mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Merge remote-tracking branch 'origin/topic/jsiwek/ncp-fixes'
* origin/topic/jsiwek/ncp-fixes: Add NCP::max_frame_size tuning option Migrate NCP analyzer to use latest analyzer API
This commit is contained in:
Jon Siwek
commit
a43c7d0691
15 changed files with 1012 additions and 39 deletions
8
CHANGES
8
CHANGES
|
|
@ -1,4 +1,12 @@
|
||||||
|
|
||||||
|
2.5-646 | 2018-06-05 11:31:43 -0500
|
||||||
|
|
||||||
|
* Add NCP::max_frame_size tuning option (Corelight)
|
||||||
|
|
||||||
|
* Migrate NCP analyzer to use latest analyzer API (Corelight)
|
||||||
|
|
||||||
|
* Fix read at invalid address in X509 extension parser (Johanna Amann)
|
||||||
|
|
||||||
2.5-642 | 2018-06-04 13:52:46 -0500
|
2.5-642 | 2018-06-04 13:52:46 -0500
|
||||||
|
|
||||||
* Make 0 be a valid packet source timestamp (Corelight)
|
* Make 0 be a valid packet source timestamp (Corelight)
|
||||||
|
|
|
||||||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
||||||
2.5-642
|
2.5-646
|
||||||
|
|
|
||||||
|
|
@ -4810,6 +4810,12 @@ export {
|
||||||
const max_frag_data = 30000 &redef;
|
const max_frag_data = 30000 &redef;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
module NCP;
|
||||||
|
export {
|
||||||
|
## The maximum number of bytes to allocate when parsing NCP frames.
|
||||||
|
const max_frame_size = 65536 &redef;
|
||||||
|
}
|
||||||
|
|
||||||
module Cluster;
|
module Cluster;
|
||||||
export {
|
export {
|
||||||
type Cluster::Pool: record {};
|
type Cluster::Pool: record {};
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,6 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DI
|
||||||
|
|
||||||
bro_plugin_begin(Bro NCP)
|
bro_plugin_begin(Bro NCP)
|
||||||
bro_plugin_cc(NCP.cc Plugin.cc)
|
bro_plugin_cc(NCP.cc Plugin.cc)
|
||||||
bro_plugin_bif(events.bif)
|
bro_plugin_bif(events.bif consts.bif)
|
||||||
bro_plugin_pac(ncp.pac)
|
bro_plugin_pac(ncp.pac)
|
||||||
bro_plugin_end()
|
bro_plugin_end()
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@
|
||||||
#include "NCP.h"
|
#include "NCP.h"
|
||||||
|
|
||||||
#include "events.bif.h"
|
#include "events.bif.h"
|
||||||
|
#include "consts.bif.h"
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
using namespace analyzer::ncp;
|
using namespace analyzer::ncp;
|
||||||
|
|
@ -105,13 +106,12 @@ void FrameBuffer::Reset()
|
||||||
msg_len = 0;
|
msg_len = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Returns true if we have a complete frame
|
int FrameBuffer::Deliver(int &len, const u_char* &data)
|
||||||
bool FrameBuffer::Deliver(int &len, const u_char* &data)
|
|
||||||
{
|
{
|
||||||
ASSERT(buf_len >= hdr_len);
|
ASSERT(buf_len >= hdr_len);
|
||||||
|
|
||||||
if ( len == 0 )
|
if ( len == 0 )
|
||||||
return false;
|
return -1;
|
||||||
|
|
||||||
if ( buf_n < hdr_len )
|
if ( buf_n < hdr_len )
|
||||||
{
|
{
|
||||||
|
|
@ -123,13 +123,16 @@ bool FrameBuffer::Deliver(int &len, const u_char* &data)
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( buf_n < hdr_len )
|
if ( buf_n < hdr_len )
|
||||||
return false;
|
return -1;
|
||||||
|
|
||||||
compute_msg_length();
|
compute_msg_length();
|
||||||
|
|
||||||
if ( msg_len > buf_len )
|
if ( msg_len > buf_len )
|
||||||
{
|
{
|
||||||
buf_len = msg_len * 2;
|
if ( msg_len > BifConst::NCP::max_frame_size )
|
||||||
|
return 1;
|
||||||
|
|
||||||
|
buf_len = msg_len;
|
||||||
u_char* new_buf = new u_char[buf_len];
