added test and pcap files for smb 3.1.1 negotiate-response

testing/btest/Baseline/scripts.base.protocols.smb.smb311/.stdout

@@ -0,0 +1 @@
+smb2_negotiate_response 192.168.100.168 -> 10.160.67.244:445 [dialect_revision=785, security_mode=3, server_guid=[persistent=5167561042355431755, volatile=7583560952700542861], system_time=1547145849.626981, server_start_time=1540586308.948775, negotiate_context_count=2, negotiate_context_values=[[context_type=1, data_length=38, preauth_info=[hash_alg_count=1, salt_length=32, hash_alg=[1], salt=\x17\xa3\x95(\x0d\x0dt\xecZ\xe5\x0e\x1a\xef\x85\x07]U\x99\x86B\xd0\xeb\xc8\x08\xe0\x0a\xad\x01p\x9a/\xb7], encryption_info=[cipher_count=<uninitialized>, ciphers=[]]], [context_type=2, data_length=4, preauth_info=[hash_alg_count=<uninitialized>, salt_length=<uninitialized>, hash_alg=[], salt=<uninitialized>], encryption_info=[cipher_count=1, ciphers=[1]]]]]

testing/btest/scripts/base/protocols/smb/smb311.test

@@ -0,0 +1,12 @@
+# @TEST-EXEC: bro -b -C -r $TRACES/smb/smb311.pcap %INPUT
+# @TEST-EXEC: test ! -f dpd.log
+# @TEST-EXEC: test ! -f weird.log
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/smb
+
+# Add some tests for SMB3
+event smb2_negotiate_response(c: connection, hdr: SMB2::Header, nr: SMB2::NegotiateResponse)
+	{
+	print fmt("smb2_negotiate_response %s -> %s:%d %s", c$id$orig_h, c$id$resp_h, c$id$resp_p, nr);
+	}