Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Lots of cleanup and improvement to DCE/RPC analyzer.

Browse source 
- It works with DCE/RPC over SMB1+2 now.
   - Using named pipes in 1+2 and the transaction cmd in SMB1.
 - Base scripts based on work by Josh Liburdi.
 - New dce_rpc.log.  Feedback on how to make this log more compact
   and useful would be appreciated.
This commit is contained in:
Seth Hall 2016-04-01 09:38:52 -04:00
parent d249b76390
commit 5721db4be7
31 changed files with 1890 additions and 1819 deletions
Download patch file Download diff file Expand all files Collapse all files

5
testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test Normal file
View file

@ -0,0 +1,5 @@
# @TEST-EXEC: bro -b -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT
# @TEST-EXEC: btest-diff dce_rpc.log
@load base/protocols/dce-rpc
@load base/protocols/smb