|
u_char* new_buf = new u_char[buf_len];
|
||||||
memcpy(new_buf, msg_buf, buf_n);
|
memcpy(new_buf, msg_buf, buf_n);
|
||||||
delete [] msg_buf;
|
delete [] msg_buf;
|
||||||
|
|
@ -143,7 +146,13 @@ bool FrameBuffer::Deliver(int &len, const u_char* &data)
|
||||||
++buf_n; ++data; --len;
|
++buf_n; ++data; --len;
|
||||||
}
|
}
|
||||||
|
|
||||||
return buf_n >= msg_len;
|
if ( buf_n < msg_len )
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if ( buf_n == msg_len )
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void NCP_FrameBuffer::compute_msg_length()
|
void NCP_FrameBuffer::compute_msg_length()
|
||||||
|
|
@ -159,11 +168,7 @@ Contents_NCP_Analyzer::Contents_NCP_Analyzer(Connection* conn, bool orig, NCP_Se
|
||||||
{
|
{
|
||||||
session = arg_session;
|
session = arg_session;
|
||||||
resync = true;
|
resync = true;
|
||||||
|
resync_set = false;
|
||||||
tcp::TCP_Analyzer* tcp = static_cast<tcp::TCP_ApplicationAnalyzer*>(Parent())->TCP();
|
|
||||||
if ( tcp )
|
|
||||||
resync = (orig ? tcp->OrigState() : tcp->RespState()) !=
|
|
||||||
tcp::TCP_ENDPOINT_ESTABLISHED;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Contents_NCP_Analyzer::~Contents_NCP_Analyzer()
|
Contents_NCP_Analyzer::~Contents_NCP_Analyzer()
|
||||||
|
|
@ -174,20 +179,23 @@ void Contents_NCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig
|
||||||
{
|
{
|
||||||
tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig);
|
tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig);
|
||||||
|
|
||||||
tcp::TCP_Analyzer* tcp = static_cast<tcp::TCP_ApplicationAnalyzer*>(Parent())->TCP();
|
auto tcp = static_cast<NCP_Analyzer*>(Parent())->TCP();
|
||||||
|
|
||||||
|
if ( ! resync_set )
|
||||||
|
{
|
||||||
|
resync_set = true;
|
||||||
|
resync = (IsOrig() ? tcp->OrigState() : tcp->RespState()) !=
|
||||||
|
tcp::TCP_ENDPOINT_ESTABLISHED;
|
||||||
|
}
|
||||||
|
|
||||||
if ( tcp && tcp->HadGap(orig) )
|
if ( tcp && tcp->HadGap(orig) )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
DEBUG_MSG("NCP deliver: len = %d resync = %d buffer.empty = %d\n",
|
|
||||||
len, resync, buffer.empty());
|
|
||||||
|
|
||||||
if ( buffer.empty() && resync )
|
if ( buffer.empty() && resync )
|
||||||
{
|
{
|
||||||
// Assume NCP frames align with packet boundary.
|
// Assume NCP frames align with packet boundary.
|
||||||
if ( (IsOrig() && len < 22) || (! IsOrig() && len < 16) )
|
if ( (IsOrig() && len < 22) || (! IsOrig() && len < 16) )
|
||||||
{ // ignore small fragmeents
|
{ // ignore small fragmeents
|
||||||
DEBUG_MSG("NCP discard small pieces: %d\n", len);
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -204,10 +212,27 @@ void Contents_NCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig
|
||||||
resync = false;
|
resync = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
while ( buffer.Deliver(len, data) )
|
for ( ; ; )
|
||||||
{
|
{
|
||||||
session->Deliver(IsOrig(), buffer.Len(), buffer.Data());
|
auto result = buffer.Deliver(len, data);
|
||||||
buffer.Reset();
|
|
||||||
|
if ( result < 0 )
|
||||||
|
break;
|
||||||
|
|
||||||
|
if ( result == 0 )
|
||||||
|
{
|
||||||
|
session->Deliver(IsOrig(), buffer.Len(), buffer.Data());
|
||||||
|
buffer.Reset();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
// The rest of the data available in this delivery will
|
||||||
|
// be discarded and will need to resync to a new frame header.
