From c9cc1a55b95fea3600709c0ed2b50492b32ca5e6 Mon Sep 17 00:00:00 2001
From: mauro <mauropalumbo75@gmail.com>
Date: Tue, 5 Feb 2019 15:05:51 +0100
Subject: [PATCH] added test and pcap files for smb 3.1.1 negotiate-response

---
 .../scripts.base.protocols.smb.smb311/.stdout   |   1 +
 testing/btest/Traces/smb/smb311.pcap            | Bin 0 -> 10304 bytes
 .../scripts/base/protocols/smb/smb311.test      |  12 ++++++++++++
 3 files changed, 13 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.smb.smb311/.stdout
 create mode 100644 testing/btest/Traces/smb/smb311.pcap
 create mode 100644 testing/btest/scripts/base/protocols/smb/smb311.test

diff --git a/testing/btest/Baseline/scripts.base.protocols.smb.smb311/.stdout b/testing/btest/Baseline/scripts.base.protocols.smb.smb311/.stdout
new file mode 100644
index 0000000000..3808c1d8f0
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.smb.smb311/.stdout
@@ -0,0 +1 @@
+smb2_negotiate_response 192.168.100.168 -> 10.160.67.244:445 [dialect_revision=785, security_mode=3, server_guid=[persistent=5167561042355431755, volatile=7583560952700542861], system_time=1547145849.626981, server_start_time=1540586308.948775, negotiate_context_count=2, negotiate_context_values=[[context_type=1, data_length=38, preauth_info=[hash_alg_count=1, salt_length=32, hash_alg=[1], salt=\x17\xa3\x95(\x0d\x0dt\xecZ\xe5\x0e\x1a\xef\x85\x07]U\x99\x86B\xd0\xeb\xc8\x08\xe0\x0a\xad\x01p\x9a/\xb7], encryption_info=[cipher_count=<uninitialized>, ciphers=[]]], [context_type=2, data_length=4, preauth_info=[hash_alg_count=<uninitialized>, salt_length=<uninitialized>, hash_alg=[], salt=<uninitialized>], encryption_info=[cipher_count=1, ciphers=[1]]]]]
diff --git a/testing/btest/Traces/smb/smb311.pcap b/testing/btest/Traces/smb/smb311.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..b6f4521676c00ea33943e6efbc1afceea60a3941
GIT binary patch
literal 10304
