From cc314084a882e2bf99ce59661011a097f1bc1961 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 8 Nov 2013 16:47:22 -0500
Subject: [PATCH 1/2] Fix the irc_reply event for several server message types.

---
 src/analyzer/protocol/irc/IRC.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc
index 71f591635f..d175e447fe 100644
--- a/src/analyzer/protocol/irc/IRC.cc
+++ b/src/analyzer/protocol/irc/IRC.cc
@@ -164,7 +164,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 	if ( code > 0 )
 		{
 		switch ( code ) {
-		// Ignore unimportant messages.
+		/*
 		case 1: // RPL_WELCOME
 		case 2: // RPL_YOURHOST
 		case 3: // RPL_CREATED
@@ -183,7 +183,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		case 376: // RPL_ENDOFMOTD
 		case 331: // RPL_NOTOPIC
 			break;
-
+		*/
+		
 		// Count of users, services and servers in whole network.
 		case 251:
 			if ( ! irc_network_info )

From 6d782e6834f91d5151c4f1312d3322ac2ade595f Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Thu, 5 Dec 2013 15:05:11 -0500
Subject: [PATCH 2/2] Updated software framework to support parsing IE11
 user-agent strings.

---
 scripts/base/frameworks/software/main.bro                   | 4 +++-
 .../scripts.base.frameworks.software.version-parsing/output | 2 ++
 .../scripts/base/frameworks/software/version-parsing.bro    | 6 ++++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.bro
index 5080c9f888..c8f413a8f2 100644
--- a/scripts/base/frameworks/software/main.bro
+++ b/scripts/base/frameworks/software/main.bro
@@ -209,7 +209,7 @@ function parse_mozilla(unparsed_version: string): Description
 		if ( 2 in parts )
 			v = parse(parts[2])$version;
 		}
-	else if ( / MSIE / in unparsed_version )
+	else if ( / MSIE |Trident\// in unparsed_version )
 		{
 		software_name = "MSIE";
 		if ( /Trident\/4\.0/ in unparsed_version )
@@ -218,6 +218,8 @@ function parse_mozilla(unparsed_version: string): Description
 			v = [$major=9,$minor=0];
 		else if ( /Trident\/6\.0/ in unparsed_version )
 			v = [$major=10,$minor=0];
+		else if ( /Trident\/7\.0/ in unparsed_version )
+			v = [$major=11,$minor=0];
 		else
 			{
 			parts = split_all(unparsed_version, /MSIE [0-9]{1,2}\.*[0-9]*b?[0-9]*/);
diff --git a/testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output b/testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output
index f172268aa6..77a9f59510 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output
+++ b/testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output
@@ -2,6 +2,7 @@ success on: Apache/1.3.19 (Unix)
 success on: Python-urllib/3.1
 success on: Apache
 success on: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Creative AutoUpdate v1.40.02)
+success on: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C)
 success on: Java/1.6.0_13
 success on: Wget/1.11.4 (Red Hat modified)
 success on: curl/7.15.1 (i486-pc-linux-gnu) libcurl/7.15.1 OpenSSL/0.9.8a zlib/1.2.3 libidn/0.5.18
@@ -38,6 +39,7 @@ success on: Mozilla/5.0 (Linux; U; Android 2.3.3; zh-tw; HTC Pyramid Build/GRI40
 success on: wu-2.6.2(1)
 success on: Opera/9.80 (J2ME/MIDP; Opera Mini/5.0.18741/18.794; U; en) Presto/2.4.15
 success on: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; InfoPath.3)
+success on: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
 success on: Flash/10,2,153,1
 success on: CacheFlyServe v26b
 success on: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.11) Gecko/20101013 Lightning/1.0b2 Thunderbird/3.1.5
diff --git a/testing/btest/scripts/base/frameworks/software/version-parsing.bro b/testing/btest/scripts/base/frameworks/software/version-parsing.bro
index 2b406f22b8..19a803cafe 100644
--- a/testing/btest/scripts/base/frameworks/software/version-parsing.bro
+++ b/testing/btest/scripts/base/frameworks/software/version-parsing.bro
@@ -91,6 +91,12 @@ global matched_software: table[string] of Software::Description = {
 		[$name="MSIE", $version=[$major=9,$minor=0], $unparsed_version=""],
 	["Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"] =
 		[$name="MSIE", $version=[$major=10,$minor=0], $unparsed_version=""],
+	# IE 11 normal mode.
+	["Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"] =
+		[$name="MSIE", $version=[$major=11,$minor=0], $unparsed_version=""],
+	# IE 11 compatibility mode
+	["Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C)"] =
+		[$name="MSIE", $version=[$major=11,$minor=0], $unparsed_version=""],
 	["The Bat! (3.0.1 RC3) Professional"] =
 		[$name="The Bat!", $version=[$major=3,$minor=0,$minor2=1,$addl="RC3"], $unparsed_version=""],
 	# This is an FTP client (found with CLNT command)