5OKnoww6xl4 10.0.0.9 1084 10.0.0.3 20000 - UNSOLICITED_RESPONSE 38145
|
||||||
|
1097513182.837583 5OKnoww6xl4 10.0.0.9 1084 10.0.0.3 20000 STOP_APPL - -
|
||||||
|
1178205958.184068 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 0
|
||||||
|
1178205982.425227 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
|
||||||
|
1178205984.486492 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
|
||||||
|
1178205985.311235 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
|
||||||
|
1178205986.029976 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
|
||||||
|
1178205986.556099 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
|
||||||
|
1178206042.953163 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
|
||||||
|
1178206044.500956 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
|
||||||
|
1178206045.032815 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
|
||||||
|
1178206045.557097 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
|
||||||
|
1178206046.086403 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
|
||||||
|
#close 2013-08-11-22-53-36
|
||||||
Loading…
Add table
Add a link
Reference in a new issue