Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 03:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #324 from zeek/topic/jsiwek/gh-320

Browse source 
Improve RFB (VNC) protocol parsing
This commit is contained in:
Seth Hall 2019-06-28 17:27:16 -04:00 committed by GitHub
commit 9795782ecb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 579 additions and 172 deletions
Download patch file Download diff file Expand all files Collapse all files

10
testing/btest/Baseline/scripts.base.protocols.rfb.vnc-scanner/rfb.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path rfb
#open 2019-04-03-20-57-33
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p client_major_version client_minor_version server_major_version server_minor_version authentication_method auth share_flag desktop_name width height
#types time string addr port addr port string string string string string bool bool string count count
1551120432.417278 CHhAvVGS1DHFjwGM9 192.168.0.11 46381 10.0.0.149 5900 003 008 003 008 VNC F - - - -
#close 2019-04-03-20-57-33

BIN
testing/btest/Traces/rfb/vnc-scanner.pcap Normal file
View file

Binary file not shown.

4
testing/btest/scripts/base/protocols/rfb/vnc-scanner.bro Normal file
View file

@ -0,0 +1,4 @@
# @TEST-EXEC: zeek -C -r $TRACES/rfb/vnc-scanner.pcap
# @TEST-EXEC: btest-diff rfb.log
@load base/protocols/rfb