mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Add basic LLC, SNAP, and Novell 802.3 packet analyzers
This commit is contained in:
Tim Wojtulewicz
Tim Wojtulewicz
parent
31afe082ac
commit
7e88a2b3fb
30 changed files with 527 additions and 171 deletions
|
|
@ -714,6 +714,10 @@
|
|||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_ROOT, 276, PacketAnalyzer::ANALYZER_LINUXSLL2)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_SNAP, 2048, PacketAnalyzer::ANALYZER_IP)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_SNAP, 2054, PacketAnalyzer::ANALYZER_ARP)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_SNAP, 32821, PacketAnalyzer::ANALYZER_ARP)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_SNAP, 34525, PacketAnalyzer::ANALYZER_IP)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 2123, PacketAnalyzer::ANALYZER_GTPV1)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 2152, PacketAnalyzer::ANALYZER_GTPV1)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 3544, PacketAnalyzer::ANALYZER_TEREDO)) -> <no result>
|
||||
|
|
@ -1117,6 +1121,7 @@
|
|||
0.000000 MetaHookPost LoadFile(0, base<...>/krb, <...>/krb) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/linux_sll, <...>/linux_sll) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/linux_sll2, <...>/linux_sll2) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/llc, <...>/llc) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/logging, <...>/logging) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/logging.bif, <...>/logging.bif.zeek) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/main, <...>/main.zeek) -> -1
|
||||
|
|
@ -1129,6 +1134,7 @@
|
|||
0.000000 MetaHookPost LoadFile(0, base<...>/netcontrol, <...>/netcontrol) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/nflog, <...>/nflog) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/notice, <...>/notice) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/novell_802_3, <...>/novell_802_3) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/ntlm, <...>/ntlm) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/ntp, <...>/ntp) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/null, <...>/null) -> -1
|
||||
|
|
@ -1159,6 +1165,7 @@
|
|||
0.000000 MetaHookPost LoadFile(0, base<...>/skip, <...>/skip) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/smb, <...>/smb) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/smtp, <...>/smtp) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/snap, <...>/snap) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/snmp, <...>/snmp) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/socks, <...>/socks) -> -1
|
||||
0.000000 MetaHookPost LoadFile(0, base<...>/software, <...>/software) -> -1
|
||||
|
|
@ -1507,6 +1514,7 @@
|
|||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/krb, <...>/krb) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/linux_sll, <...>/linux_sll) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/linux_sll2, <...>/linux_sll2) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/llc, <...>/llc) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/logging, <...>/logging) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/logging.bif, <...>/logging.bif.zeek) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/main, <...>/main.zeek) -> (-1, <no content>)
|
||||
|
|
@ -1519,6 +1527,7 @@
|
|||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/netcontrol, <...>/netcontrol) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/nflog, <...>/nflog) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/notice, <...>/notice) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/novell_802_3, <...>/novell_802_3) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/ntlm, <...>/ntlm) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/ntp, <...>/ntp) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/null, <...>/null) -> (-1, <no content>)
|
||||
|
|
@ -1549,6 +1558,7 @@
|
|||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/skip, <...>/skip) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/smb, <...>/smb) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/smtp, <...>/smtp) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/snap, <...>/snap) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/snmp, <...>/snmp) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/socks, <...>/socks) -> (-1, <no content>)
|
||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/software, <...>/software) -> (-1, <no content>)
|
||||
|
|
@ -2316,6 +2326,10 @@
|
|||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG))
|
||||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_ROOT, 276, PacketAnalyzer::ANALYZER_LINUXSLL2))
|
||||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL))
|
||||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_SNAP, 2048, PacketAnalyzer::ANALYZER_IP))
|
||||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_SNAP, 2054, PacketAnalyzer::ANALYZER_ARP))
|
||||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_SNAP, 32821, PacketAnalyzer::ANALYZER_ARP))
|
||||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_SNAP, 34525, PacketAnalyzer::ANALYZER_IP))
|
||||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 2123, PacketAnalyzer::ANALYZER_GTPV1))
|
||||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 2152, PacketAnalyzer::ANALYZER_GTPV1))
|
||||
0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, <frame>, (PacketAnalyzer::ANALYZER_UDP, 3544, PacketAnalyzer::ANALYZER_TEREDO))
|
||||
|
|
@ -2719,6 +2733,7 @@
|
|||
0.000000 MetaHookPre LoadFile(0, base<...>/krb, <...>/krb)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/linux_sll, <...>/linux_sll)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/linux_sll2, <...>/linux_sll2)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/llc, <...>/llc)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/logging, <...>/logging)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/logging.bif, <...>/logging.bif.zeek)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/main, <...>/main.zeek)
|
||||
|
|
@ -2731,6 +2746,7 @@
|
|||
0.000000 MetaHookPre LoadFile(0, base<...>/netcontrol, <...>/netcontrol)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/nflog, <...>/nflog)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/notice, <...>/notice)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/novell_802_3, <...>/novell_802_3)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/ntlm, <...>/ntlm)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/ntp, <...>/ntp)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/null, <...>/null)
|
||||
|
|
@ -2761,6 +2777,7 @@
|
|||
0.000000 MetaHookPre LoadFile(0, base<...>/skip, <...>/skip)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/smb, <...>/smb)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/smtp, <...>/smtp)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/snap, <...>/snap)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/snmp, <...>/snmp)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/socks, <...>/socks)
|
||||
0.000000 MetaHookPre LoadFile(0, base<...>/software, <...>/software)
|
||||
|
|
@ -3109,6 +3126,7 @@
|
|||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/krb, <...>/krb)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/linux_sll, <...>/linux_sll)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/linux_sll2, <...>/linux_sll2)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/llc, <...>/llc)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/logging, <...>/logging)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/logging.bif, <...>/logging.bif.zeek)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/main, <...>/main.zeek)
|
||||
|
|
@ -3121,6 +3139,7 @@
|
|||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/netcontrol, <...>/netcontrol)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/nflog, <...>/nflog)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/notice, <...>/notice)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/novell_802_3, <...>/novell_802_3)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/ntlm, <...>/ntlm)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/ntp, <...>/ntp)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/null, <...>/null)
|
||||
|
|
@ -3151,6 +3170,7 @@
|
|||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/skip, <...>/skip)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/smb, <...>/smb)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/smtp, <...>/smtp)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/snap, <...>/snap)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/snmp, <...>/snmp)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/socks, <...>/socks)
|
||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/software, <...>/software)
|
||||
|
|
@ -3917,6 +3937,10 @@
|
|||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG)
|
||||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 276, PacketAnalyzer::ANALYZER_LINUXSLL2)
|
||||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL)
|
||||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_SNAP, 2048, PacketAnalyzer::ANALYZER_IP)
|
||||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_SNAP, 2054, PacketAnalyzer::ANALYZER_ARP)
|
||||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_SNAP, 32821, PacketAnalyzer::ANALYZER_ARP)
|
||||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_SNAP, 34525, PacketAnalyzer::ANALYZER_IP)
|
||||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 2123, PacketAnalyzer::ANALYZER_GTPV1)
|
||||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 2152, PacketAnalyzer::ANALYZER_GTPV1)
|
||||
0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 3544, PacketAnalyzer::ANALYZER_TEREDO)
|
||||
|
|
@ -4332,6 +4356,7 @@
|
|||
0.000000 | HookLoadFile base<...>/krb <...>/krb
|
||||
0.000000 | HookLoadFile base<...>/linux_sll <...>/linux_sll
|
||||
0.000000 | HookLoadFile base<...>/linux_sll2 <...>/linux_sll2
|
||||
0.000000 | HookLoadFile base<...>/llc <...>/llc
|
||||
0.000000 | HookLoadFile base<...>/logging <...>/logging
|
||||
0.000000 | HookLoadFile base<...>/logging.bif <...>/logging.bif.zeek
|
||||
0.000000 | HookLoadFile base<...>/main <...>/main.zeek
|
||||
|
|
@ -4344,6 +4369,7 @@
|
|||
0.000000 | HookLoadFile base<...>/netcontrol <...>/netcontrol
|
||||
0.000000 | HookLoadFile base<...>/nflog <...>/nflog
|
||||
0.000000 | HookLoadFile base<...>/notice <...>/notice
|
||||
0.000000 | HookLoadFile base<...>/novell_802_3 <...>/novell_802_3
|
||||
0.000000 | HookLoadFile base<...>/ntlm <...>/ntlm
|
||||
0.000000 | HookLoadFile base<...>/ntp <...>/ntp
|
||||
0.000000 | HookLoadFile base<...>/null <...>/null
|
||||
|
|
@ -4374,6 +4400,7 @@
|
|||
0.000000 | HookLoadFile base<...>/skip <...>/skip
|
||||
0.000000 | HookLoadFile base<...>/smb <...>/smb
|
||||
0.000000 | HookLoadFile base<...>/smtp <...>/smtp
|
||||
0.000000 | HookLoadFile base<...>/snap <...>/snap
|
||||
0.000000 | HookLoadFile base<...>/snmp <...>/snmp
|
||||
0.000000 | HookLoadFile base<...>/socks <...>/socks
|
||||
0.000000 | HookLoadFile base<...>/software <...>/software
|
||||
|
|
@ -4722,6 +4749,7 @@
|
|||
0.000000 | HookLoadFileExtended base<...>/krb <...>/krb
|
||||
0.000000 | HookLoadFileExtended base<...>/linux_sll <...>/linux_sll
|
||||
0.000000 | HookLoadFileExtended base<...>/linux_sll2 <...>/linux_sll2
|
||||
0.000000 | HookLoadFileExtended base<...>/llc <...>/llc
|
||||
0.000000 | HookLoadFileExtended base<...>/logging <...>/logging
|
||||
0.000000 | HookLoadFileExtended base<...>/logging.bif <...>/logging.bif.zeek
|
||||
0.000000 | HookLoadFileExtended base<...>/main <...>/main.zeek
|
||||
|
|
@ -4734,6 +4762,7 @@
|
|||
0.000000 | HookLoadFileExtended base<...>/netcontrol <...>/netcontrol
|
||||
0.000000 | HookLoadFileExtended base<...>/nflog <...>/nflog
|
||||
0.000000 | HookLoadFileExtended base<...>/notice <...>/notice
|
||||
0.000000 | HookLoadFileExtended base<...>/novell_802_3 <...>/novell_802_3
|
||||
0.000000 | HookLoadFileExtended base<...>/ntlm <...>/ntlm
|
||||
0.000000 | HookLoadFileExtended base<...>/ntp <...>/ntp
|
||||
0.000000 | HookLoadFileExtended base<...>/null <...>/null
|
||||
|
|
@ -4764,6 +4793,7 @@
|
|||
0.000000 | HookLoadFileExtended base<...>/skip <...>/skip
|
||||
0.000000 | HookLoadFileExtended base<...>/smb <...>/smb
|
||||
0.000000 | HookLoadFileExtended base<...>/smtp <...>/smtp
|
||||
0.000000 | HookLoadFileExtended base<...>/snap <...>/snap
|
||||
0.000000 | HookLoadFileExtended base<...>/snmp <...>/snmp
|
||||
0.000000 | HookLoadFileExtended base<...>/socks <...>/socks
|
||||
0.000000 | HookLoadFileExtended base<...>/software <...>/software
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue