Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Analyzer and bro script for RFB protocol (VNC)

Browse source 
This analyzer parses the Remote Frame Buffer
protocol, usually referred to as the 'VNC protocol'.

It supports several dialects (3.3, 3.7, 3.8) and
also handles the Apple Remote Desktop variant.

It will log such facts as client/server versions,
authentication method used, authentication result,
height, width and name of the shared screen.

It also includes two testcases.

Todo: Apple Remote Desktop seems to have some
bytes prepended to the screen name. This is
not interepreted correctly.
This commit is contained in:
Martin van Hensbergen 2016-04-11 10:35:00 +02:00
parent 8650841bf5
commit 849875e8be
19 changed files with 766 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
scripts/base/init-default.bro
View file

@ -55,6 +55,7 @@
@load base/protocols/pop3
@load base/protocols/radius
@load base/protocols/rdp
@load base/protocols/rfb
@load base/protocols/sip
@load base/protocols/snmp
@load base/protocols/smtp