zcmchccRbeL|Nmc?J&LT#Rwycz79y9KLfJ|7OkGJ?nb}eHh_|dV%S^*o;caiSGD6BG
z<1!N8b1p@$KEK}o{mykeuh%)Ran9@cyg#1joY(83*twHJ4nYt_(ZftAuwVa~h!9Rh
zP4$|=of{lHm(A~(SivGMhamq6{$s~Dcx*Qcyx<N5f%n6E>3{AKga}tA0d)>|0wlJ3
z#E5QAC3X#zVOCK?ND28=)RAUs88So$L1v0N&<L7@T;W}+aVkZ;)O=<psu*pnGCq`7
zn&`S0g-x#ly`ab_21fiGeMW_zgGTb!R23!Bps<k$eib(Nls|jlJb+i=0?!REu><*)
z>1<dJN=m~0p~7^QFjoE=I7SFE4cMTN1E2)=93ba&IlZ+QrcCa9|1^tlFw3gomB*wd
z;SdKmeO<Fy$HC7CLI6ClasAH+K#}3<TN@5=0{SQV=LOI|#S2wf2T+H3!!sLRg8o5a
zFs^9CiG=ka^bPb8syH(f`UY*QngaZT`h0i8KR%<vDCi?lJF(qA8@6se1A_dQe<Xkh
zXb1@qdESy}quw{?{Mp4C+=R}WAH+4{3bq@0L6O#;{#hI9{@VlHH*U6}T#>uT5;&`G
zOG0v(1Vv0t5RW-}Jzn&v2nhwK6QSHs6A-YGkRS4vb6=!I5fI>t-Wx><aCD<c_}kSK
z35SmI#2;YhvbbffXKZ3>Zee1qXKtaVA}e*`*l8iOCC0?S%0$oH%;MG^lkL3rB!u(q
z+-W_bHB7}c?M14i{*Sk0(|8rxCyES|Wt2cJJ}<}wviSruOppy5x*A&o$}s<--Rz<+
zoOT~<*RE>HP+nONV6#y0WP=UhG64C2M(+O328FnTLmLU6gz3N7Fv7?FnKTiOUq$4i
znu4OLsuIvCf}A8E`?Pstvj7i4`;>lm1?`iOtHB-xb(sIq-hPZ5PJ5QywO7`IwpHVV
z+VhOw)ZP_nBWQf=mwmet<Q-Jr&(1dYzw9$dkaQLva0gx@2X#5*>83r<SQ79P0{fE$
zzJuMnm%p|8n!pgnC1b=GISWb@h%mf_S{Atkegxo-jS>pPqy!=jw!08h<QDkxBi4us
zVg<H@$Zp&@{y)wT|BtIl5i%qunggeJ*fsPc^k>me6QMuFLTj*5pbj&>UQm8T-B2%N
z8Qb-u#yON%UIX>wP5DbN{z5=6S3phemp@^Tzw70f2>#2T+x4;vo57`Ddimu@G&mXr
zesB*{6Ua>92lp_IfxHX+CcyqAfzPLjfvAkdPKx3A_X$bfq!&|AKfUnFLz&!~JGscy
zsNlW-KWG>L9o$6B5etwZ+dGH>*xmwr1W|6}eNNjS-otV|eOf7F@%jcc$SxZ`9!QX#
zEVc$40Ln1q#{%Mtafh+MMzcK@%4^WJ>W;2^k#)7X%~<dn81aW%l*4BSwGGq%i(Miq
zsjc|>K#0RttllKGN$^H2z&qe`!sjLWO>3+6wb(&$3}$?-A#Ft;q1MQaw`)z^aVYQK
z-B4>!r8c!@1+?Y`8j1b^=GAMYsm`|FQkpSd7pgsZL&z__ji+DHqVHj(+UOe2k5Gxf
z;`dCq_3(>8R~E^qA_U0?Y1*lK7>eybXOvS;oJmT1e%9PbI$-V1iTQSvqB1Mv;Z^_p
zxm`>NJ7b*ZUitT4emz6VeF`)GcCOm4uq!@H&m{3)LZf4=mFrp0y$UbGKfQg}M4@p;
zlXimKXv22s1E@flATyGlT5Js{!~6%cB8&%a{A%0I?BCsJTMcH&EU<Qy*;~NO3N+#g
zeXth8*%f!_kf@lH0jC5RrQx$onz`!Esq^4GE-B%*TRuoJM{_)WE8;~xBq{P>t#<Zb
zFRgmzX<?y9_FgmEeCR^+4x3|{%pUr?*l(>L$o^baNF=W=J7w&W*_!j>@|>NXWV?QS
ziocbSX6}JB@6I;54IA-!n=b#AcMp!Y(RSV%%z$?+<V~x&$vYJAehW;%@fIKa=O}GQ
zlR~7vAV;fdMyhcsgUj7|e{rb?cX3wY^G+OYt!!L%EMZKeP+=VJ`2N)U>!}-QI~s}0
z+|bFRqLJ%lv;{3wUy}URX3>^f3ZHA(&sD_gF6(zc&&Vyzm$JK`U_o6R#myV0krhsA
zff-8{5TCQ`W)X?F!XR=|Aw~6?JnNxPEZsBzoA(L*y1()E#PM#$;~fil7XsdER}?mR
z4*=ewz(5@DgFL4jMB{VKOH3|jj=1E<J^v5h^(q2VXK9Qc@&<L3W)5dbk54BtizTb4
zj`|N@I_`_oFnIXXtu-it>>p>p_Ol4@^x^LrYW)=TFBYn93b)Y6<+LH*@ln#P^{)F<
zg3q?Nv2O9k{1)GKE_K)opbj&Be4|8*dLeJJ6+GUBLwOYkAa9iMChymP_W-C7L2ch+
zK#}mC&2qG?+ZjX0JDL(VJ+$vkV?p_=<P03|Cfs&Q+dT^%w(k3ElW2}|s5hwvUhgWR
zpzYl&qS79AjD1eJSNkw+CRJQjE9Sa}N!qiAsjA2KXdk(|%V$+tRkrpcot^uV>SWR<
z-5aHbG~PkkqMzHkbA#q19Q41E`Bu_bO>$^eo>nZneK_=K60;kP{t02L!qLt$_lWA#
zh1Ngb^Ylyv8SZCz*lx6b(Ab}qM`j4^S0q3oD%AS$SWo8x)JgxBbA2Xpy=NEA{VpC)
z7$0IU`NWyTW-=A3nAH8XDPjCXDziqyB3()P<8Zafj))ty<)R1zeGFsE6YODv<4Ey9
z9o7)kVa6XvP-+-2oUTN+>#E`a+V*l8(AAF}U=oGzC_bYigg{rXL5&6an%uTeJeV&g
zN~<fMTiokycp9FrMsWRa`MThx+!g*;9I13@H%!HQhXI;1tjz|YmZp@FkAuS(oOZmw
zl6jw1@6+sZ@)<j!+eG&?-$@+(5cM%;s={fC!BR?dD!-&JnQ2kuv;7ED_H2KFM;qM%
zr}(wP7@u9^t;eevUK9?_kJOH{idRR}opwU6c+J1J$q-4>AvHcwoniGpgif=rRDAjL
zm&V#8!qTc%0r~Oc#N0P+CRC5va2;If&aN=OZ2h|O=<J?mcIs%x_Fl>3r4!!ul+uUO
zgNb%?tNCB-mT(xEZ&lRbb)SlmiXFN~;(4=r&Z=C{KK%V2lYc|XF5B=AU47iK;d{t{
z{x=4SOLbT<i6SuL>m3;`>cfq1O562*xojw}QWokx7QXr5-V^;lKn|dh49K85vrVbi
zxNAK<m_e0pa-OSH1~qNoWuKC0)&MR+5PRHqi$Q0!o0*44+xPKz4eQ;sDK9$W^i<S~
z(`lT3*zF$*w)nv}aOv8ZmujU{HWhtTyLh75<nfi1sF6bnOvRp;82u&A8<q=FlGF3P
zdwJ)<qP9t2#dP{72eTB>M|CbicI)=%-1zxDPG;=f5%=y*k>dlxXP2UguvV9u9RzT`
zfIa~)lDGtQ$$F(8TLx+{<LeT6jq%3mvU9sGD`nBPn$|#<t9#`)b-54d@&jnZ8T!QK
z4Bc*{;QnQU6dHvcUv}R}$J6D;M7QOWeiM_|o=KQ<JT4|v_Ljz#9X;~<z8aV+5=Q@f
z;&mpU+8y`i%GzvEqg4s1lM3xe-Zqiw(bn|o8hux(c-iso&Y{^r)`*%qv0a`x+n|lV
zuVZ?x>aj!M7|efg|4`JA<F2=zyQVeZUJ1FMOW5Q-54i6Gjl@73eVu2Wp9Lm8<f}oE
z>#u*$v5QTZbECWPPP(26T!O&$3rJfwQgI70O1k_Y3wURmwen13J~6+IKq*kH=4;68
zM4~itB+*P-T5if@_^m_@iS##|{$f)fc^%D2&=(wsRCFi5DGU~Se0G+p(<WS1o(;b3
z(|4|O`Fu)SNo(xNnfRatXYtYgi%wln#ksU_wnHB*;htb){0aV0k8KBanE&8hg}IO8
zT#m=N5^Z~h0r&u=?6k>Q0&t!OjRZj-NGmW?E@T;!&)XnVMb=fK8F-wvaZj-21Ft>@
zKJzC=)SRz;j-I!xm)(2rknOuJE;T7l*|?)upD!@%Vl;E99?q|=U*LI6LxieWbF;cF
zf3P9^X_uTb$(M8{c`xGIh@KT#%*n@-E!sXVUzku`F*{80<{DUUKzs4oD~<n^{U;oI
z-R<nJFbw5YU4`r?C4aFGpabkBKnFPXD_!ALhBZM*tA}xV^Wx<Ey(#TjYJS3lp;SOD
zAmOv8`1ojccjD@CftkAzHGLly!#N$w-px_f?-=}-zxNImxm{<GbNYlseI_GE8Fvze
zUzJ)&zuCdrwFd_>&-57k>`5Y)APDm>3US&$$-3^Tq#isbJ#&qlKUb@M;gM80_YV=~
zR)PN5oO|S(?0;Xwrph<`ZB65YW8b))ebrUK{taZm@4zN|{eh7Huy)*7(-8HjMb+)5
z(@1X<T}KBnhi2lj$6v$pClDRSFc|sO3@Wt{@pI-Sr|A$?#5uF;RiB#W)I4t9r<p$>
zC38ec%^^pz7^PBg_~kw+QMfwU{9Rvr>j(!?<?{(&({svdTo{;j<*CW?x7IYj$NHE-
z!{1_k0LNPgkM|qEdkFG2HQMBT4Di+mw&Hj@F{lK!%T64^1bM7?Ie9a`Fq$@C$VQ0b
zB3r>FfAZdW(pKxFSNy#4tE+px+70CVzFX`{{#5Nn8RHtIjq*;A+;;$_tQCGFd;h<D
zw}oYy5At>QW1dBRT;wI=id^9O%zXWteP>Rl#%Z~Jq1z7*&^&EzElp=47`z(G`y+(A
z0DY5pUruYSpi<8!Zy1s=!7*L5yaC$=$}s;C>lGN^{}t<1LugyA%fJVS{ozgCE`awj
z&`1D`bw5E`X;I5=zT|G-YphInOtSEJYk>>Foty7%PmU*DV-6U=^u>f(+`}xjI7cK>
z65WrQ3!~%j>ef55tduUtw5P*xl~DBC;dTzovr3$!WX_CN+%wdB(s;&~_I|BjkG<C$
zXy+Xp?#L08mXgWua-Jvalo#C$v=u+jkF@`l`yh_H_IB=CmxuDIZ6NploK5bR0CyMA
z0gih~&Cx4?Z<8NUzw@}#?xC$9D=|3QVmhptPY8#CKe@+xyQvV8?3yFKtCzT(nLRJk
zcNqx@z)}wN?h#9Fs1VCeqnD@R%d0WxTArWK^HlBjcxIF2D;V-Ed{&p;uDhy${W_@#
z=AqTaS5YS}R@eH_eF)>d64$b}LSe8Z-Z&TTe18oa`Mk>8c#}JDI4(i%7@<aNAE?3n
z2lpn-1047K?Qvdh1Gq1NxqSTs^(Oad!2J?vBocDJ-#i}oq&M7Q$55@ts}tO0*?8Q+
zYXC@F+~;^3sb=4t&~7DtV@GGba4*{;hOabaiOsZNsov4-z6o31L36CVFHw!p{9`%2
zi;YQYL^jdcUdeXU=N`1i_{n{cYS&t8I><#p@0<0FJyEP|mxqmE{o8=98A0(N|E^HB
z;J6lChd2$K_|5+Gi;Y-XP=^_Ro<|WC4dFC!1WyA?LwPkcPy_bh6@O!W7hnN25DogM
zgZ9T%d^;5}Yu*{=MBmYQy>W#}zW%$9Q2QE+-X9u{MB=tv_N!9Z_|8A(wCUt{*~ec+
zRv_<}l635Gizcg~;A)DE6-!^#)tI*~4(Bg?RZ3WL(y0&enN;o}pYkw&>ZwZ|{jm6&
z%wkJ!YE;P`asj;owL)GZ$IqT|OB_qWW%3Lc?9eakFCRI3@eyCtj~(hJ*q6b~Sv)J6
z93Qi&G;F`f@?G?~VJAL!IKSW7o2t01Wa-=DYVp}ZrhS)!tq=tI3dYUv>pz!*#=ouq
z9^y2E_r6<0gSNd|1vQgJzNwjFpcxC$xHI(G(BO`#1oSl)3i(<$pJPGkFYq*T9?xe!
z%hoTxK8;-bMops2@w!CwwBq9o&$W+ElLd`*R_|9X(m3WyIIU>JNi}h)*vZDE{Uhe8
zlG_lHa-X5PV{g2eo~&keU7B63sLtm4uLsx)6O4<|mPTv=sKfk+F4BuWLtT)0Y}dur
zDxixHoGx@WbrA$~Q4DI<&_>$Zbdf=$^cl4tYj<hrzLUrdU0!FMA&`q+cg6LL#y!E7
zF7gCOzA?n`WETz(UpjXuZD(4p6tzr7$KX5Vk)nc{LG{J3+w_eus@{IMNL;BE_3?1)
z+;CaPz5{Xjq1FyFBPMn>lmmBYdlDk!ie+Cb8$RLtQrLN_h2gDZ{LR)8vGUfSF=MX1
z*LEk!{7d(8z0oF4y(i4S@uk(S;a4mV_BoS0EBJSbHjpgv>;8tErjX)>TdP*inNqVB
zr^O^rS=Xwwd0l>j+7rQD`BAUC-iW(pkMIDi1J??wfH&TTr>}RPMU>Ut_wk0^_eG08
zNNdmud<+pIZSZ}`y#8TqsphfX!*D;<@*TQD300ae*J>&D2EVpQyGq?Cbljf9K}l}E
zNc*W*X(#QB_VXN<2#}c5Ew9475}1t`eU?Zp=fy3a&$;x7V760Mm0jxNP%D{hZctwf
z<KnssiW3tX`M~~TF-a=b^Hl_aOrd^_32+X^u}wSGgp~w!nDNIvf)f}&s9zS<?PFd|
z2-;Q$4fOltT*an-dx3s~Ky4MW<vQfhT27oC#-L+PPs=}+o`a{~Dm=Ez-l<PL?%XJ{
z#Ci&fPK+o}DR?PW%vjbeHoqe$O`U(zn&V8-Yb;7xIG29H&HZ-GDX~Ywp}r}0D5Z!;
z#KpqT{C$-u_ZS73`vp^S1Wg*a7CU>hL?*5nMUJ-Y6t;<V=eeYQkp9@}S@F`j3O#}4
zd<wSj*oNg32Si9mZb?tKC#D6NG0O{8wo1nu7ko&~3>qIdVAtn0P(3F!{B_?k>*$%I
zO{SSNE8J1f&NvDLlD^lx{FK4Gy(nJOlG<(VyS)C`e$Tlsnbfufqvyh}dv?l*=uTOs
zrb(+|S*QCxxX&Y;mBGnAvIaZ7o#+pweGhc76qd?=WgSUy+k>UJl|{t+CGi6%_3xPy
zPx_V@)n+CN0&)^P`*}Q#&YWwa+vjq(UzknN)urfIp35OiOMd=GU((e4XD+-q<3(#2
z#2QL8GwLjGAM530m~FA=ecMt*R7+%0VMBE?JP1{I-mzq#N=-$q))D2$;Y>V&QYpvo
zQb*skG|b~X9wu5FP(|mvt3;;e^UE=_fFE90Zp8V;J#l|CUY@L_-CH)syPPU_{1Vq#
z1+551;X#-7m?G*)vk#jfqNuxMJ(Q9D&%MU@YYoP>8Yg7Slp1BGH?##c#)2cfF@8*7
zny@S27|i(N2QpDKjGI>^w~rq>=%Kti-1xEg{^t0R3&xLL(8w#Ou_&caZ#Y%<<u|ye
zh%xsy@>tDlT%xBPuQ+P^7+kXP4=A{Eb3N6l&%<k^E%=P)txM;%K)s=F#ydE7IvpRm
z|M@GUCgwG9Y4dK5ULu`PTh@4;SzUL<wo6CZIr2GrIGM8@pT(OgkE}#pa3rzHHjP_#
zP$qmN(Ll9mk~N-b)-@q`Bjj7(xk@`$D?#}=#rL9?5AQ!O{zufHG&kwxcQH=^7J+kG
zUEeo+0)6xQoXgSJv^D4A{&nB*5bnQaB8)$7{&3$Oe|0ea;F@E#n(bHoogo782mUeL
zm~;JSlFMkE*c;zxNA4Cgy*>RBFaGf7+%(JQOZf)`Q;jiiw3kahJXdGwm<;$KV<TU2
zHtrfys@yrae64e@;GyVz;lvwO3%)KVOO6->_qxBpxKUj%rZHl-d{f8tzQ*w?YP34X
z_Tik${KJJ%14H77L+yLQ;->xk@(B)kURNv=d7)WfXs$NOVvy3X|5Zxf9%{!iyD`P9
z|Lh>AqgF4ClmBAiD}=%5(UCLcKX7d-+?sR2@P$ioK6=*HgzW(}nE%jIL(vzUp76d$
z=zw)fy&;^BqQSD`=Q^duXY>paXyg&plZK&wJFi0l_8RHQZ`cpQLS$bKrX3rv)$8$N
z$MtN8+ivM;dS@hKomY^}4L5X%jy=bD#f3GBfU)#JNrSaICmr9bZD)|0irisOOdV31
zDRY_d*_;?7X^1j<p6js4WT=#}ILmMndx$B$PI{-J_$|pRPt5Pkv~;{-H9_=^*_b#U
z6PiJrp<Wbz8?W00o3Teg9p*pAYc@;(ZoD?zu9td4w5=|TCDi=Dre4^9UcfpK^#$5~
zia#)hS}|(1AuEVEa-g#86`o#l@W$&?wEWf-&q@>~UA#58({G)YVhKw`BHQ;%AKH7-
zUN@i0ILF|~I_(FoU8#dRlJ~!M)IKfV@VR#`=b(N(<+`wn^ijsU`Zvi=%9L9BpN`fn
zI+^TBG<Cl-K$h>N@5hv>Q=}R9(BwmWWF73g_`fJkj$I^{<4-)lL*hHZXX2-O=$k+5
zvSH*O)61}Yczs9P;kY;V(P-wA#skM5g=^mZEadN}l@)C1Sg4J0nz8PE^TaE+wN<jD
z=reo#^&z9g=!j9m#Z^YeryBRwza7^#Bad+-I8-Zlt6|ipl5bSy;~P`CMoGRSmH(7e
z$EFvl5FEes>3Rc=$p^s*lEiTV*-(<u=WGM7D^irT;%QnbYz`WQXzV(9bjgNi4$HOk
zuxm_?1|5%?sW4V2g!!tzgrYr3b1w0PkhVed@_^<d)AM$jc~K9f1#4*o=5_dXGkztw
zBv|Aq9-^MH^CQ<v#@_71k24YR7m*kEUvycd+<hmWe>vd6z40JpSFM^S#9Y@s7u_uT
z)_baQ!aX#5GS(-%`llaA(O!D3VDs+q!y%onUfK(0iy{q@1@q~e&*in9I!}e9>qrG7
z6i`D@OTWj_9`okE#nD$>9N~T2(G3~OYgB-7)F-nUM@t}%z(}+aN2i`zqwQt1cnzz=
zLL5VOWN0dO-yV)lGc!MF3N8U(@NwI%IC^|ILP9$~RMK|04nKQBMq1PL9%)_SYereb
zDYm(9<Yz7Ame<7Y_@NuzB{_tp^ebq;mZbGR{Lr4aFE!zPnT|<N+*E27pYk%ntHjr?
z($A_TAKNO83YV>Mg=!m;3p9quO#h0b-`DM(b<KZUw+G_JUA%8PjS6U6y(2J=s=zF?
z@qfY@84ySC!x?Vf-Y0oUbm5TskApj-3d7iH30~vH5&pWJQBL1DJ0wiKv!(eoFAaBk
z>Dq}d0nhX{wd>EXd>Qz9)f3g;qh-A-HoNbMkaUE=eW%r3=Sdfz2ujW$qRgzke)qC-
zGo$QHizMOAb^Gt%G4uzUvG7$7=0C>C@}dzOU$gD=uHF&Aw;uBS1U^V?jFW+T0AD~G
z@q=T<RK--~Fd6%qEVgga0)1SWdF2^aU(~-YGWmh!A4r<G?G|5yhr#aOl#KO}`h^`v
z1{2RHLYwz$Tiq@Z;g6hYlqbvxe8d_hAJULFedUCyRm(*kZXyrNi`tuW{b4*q?&?oi
zM$d_piw=#^^9M~+?dEmiP?r*}$*T|>M37(KF~CO`T!M4M3+Wat7Sv$IA0LqsOc0Li
z<L%>PV?E$n1Z+l9xHh>O4~zuv0gYtiY$iN!k$qv}sd`s4;}379`8Rl6opAkc*{n}J
z`Hx4Zah-6iJ4IT6$qT#S1ZVCal$Fjx^Cf-bw?tUggqg%?zl$Bt$THg(-(*K|DMa*M
z|FYPD#2>fn^k(98D`rxXR?)4xN^hD=*?pgDTbcV`WiJa9n!fewie1yo-LLNPR~;p1
dPEdJH>=;!tSVyiHonF5rNJQHik08(={|8uzrWODI

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/smb/smb311.test b/testing/btest/scripts/base/protocols/smb/smb311.test
new file mode 100644
index 0000000000..22f232c14a
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/smb/smb311.test
@@ -0,0 +1,12 @@
+# @TEST-EXEC: bro -b -C -r $TRACES/smb/smb311.pcap %INPUT
+# @TEST-EXEC: test ! -f dpd.log
+# @TEST-EXEC: test ! -f weird.log
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/smb
+
+# Add some tests for SMB3
+event smb2_negotiate_response(c: connection, hdr: SMB2::Header, nr: SMB2::NegotiateResponse)
+	{
+	print fmt("smb2_negotiate_response %s -> %s:%d %s", c$id$orig_h, c$id$resp_h, c$id$resp_p, nr);
+	}