spicy-redis: Add dpd signature and clean pcaps

2025-10-02 06:38:20 +00:00 · 2024-11-26 11:13:12 -05:00 · 2024-11-26 11:13:12 -05:00 · 7f28ec8bc5
commit 7f28ec8bc5
parent f0e9f46c7c
66 changed files with 572 additions and 554 deletions
--- a/scripts/base/protocols/redis/load.zeek
+++ b/scripts/base/protocols/redis/load.zeek
@ -1 +1,3 @@
@load ./main
+
+@load-sigs ./dpd.sig
--- a/scripts/base/protocols/redis/dpd.sig
+++ b/scripts/base/protocols/redis/dpd.sig
@ -0,0 +1,16 @@
+signature resp-client {
+  ip-proto == tcp
+  payload /^.*\r\n/
+  tcp-state originator
+  requires-reverse-signature resp-serialized-server
+  event "Found possible Redis client data"
+  enable "spicy_Redis"
+}
+
+signature resp-serialized-server {
+  ip-proto == tcp
+  payload /^([-+_,].*\r\n|[:$*#(!=%`~>][+-]?[0-9]+(\.[0-9]*)?\r\n)/
+  tcp-state responder
+  event "Found Redis server data"
+  enable "spicy_Redis"
+}
--- a/scripts/base/protocols/redis/main.zeek
+++ b/scripts/base/protocols/redis/main.zeek
@ -1,4 +1,5 @@
@load base/protocols/conn/removal-hooks
+@load base/frameworks/signatures

 module Redis;