diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index c343466ca3..3709238405 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -37,6 +37,7 @@ type SSH_Key_Exchange(is_orig: bool) = record { key_ex: case $context.connection.get_version() of { SSH1 -> ssh1_msg : SSH1_Key_Exchange(is_orig, packet_length); SSH2 -> ssh2_msg : SSH2_Key_Exchange(is_orig, packet_length); + default -> terminate : bytestring &restofdata &transient; }; } &length = $context.flow.get_kex_length($context.connection.get_version(), packet_length); @@ -381,32 +382,32 @@ refine connection SSH_Conn += { } } - if ( version_server_ == version_client_ ) - { - // SSH199 vs SSH199 -> 2 - if (version_server_ == SSH199 ) - version_ = SSH2; - else - version_ = version_server_; - } - // SSH1 vs SSH2 -> Undefined - else if ( version_client_ == SSH1 && version_server_ == SSH2 ) - version_ = UNK; - // SSH2 vs SSH1 -> Undefined - else if ( version_client_ == SSH2 && version_server_ == SSH1 ) - version_ = UNK; - // SSH199 vs SSH2 -> 2 - else if ( version_client_ == SSH199 && version_server_ == SSH2 ) - version_ = version_server_; - // SSH2 vs SSH199 -> 2 - else if ( version_client_ == SSH2 && version_server_ == SSH199 ) - version_ = version_client_; - // SSH1 vs SSH199 -> 1 - else if ( version_client_ == SSH1 && version_server_ == SSH199 ) - version_ = version_client_; - // SSH199 vs SSH1 -> 1 - else if ( version_client_ == SSH199 && version_server_ == SSH1 ) + if ( version_server_ == version_client_ ) + { + // SSH199 vs SSH199 -> 2 + if (version_server_ == SSH199 ) + version_ = SSH2; + else version_ = version_server_; + } + // SSH1 vs SSH2 -> Undefined + else if ( version_client_ == SSH1 && version_server_ == SSH2 ) + version_ = UNK; + // SSH2 vs SSH1 -> Undefined + else if ( version_client_ == SSH2 && version_server_ == SSH1 ) + version_ = UNK; + // SSH199 vs SSH2 -> 2 + else if ( version_client_ == SSH199 && version_server_ == SSH2 ) + version_ = version_server_; + // SSH2 vs SSH199 -> 2 + else if ( version_client_ == SSH2 && version_server_ == SSH199 ) + version_ = version_client_; + // SSH1 vs SSH199 -> 1 + else if ( version_client_ == SSH1 && version_server_ == SSH199 ) + version_ = version_client_; + // SSH199 vs SSH1 -> 1 + else if ( version_client_ == SSH199 && version_server_ == SSH1 ) + version_ = version_server_; return true; %} diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/.stdout new file mode 100644 index 0000000000..49d861c74c --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/.stdout @@ -0,0 +1 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/conn.log b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/conn.log new file mode 100644 index 0000000000..c622ecb83b --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/conn.log @@ -0,0 +1,35 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 tcp - 3.435401 2493 0 S0 T F 0 SAD 19 3493 0 0 - +XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.1.79 51880 131.159.21.1 22 tcp - 1.025500 176 0 SH T F 0 DAF 6 488 0 0 - +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 tcp - 0.098697 4453 0 S0 T T 0 SAD 21 5557 0 0 - +XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.2.1 57189 192.168.2.158 22 tcp - 1.381169 800 0 SH T T 0 DAF 17 1684 0 0 - +XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.1 57191 192.168.2.158 22 tcp - 3.862306 576 0 SH T T 0 SADF 23 1784 0 0 - +XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 tcp - 4.320795 428 0 S0 T T 0 SAD 13 1116 0 0 - +XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 192.168.2.1 56594 192.168.2.158 22 tcp - 1.689473 52 0 SH T T 0 DAF 4 260 0 0 - +XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.1 56821 192.168.2.158 22 tcp - 1.106422 820 0 SH T T 0 SADF 26 2184 0 0 - +XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.1 56837 192.168.2.158 22 tcp - 1.080790 692 0 SH T T 0 SADF 25 2004 0 0 - +XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.1 56845 192.168.2.158 22 tcp - 1.302572 660 0 SH T T 0 SADF 26 2024 0 0 - +XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.1 56875 192.168.2.158 22 tcp - 3.431977 484 0 S0 T T 0 SAD 12 1120 0 0 - +XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 192.168.2.1 56875 192.168.2.158 22 tcp - 6.130941 104 0 SH T T 0 ADF 7 468 0 0 - +XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 192.168.2.1 56878 192.168.2.158 22 tcp - 3.629091 684 0 SH T T 0 SADF 25 1996 0 0 - +XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.1 56940 192.168.2.158 22 tcp - 0.104996 500 0 SH T T 0 SADF 14 1240 0 0 - +XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 192.168.2.1 57831 192.168.2.158 22 tcp - 2.758921 576 0 SH T T 0 SADF 23 1784 0 0 - +XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 192.168.2.1 59246 192.168.2.158 22 tcp - 3.076782 3049 0 SH T T 0 SADF 32 4725 0 0 - +XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.1.32 41164 128.2.10.238 22 tcp - 4.616008 5335 0 S0 T F 0 SAD 20 6383 0 0 - +XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 192.168.1.32 41164 128.2.10.238 22 tcp - 1.029134 752 0 SH T F 0 DAF 12 1376 0 0 - +XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.1.32 33910 128.2.13.133 22 tcp - 1.910986 6471 0 SH T F 0 SADF 33 8195 0 0 - +XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.1.32 41268 128.2.10.238 22 tcp - 2.710803 5613 0 SH T F 0 SADF 24 6869 0 0 - +XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.1.31 52294 192.168.1.32 22 tcp - 3.660293 3729 0 SH T T 0 SADF 36 5613 0 0 - +XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 192.168.1.31 51489 192.168.1.32 22 tcp - 4.927993 4029 0 SH T T 0 SADF 42 6249 0 0 - +XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 tcp - 0.587625 2885 0 SH T F 0 SADF 16 3725 0 0 - +XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 tcp - 2.236752 4477 0 SH T F 0 SADF 179 13793 0 0 - +XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 tcp - 2.066453 4477 0 SH T F 0 SADF 183 14001 0 0 - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/ssh.log b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/ssh.log new file mode 100644 index 0000000000..6a37182760 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/ssh.log @@ -0,0 +1,30 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssh +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success auth_attempts direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key +#types time string addr port addr port count bool count enum string string string string string string string string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 - - 0 OUTBOUND SSH-2.0-OpenSSH_5.9 - - - - - - - +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 - - 0 - SSH-2.0-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.1 57191 192.168.2.158 22 - - 0 - SSH-1.5-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 - - 0 - SSH-1.5-OpenSSH_5.3 - - - - - - - +XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.1 56821 192.168.2.158 22 - - 0 - SSH-1.5-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.1 56837 192.168.2.158 22 - - 0 - SSH-1.5-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.1 56845 192.168.2.158 22 - - 0 - SSH-1.5-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.1 56875 192.168.2.158 22 - - 0 - SSH-1.5-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 192.168.2.1 56878 192.168.2.158 22 - - 0 - SSH-1.5-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.1 56940 192.168.2.158 22 - - 0 - SSH-1.5-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 192.168.2.1 57831 192.168.2.158 22 - - 0 - SSH-1.5-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 192.168.2.1 59246 192.168.2.158 22 - - 0 - SSH-2.0-OpenSSH_6.2 - - - - - - - +XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.1.32 41164 128.2.10.238 22 - - 0 OUTBOUND SSH-2.0-OpenSSH_6.6p1-hpn14v4 - - - - - - - +XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.1.32 33910 128.2.13.133 22 - - 0 OUTBOUND SSH-2.0-OpenSSH_6.6p1-hpn14v4 - - - - - - - +XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.1.32 41268 128.2.10.238 22 - - 0 OUTBOUND SSH-2.0-OpenSSH_6.6 - - - - - - - +XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.1.31 52294 192.168.1.32 22 - - 0 - SSH-2.0-OpenSSH_6.7 - - - - - - - +XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 192.168.1.31 51489 192.168.1.32 22 - - 0 - SSH-2.0-OpenSSH_6.7 - - - - - - - +XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 - - 0 OUTBOUND SSH-2.0-OpenSSH_6.7 - - - - - - - +XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 - - 0 OUTBOUND SSH-2.0-OpenSSH_6.7 - - - - - - - +XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 - - 0 OUTBOUND SSH-2.0-OpenSSH_6.7 - - - - - - - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/.stdout new file mode 100644 index 0000000000..49d861c74c --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/.stdout @@ -0,0 +1 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/conn.log b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/conn.log new file mode 100644 index 0000000000..2c70fbd8d5 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/conn.log @@ -0,0 +1,30 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 tcp - 6.013825 0 2501 SHR T F 0 ^hdaf 0 0 20 3549 - +XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.2.1 57189 192.168.2.158 22 tcp - 6.641675 0 3489 SHR T T 0 ^hadf 0 0 29 5005 - +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.1 57191 192.168.2.158 22 tcp - 3.862105 0 813 SHR T T 0 ^hdaf 0 0 16 1653 - +XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.2.1 56594 192.168.2.158 22 tcp - 8.841592 0 537 SHR T T 0 ^hdaf 0 0 14 1273 - +XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.1 56821 192.168.2.158 22 tcp - 1.106164 0 1125 SHR T T 0 ^hdaf 0 0 20 2173 - +XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.1 56837 192.168.2.158 22 tcp - 1.080689 0 997 SHR T T 0 ^hdaf 0 0 19 1993 - +XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 192.168.2.1 56845 192.168.2.158 22 tcp - 1.302374 0 965 SHR T T 0 ^hdaf 0 0 20 2013 - +XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.1 56875 192.168.2.158 22 tcp - 12.013362 0 549 SHR T T 0 ^hdaf 0 0 16 1389 - +XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.1 56878 192.168.2.158 22 tcp - 3.628800 0 825 SHR T T 0 ^hdaf 0 0 19 1821 - +XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.1 56940 192.168.2.158 22 tcp - 0.104755 0 609 SHR T T 0 ^hdaf 0 0 10 1137 - +XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.1 57831 192.168.2.158 22 tcp - 2.758679 0 813 SHR T T 0 ^hdaf 0 0 18 1757 - +XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 192.168.2.1 59246 192.168.2.158 22 tcp - 3.076531 0 4165 SHR T T 0 ^hadf 0 0 23 5369 - +XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 192.168.1.32 41164 128.2.10.238 22 tcp - 8.458002 0 3015 SHR T F 0 ^hadf 0 0 33 4763 - +XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.1.32 33910 128.2.13.133 22 tcp - 1.883790 0 6037 SHR T F 0 ^hadf 0 0 29 7565 - +XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 192.168.1.32 41268 128.2.10.238 22 tcp - 2.684423 0 2487 SHR T F 0 ^hadf 0 0 20 3535 - +XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 192.168.1.31 52294 192.168.1.32 22 tcp - 3.659871 0 2229 SHR T T 0 ^hadf 0 0 24 3497 - +XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.1.31 51489 192.168.1.32 22 tcp - 4.927268 0 2497 SHR T T 0 ^hdaf 0 0 27 3937 - +XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 192.168.1.32 58641 131.103.20.168 22 tcp - 0.542658 0 2309 SHR T F 0 ^hdaf 0 0 13 2993 - +XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.1.32 58646 131.103.20.168 22 tcp - 2.198678 0 535101 SHR T F 0 ^hadf 0 0 226 546861 - +XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.1.32 58649 131.103.20.168 22 tcp - 2.026830 0 534861 SHR T F 0 ^hadf 0 0 236 547141 - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/ssh.log b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/ssh.log new file mode 100644 index 0000000000..7a1a6e61e0 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/ssh.log @@ -0,0 +1,30 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssh +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success auth_attempts direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key +#types time string addr port addr port count bool count enum string string string string string string string string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 - - 0 OUTBOUND - SSH-2.0-OpenSSH_5.8 - - - - - - +XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.2.1 57189 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.1 57191 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 192.168.2.1 56594 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.1 56821 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.1 56837 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 192.168.2.1 56845 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.1 56875 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.1 56878 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.1 56940 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.1 57831 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 192.168.2.1 59246 192.168.2.158 22 - - 0 - - SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - - +XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 192.168.1.32 41164 128.2.10.238 22 - - 0 OUTBOUND - SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301 - - - - - - +XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.1.32 33910 128.2.13.133 22 - - 0 OUTBOUND - SSH-2.0-OpenSSH_5.3 - - - - - - +XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 192.168.1.32 41268 128.2.10.238 22 - - 0 OUTBOUND - SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301 - - - - - - +XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 192.168.1.31 52294 192.168.1.32 22 - - 0 - - SSH-2.0-OpenSSH_6.7 - - - - - - +XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.1.31 51489 192.168.1.32 22 - - 0 - - SSH-2.0-OpenSSH_6.7 - - - - - - +XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 192.168.1.32 58641 131.103.20.168 22 - - 0 OUTBOUND - SSH-2.0-OpenSSH_5.3 - - - - - - +XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.1.32 58646 131.103.20.168 22 - - 0 OUTBOUND - SSH-2.0-OpenSSH_5.3 - - - - - - +XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.1.32 58649 131.103.20.168 22 - - 0 OUTBOUND - SSH-2.0-OpenSSH_5.3 - - - - - - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Traces/ssh/ssh.client-side-half-duplex.pcap b/testing/btest/Traces/ssh/ssh.client-side-half-duplex.pcap new file mode 100644 index 0000000000..ab53e6b7bb Binary files /dev/null and b/testing/btest/Traces/ssh/ssh.client-side-half-duplex.pcap differ diff --git a/testing/btest/Traces/ssh/ssh.server-side-half-duplex.pcap b/testing/btest/Traces/ssh/ssh.server-side-half-duplex.pcap new file mode 100644 index 0000000000..94e71a4017 Binary files /dev/null and b/testing/btest/Traces/ssh/ssh.server-side-half-duplex.pcap differ diff --git a/testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek b/testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek new file mode 100644 index 0000000000..4657a44107 --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek @@ -0,0 +1,8 @@ +# Tests processing of half-duplex client-side connections, including no +# analyzer.log output. + +# @TEST-EXEC: zeek -r $TRACES/ssh/ssh.client-side-half-duplex.pcap %INPUT +# @TEST-EXEC: test ! -e analyzer.log +# @TEST-EXEC: btest-diff ssh.log +# @TEST-EXEC: btest-diff conn.log +# @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek b/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek new file mode 100644 index 0000000000..423148950d --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek @@ -0,0 +1,8 @@ +# Tests processing of half-duplex server-side connections, including no +# analyzer.log output. + +# @TEST-EXEC: zeek -r $TRACES/ssh/ssh.server-side-half-duplex.pcap %INPUT +# @TEST-EXEC: test ! -e analyzer.log +# @TEST-EXEC: btest-diff ssh.log +# @TEST-EXEC: btest-diff conn.log +# @TEST-EXEC: btest-diff .stdout diff --git a/testing/external/commit-hash.zeek-testing-private b/testing/external/commit-hash.zeek-testing-private index 7d5a17c1f8..169d80e658 100644 --- a/testing/external/commit-hash.zeek-testing-private +++ b/testing/external/commit-hash.zeek-testing-private @@ -1 +1 @@ -4aaaefe2797d8d0af2885b4076b482c644cd6b59 +8dd88e9b33da35feaae860b158bc91586ff17136