|
||||||
|
Weird("ncp_large_frame");
|
||||||
|
buffer.Reset();
|
||||||
|
resync = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -224,13 +249,13 @@ NCP_Analyzer::NCP_Analyzer(Connection* conn)
|
||||||
{
|
{
|
||||||
session = new NCP_Session(this);
|
session = new NCP_Session(this);
|
||||||
o_ncp = new Contents_NCP_Analyzer(conn, true, session);
|
o_ncp = new Contents_NCP_Analyzer(conn, true, session);
|
||||||
|
AddSupportAnalyzer(o_ncp);
|
||||||
r_ncp = new Contents_NCP_Analyzer(conn, false, session);
|
r_ncp = new Contents_NCP_Analyzer(conn, false, session);
|
||||||
|
AddSupportAnalyzer(r_ncp);
|
||||||
}
|
}
|
||||||
|
|
||||||
NCP_Analyzer::~NCP_Analyzer()
|
NCP_Analyzer::~NCP_Analyzer()
|
||||||
{
|
{
|
||||||
delete session;
|
delete session;
|
||||||
delete o_ncp;
|
|
||||||
delete r_ncp;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -54,8 +54,9 @@ public:
|
||||||
explicit FrameBuffer(int header_length);
|
explicit FrameBuffer(int header_length);
|
||||||
virtual ~FrameBuffer();
|
virtual ~FrameBuffer();
|
||||||
|
|
||||||
// Returns true if a frame is ready
|
// Returns -1 if frame is not ready, 0 if it else, and 1 if
|
||||||
bool Deliver(int& len, const u_char* &data);
|
// the frame would require too large of a buffer allocation.
|
||||||
|
int Deliver(int& len, const u_char* &data);
|
||||||
|
|
||||||
void Reset();
|
void Reset();
|
||||||
|
|
||||||
|
|
@ -68,9 +69,9 @@ protected:
|
||||||
|
|
||||||
int hdr_len;
|
int hdr_len;
|
||||||
u_char* msg_buf;
|
u_char* msg_buf;
|
||||||
int msg_len;
|
uint64 msg_len;
|
||||||
int buf_n; // number of bytes in msg_buf
|
size_t buf_n; // number of bytes in msg_buf
|
||||||
int buf_len; // size off msg_buf
|
size_t buf_len; // size off msg_buf
|
||||||
};
|
};
|
||||||
|
|
||||||
#define NCP_TCPIP_HEADER_LENGTH 8
|
#define NCP_TCPIP_HEADER_LENGTH 8
|
||||||
|
|
@ -97,6 +98,7 @@ protected:
|
||||||
|
|
||||||
// Re-sync for partial connections (or after a content gap).
|
// Re-sync for partial connections (or after a content gap).
|
||||||
bool resync;
|
bool resync;
|
||||||
|
bool resync_set;
|
||||||
};
|
};
|
||||||
|
|
||||||
class NCP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
|
class NCP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
|
||||||
|
|
|
||||||
1
src/analyzer/protocol/ncp/consts.bif
Normal file
1
src/analyzer/protocol/ncp/consts.bif
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
const NCP::max_frame_size: count;
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path loaded_scripts
|
#path loaded_scripts
|
||||||
#open 2018-03-01-16-07-03
|
#open 2018-06-05-16-19-04
|
||||||
#fields name
|
#fields name
|
||||||
#types string
|
#types string
|
||||||
scripts/base/init-bare.bro
|
scripts/base/init-bare.bro
|
||||||
|
|
@ -93,6 +93,7 @@ scripts/base/init-bare.bro
|
||||||
build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro
|
||||||
|
build/scripts/base/bif/plugins/Bro_NCP.consts.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
|
build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro
|
build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro
|
||||||
|
|
@ -175,4 +176,4 @@ scripts/base/init-bare.bro
|
||||||
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
|
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
|
||||||
scripts/policy/misc/loaded-scripts.bro
|
scripts/policy/misc/loaded-scripts.bro
|
||||||
scripts/base/utils/paths.bro
|
scripts/base/utils/paths.bro
|
||||||
#close 2018-03-01-16-07-03
|
#close 2018-06-05-16-19-04
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path loaded_scripts
|
#path loaded_scripts
|
||||||
#open 2018-05-17-23-49-59
|
#open 2018-06-05-16-19-07
|
||||||
#fields name
|
#fields name
|
||||||
#types string
|
#types string
|
||||||
scripts/base/init-bare.bro
|
scripts/base/init-bare.bro
|
||||||
|
|
@ -93,6 +93,7 @@ scripts/base/init-bare.bro
|
||||||
build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro
|
||||||
|
build/scripts/base/bif/plugins/Bro_NCP.consts.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro
|
build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
|
build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro
|
build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro
|
||||||
|
|
@ -364,4 +365,4 @@ scripts/base/init-default.bro
|
||||||
scripts/base/misc/find-filtered-trace.bro
|
scripts/base/misc/find-filtered-trace.bro
|
||||||
scripts/base/misc/version.bro
|
scripts/base/misc/version.bro
|
||||||
scripts/policy/misc/loaded-scripts.bro
|
scripts/policy/misc/loaded-scripts.bro
|
||||||
#close 2018-05-17-23-49-59
|
#close 2018-06-05-16-19-07
|
||||||
|
|
|
||||||
|
|
@ -264,7 +264,7 @@
|
||||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1525287517.317589, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1528215692.710382, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
|
||||||
|
|
@ -441,7 +441,7 @@
|
||||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1525287517.317589, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
|
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1528215692.710382, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
|
||||||
|
|
@ -522,6 +522,7 @@
|
||||||
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MIME.events.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MIME.events.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Modbus.events.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Modbus.events.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MySQL.events.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MySQL.events.bif.bro) -> -1
|
||||||
|
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NCP.consts.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NCP.events.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NCP.events.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.events.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.events.bif.bro) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.types.bif.bro) -> -1
|
0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.types.bif.bro) -> -1
|
||||||
|
|
@ -1062,7 +1063,7 @@
|
||||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
|
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
|
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
|
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1525287517.317589, node=bro, filter=ip or not ip, init=T, success=T]))
|
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1528215692.710382, node=bro, filter=ip or not ip, init=T, success=T]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
|
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
|
||||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
|
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
|
||||||
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
|
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
|
||||||
|
|
@ -1239,7 +1240,7 @@
|
||||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
|
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
|
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
|
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
|
||||||
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1525287517.317589, node=bro, filter=ip or not ip, init=T, success=T]))
|
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1528215692.710382, node=bro, filter=ip or not ip, init=T, success=T]))
|
||||||
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
|
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
|
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
|
||||||
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
|
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
|
||||||
|
|
@ -1320,6 +1321,7 @@
|
||||||
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MIME.events.bif.bro)
|
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MIME.events.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Modbus.events.bif.bro)
|
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Modbus.events.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MySQL.events.bif.bro)
|
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MySQL.events.bif.bro)
|
||||||
|
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NCP.consts.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NCP.events.bif.bro)
|
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NCP.events.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.events.bif.bro)
|
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.events.bif.bro)
|
||||||
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.types.bif.bro)
|
0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.types.bif.bro)
|
||||||
|
|
@ -1859,7 +1861,7 @@
|
||||||
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
|
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
|
||||||
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
|
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
|
||||||
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
|
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
|
||||||
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1525287517.317589, node=bro, filter=ip or not ip, init=T, success=T])
|
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1528215692.710382, node=bro, filter=ip or not ip, init=T, success=T])
|
||||||
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
|
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
|
||||||
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
|
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
|
||||||
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
|
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
|
||||||
|
|
@ -2036,7 +2038,7 @@
|
||||||
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
|
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
|
||||||
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
|
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
|
||||||
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
|
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
|
||||||
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1525287517.317589, node=bro, filter=ip or not ip, init=T, success=T])
|
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1528215692.710382, node=bro, filter=ip or not ip, init=T, success=T])
|
||||||
0.000000 | HookCallFunction NetControl::check_plugins()
|
0.000000 | HookCallFunction NetControl::check_plugins()
|
||||||
0.000000 | HookCallFunction NetControl::init()
|
0.000000 | HookCallFunction NetControl::init()
|
||||||
0.000000 | HookCallFunction Notice::want_pp()
|
0.000000 | HookCallFunction Notice::want_pp()
|
||||||
|
|
@ -2117,6 +2119,7 @@
|
||||||
0.000000 | HookLoadFile .<...>/Bro_MIME.events.bif.bro
|
0.000000 | HookLoadFile .<...>/Bro_MIME.events.bif.bro
|
||||||
0.000000 | HookLoadFile .<...>/Bro_Modbus.events.bif.bro
|
0.000000 | HookLoadFile .<...>/Bro_Modbus.events.bif.bro
|
||||||
0.000000 | HookLoadFile .<...>/Bro_MySQL.events.bif.bro
|
0.000000 | HookLoadFile .<...>/Bro_MySQL.events.bif.bro
|
||||||
|
0.000000 | HookLoadFile .<...>/Bro_NCP.consts.bif.bro
|
||||||
0.000000 | HookLoadFile .<...>/Bro_NCP.events.bif.bro
|
0.000000 | HookLoadFile .<...>/Bro_NCP.events.bif.bro
|
||||||
0.000000 | HookLoadFile .<...>/Bro_NTLM.events.bif.bro
|
0.000000 | HookLoadFile .<...>/Bro_NTLM.events.bif.bro
|
||||||
0.000000 | HookLoadFile .<...>/Bro_NTLM.types.bif.bro
|
0.000000 | HookLoadFile .<...>/Bro_NTLM.types.bif.bro
|
||||||
|
|
@ -2387,7 +2390,7 @@
|
||||||
0.000000 | HookLoadFile base<...>/x509
|
0.000000 | HookLoadFile base<...>/x509
|
||||||
0.000000 | HookLoadFile base<...>/xmpp
|
0.000000 | HookLoadFile base<...>/xmpp
|
||||||
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
|
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
|
||||||
0.000000 | HookLogWrite packet_filter [ts=1525287517.317589, node=bro, filter=ip or not ip, init=T, success=T]
|
0.000000 | HookLogWrite packet_filter [ts=1528215692.710382, node=bro, filter=ip or not ip, init=T, success=T]
|
||||||
0.000000 | HookQueueEvent NetControl::init()
|
0.000000 | HookQueueEvent NetControl::init()
|
||||||
0.000000 | HookQueueEvent bro_init()
|
0.000000 | HookQueueEvent bro_init()
|
||||||
0.000000 | HookQueueEvent filter_change_tracking()
|
0.000000 | HookQueueEvent filter_change_tracking()
|
||||||
|
|
|
||||||
468
testing/btest/Baseline/scripts.base.protocols.ncp.event/out
Normal file
468
testing/btest/Baseline/scripts.base.protocols.ncp.event/out
Normal file
|
|
@ -0,0 +1,468 @@
|
||||||
|
ncp reply, 13107, 70, 0, 0, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 59, 89
|
||||||
|
ncp reply, 13107, 2, 8738, 89, 255
|
||||||
|
ncp request, 8738, 59, 89
|
||||||
|
ncp reply, 13107, 2, 8738, 89, 255
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 66, 89
|
||||||
|
ncp reply, 13107, 92, 8738, 89, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 66, 89
|
||||||
|
ncp reply, 13107, 92, 8738, 89, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 46, 89
|
||||||
|
ncp reply, 13107, 88, 8738, 89, 0
|
||||||
|
ncp request, 8738, 40, 89
|
||||||
|
ncp reply, 13107, 11, 8738, 89, 0
|
||||||
|
ncp request, 8738, 40, 89
|
||||||
|
ncp reply, 13107, 102, 8738, 89, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 6, 22338
|
||||||
|
ncp reply, 13107, 10, 8738, 22338, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 163, 8738, 72, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
|
@ -0,0 +1,418 @@
|
||||||
|
ncp reply, 13107, 70, 0, 0, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 59, 89
|
||||||
|
ncp reply, 13107, 2, 8738, 89, 255
|
||||||
|
ncp request, 8738, 59, 89
|
||||||
|
ncp reply, 13107, 2, 8738, 89, 255
|
||||||
|
ncp request, 8738, 79, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp reply, 13107, 86, 8738, 72, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 66, 89
|
||||||
|
ncp reply, 13107, 92, 8738, 89, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 66, 89
|
||||||
|
ncp reply, 13107, 92, 8738, 89, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 46, 89
|
||||||
|
ncp reply, 13107, 88, 8738, 89, 0
|
||||||
|
ncp request, 8738, 40, 89
|
||||||
|
ncp reply, 13107, 11, 8738, 89, 0
|
||||||
|
ncp request, 8738, 40, 89
|
||||||
|
ncp reply, 13107, 102, 8738, 89, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 6, 22338
|
||||||
|
ncp reply, 13107, 10, 8738, 22338, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 8, 66
|
||||||
|
ncp reply, 13107, 2, 8738, 66, 0
|
||||||
|
ncp request, 8738, 72, 89
|
||||||
|
ncp reply, 13107, 70, 8738, 89, 0
|
||||||
|
ncp request, 8738, 7, 22306
|
||||||
|
ncp reply, 13107, 2, 8738, 22306, 0
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
|
ncp request, 8738, 14, 72
|
||||||
BIN
testing/btest/Traces/ncp.pcap
Normal file
BIN
testing/btest/Traces/ncp.pcap
Normal file
Binary file not shown.
20
testing/btest/scripts/base/protocols/ncp/event.bro
Normal file
20
testing/btest/scripts/base/protocols/ncp/event.bro
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT >out
|
||||||
|
# @TEST-EXEC: btest-diff out
|
||||||
|
|
||||||
|
redef likely_server_ports += { 524/tcp };
|
||||||
|
|
||||||
|
event bro_init()
|
||||||
|
{
|
||||||
|
const ports = { 524/tcp };
|
||||||
|
Analyzer::register_for_ports(Analyzer::ANALYZER_NCP, ports);
|
||||||
|
}
|
||||||
|
|
||||||
|
event ncp_request(c: connection, frame_type: count, length: count, func: count)
|
||||||
|
{
|
||||||
|
print "ncp request", frame_type, length, func;
|
||||||
|
}
|
||||||
|
|
||||||
|
event ncp_reply(c: connection, frame_type: count, length: count, req_frame: count, req_func: count, completion_code: count)
|
||||||
|
{
|
||||||
|
print "ncp reply", frame_type, length, req_frame, req_func, completion_code;
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,20 @@
|
||||||
|
# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out
|
||||||
|
# @TEST-EXEC: btest-diff out
|
||||||
|
|
||||||
|
redef likely_server_ports += { 524/tcp };
|
||||||
|
|
||||||
|
event bro_init()
|
||||||
|
{
|
||||||
|
const ports = { 524/tcp };
|
||||||
|
Analyzer::register_for_ports(Analyzer::ANALYZER_NCP, ports);
|
||||||
|
}
|
||||||
|
|
||||||
|
event ncp_request(c: connection, frame_type: count, length: count, func: count)
|
||||||
|
{
|
||||||
|
print "ncp request", frame_type, length, func;
|
||||||
|
}
|
||||||
|
|
||||||
|
event ncp_reply(c: connection, frame_type: count, length: count, req_frame: count, req_func: count, completion_code: count)
|
||||||
|
{
|
||||||
|
print "ncp reply", frame_type, length, req_frame, req_func, completion_code;
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue