mirror of
https://github.com/zeek/zeek.git
synced 2025-10-12 03:28:19 +00:00
Merge branch 'master' into topic/jsiwek/gtp
This commit is contained in:
Jon Siwek
commit
cc8f20c104
286 changed files with 186014 additions and 951 deletions
9
testing/btest/Baseline/bifs.bytestring_to_double/out
Normal file
9
testing/btest/Baseline/bifs.bytestring_to_double/out
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
3.140000e+15
|
||||
-3.140000e+15
|
||||
4.000000e-308
|
||||
0.000000e+00
|
||||
-0.000000e+00
|
||||
inf
|
||||
-inf
|
||||
nan
|
||||
4.94e-324
|
||||
2
testing/btest/Baseline/bifs.strptime/.stdout
Normal file
2
testing/btest/Baseline/bifs.strptime/.stdout
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
1350604800.0
|
||||
0.0
|
||||
10
testing/btest/Baseline/bifs.strptime/reporter.log
Normal file
10
testing/btest/Baseline/bifs.strptime/reporter.log
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path reporter
|
||||
#open 2012-10-19-06-06-36
|
||||
#fields ts level message location
|
||||
#types time enum string string
|
||||
0.000000 Reporter::WARNING strptime conversion failed: fmt:%m d:1980-10-24 (empty)
|
||||
#close 2012-10-19-06-06-36
|
||||
16
testing/btest/Baseline/core.pppoe/conn.log
Normal file
16
testing/btest/Baseline/core.pppoe/conn.log
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2012-10-24-05-04-16
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1284385418.014560 TEfuqmmG4bh fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - 0 D 2 288 0 0 (empty)
|
||||
1284385417.962560 j4u32Pc5bif fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - 0 D 2 210 0 0 (empty)
|
||||
1284385411.091560 arKYeMETxOg fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - 0 - 1 64 0 0 (empty)
|
||||
1284385411.035560 UWkUyAuUGXf fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - 0 - 8 608 0 0 (empty)
|
||||
1284385451.658560 FrJExwHcSal fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - 0 - 5 500 5 500 (empty)
|
||||
1284385413.027560 nQcgTWjvg4c fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - 0 - 1 64 0 0 (empty)
|
||||
1284385412.963560 k6kgXLOoSKl fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - 0 - 1 48 0 0 (empty)
|
||||
#close 2012-10-24-05-04-16
|
||||
|
|
@ -3,38 +3,38 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#open 2012-10-08-16-16-08
|
||||
#open 2012-11-06-00-53-09
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1349712968.812610 - ip or not ip T T
|
||||
#close 2012-10-08-16-16-08
|
||||
1352163189.729807 - ip or not ip T T
|
||||
#close 2012-11-06-00-53-09
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#open 2012-10-08-16-16-09
|
||||
#open 2012-11-06-00-53-10
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1349712969.042094 - (((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (tcp port 1080)) or (udp and port 5355)) or (tcp port 995)) or (tcp port 22)) or (port 21 and port 2811)) or (tcp port 25 or tcp port 587)) or (tcp port 614)) or (tcp port 990)) or (port 6667)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666) T T
|
||||
#close 2012-10-08-16-16-09
|
||||
1352163190.114261 - ((((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (tcp port 1080)) or (udp and port 5355)) or (tcp port 502)) or (tcp port 995)) or (tcp port 22)) or (port 21 and port 2811)) or (tcp port 25 or tcp port 587)) or (tcp port 614)) or (tcp port 990)) or (port 6667)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666) T T
|
||||
#close 2012-11-06-00-53-10
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#open 2012-10-08-16-16-09
|
||||
#open 2012-11-06-00-53-10
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1349712969.270826 - port 42 T T
|
||||
#close 2012-10-08-16-16-09
|
||||
1352163190.484506 - port 42 T T
|
||||
#close 2012-11-06-00-53-10
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#open 2012-10-08-16-16-09
|
||||
#open 2012-11-06-00-53-10
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1349712969.499878 - port 56730 T T
|
||||
#close 2012-10-08-16-16-09
|
||||
1352163190.855090 - port 56730 T T
|
||||
#close 2012-11-06-00-53-10
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path loaded_scripts
|
||||
#open 2012-07-20-14-34-40
|
||||
#open 2012-11-05-23-29-45
|
||||
#fields name
|
||||
#types string
|
||||
scripts/base/init-bare.bro
|
||||
|
|
@ -40,6 +40,7 @@ scripts/base/init-default.bro
|
|||
scripts/base/utils/paths.bro
|
||||
scripts/base/utils/strings.bro
|
||||
scripts/base/utils/thresholds.bro
|
||||
scripts/base/utils/urls.bro
|
||||
scripts/base/frameworks/notice/__load__.bro
|
||||
scripts/base/frameworks/notice/./main.bro
|
||||
scripts/base/frameworks/notice/./weird.bro
|
||||
|
|
@ -69,6 +70,7 @@ scripts/base/init-default.bro
|
|||
scripts/base/frameworks/metrics/./non-cluster.bro
|
||||
scripts/base/frameworks/intel/__load__.bro
|
||||
scripts/base/frameworks/intel/./main.bro
|
||||
scripts/base/frameworks/intel/./input.bro
|
||||
scripts/base/frameworks/reporter/__load__.bro
|
||||
scripts/base/frameworks/reporter/./main.bro
|
||||
scripts/base/frameworks/tunnels/__load__.bro
|
||||
|
|
@ -99,6 +101,9 @@ scripts/base/init-default.bro
|
|||
scripts/base/protocols/irc/__load__.bro
|
||||
scripts/base/protocols/irc/./main.bro
|
||||
scripts/base/protocols/irc/./dcc-send.bro
|
||||
scripts/base/protocols/modbus/__load__.bro
|
||||
scripts/base/protocols/modbus/./consts.bro
|
||||
scripts/base/protocols/modbus/./main.bro
|
||||
scripts/base/protocols/smtp/__load__.bro
|
||||
scripts/base/protocols/smtp/./main.bro
|
||||
scripts/base/protocols/smtp/./entities.bro
|
||||
|
|
@ -111,5 +116,6 @@ scripts/base/init-default.bro
|
|||
scripts/base/protocols/syslog/__load__.bro
|
||||
scripts/base/protocols/syslog/./consts.bro
|
||||
scripts/base/protocols/syslog/./main.bro
|
||||
scripts/base/misc/find-checksum-offloading.bro
|
||||
scripts/policy/misc/loaded-scripts.bro
|
||||
#close 2012-07-20-14-34-40
|
||||
#close 2012-11-05-23-29-45
|
||||
|
|
|
|||
|
|
@ -2,5 +2,6 @@
|
|||
-./frameworks/cluster/nodes/proxy.bro
|
||||
-./frameworks/cluster/nodes/worker.bro
|
||||
-./frameworks/cluster/setup-connections.bro
|
||||
-./frameworks/intel/cluster.bro
|
||||
-./frameworks/metrics/cluster.bro
|
||||
-./frameworks/notice/cluster.bro
|
||||
|
|
|
|||
|
|
@ -12,6 +12,12 @@ autogen-reST-enums.bro
|
|||
|
||||
Summary
|
||||
~~~~~~~
|
||||
Options
|
||||
#######
|
||||
==================================================================== ======================================================================
|
||||
:bro:id:`test_enum_option`: :bro:type:`TestEnum1` :bro:attr:`&redef` this should reference the TestEnum1 type and not a generic "enum" type
|
||||
==================================================================== ======================================================================
|
||||
|
||||
Types
|
||||
#####
|
||||
======================================= ======================================
|
||||
|
|
@ -30,6 +36,16 @@ Redefinitions
|
|||
|
||||
Detailed Interface
|
||||
~~~~~~~~~~~~~~~~~~
|
||||
Options
|
||||
#######
|
||||
.. bro:id:: test_enum_option
|
||||
|
||||
:Type: :bro:type:`TestEnum1`
|
||||
:Attributes: :bro:attr:`&redef`
|
||||
:Default: ``ONE``
|
||||
|
||||
this should reference the TestEnum1 type and not a generic "enum" type
|
||||
|
||||
Types
|
||||
#####
|
||||
.. bro:type:: TestEnum1
|
||||
|
|
|
|||
|
|
@ -73,9 +73,9 @@ Events
|
|||
|
||||
Functions
|
||||
#########
|
||||
=============================================== =======================================
|
||||
:bro:id:`Example::a_function`: :bro:type:`func` Summarize purpose of "a_function" here.
|
||||
=============================================== =======================================
|
||||
=================================================== =======================================
|
||||
:bro:id:`Example::a_function`: :bro:type:`function` Summarize purpose of "a_function" here.
|
||||
=================================================== =======================================
|
||||
|
||||
Redefinitions
|
||||
#############
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ Types
|
|||
|
||||
Functions
|
||||
#########
|
||||
===================================== ======================================
|
||||
:bro:id:`test_func`: :bro:type:`func` This is a global function declaration.
|
||||
===================================== ======================================
|
||||
========================================= ======================================
|
||||
:bro:id:`test_func`: :bro:type:`function` This is a global function declaration.
|
||||
========================================= ======================================
|
||||
|
||||
Detailed Interface
|
||||
~~~~~~~~~~~~~~~~~~
|
||||
|
|
|
|||
|
|
@ -13,3 +13,5 @@ IPv6 address not case-sensitive (PASS)
|
|||
size of IPv6 address (PASS)
|
||||
IPv6 address type inference (PASS)
|
||||
IPv4 and IPv6 address inequality (PASS)
|
||||
IPv4-mapped-IPv6 equality to IPv4 (PASS)
|
||||
IPv4-mapped-IPv6 is IPv4 (PASS)
|
||||
|
|
|
|||
7
testing/btest/Baseline/language.hook/out
Normal file
7
testing/btest/Baseline/language.hook/out
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
myhook, &priority=10, [a=1156, b=hello world]
|
||||
myhook, &priority=5, [a=37, b=goobye world]
|
||||
myhook3, 8
|
||||
myhook4, 2
|
||||
myhook4, 1
|
||||
myhook, &priority=10, [a=2, b=it works]
|
||||
myhook, &priority=5, [a=37, b=goobye world]
|
||||
1
testing/btest/Baseline/language.invalid_hook/out
Normal file
1
testing/btest/Baseline/language.invalid_hook/out
Normal file
|
|
@ -0,0 +1 @@
|
|||
error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.invalid_hook/invalid_hook.bro, line 15: hook called in expression, use hook statement instead (myhook(nope))
|
||||
|
|
@ -10,3 +10,11 @@ IPv6 subnet !in operator (PASS)
|
|||
IPv6 subnet type inference (PASS)
|
||||
IPv4 and IPv6 subnet inequality (PASS)
|
||||
IPv4 address and IPv6 subnet (PASS)
|
||||
IPv4 in IPv4-mapped-IPv6 subnet (PASS)
|
||||
IPv6 !in IPv4-mapped-IPv6 subnet (PASS)
|
||||
IPv4-mapped-IPv6 in IPv4-mapped-IPv6 subnet (PASS)
|
||||
IPv4-mapped-IPv6 subnet equality (PASS)
|
||||
subnet literal const whitespace (PASS)
|
||||
subnet literal const whitespace (PASS)
|
||||
subnet literal const whitespace (PASS)
|
||||
subnet literal const whitespace (PASS)
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ cardinality (PASS)
|
|||
cardinality (PASS)
|
||||
cardinality (PASS)
|
||||
cardinality (PASS)
|
||||
cardinality (PASS)
|
||||
iterate over table (PASS)
|
||||
iterate over table (PASS)
|
||||
iterate over table (PASS)
|
||||
|
|
@ -30,6 +31,11 @@ add element (PASS)
|
|||
in operator (PASS)
|
||||
add element (PASS)
|
||||
in operator (PASS)
|
||||
composite index add element (PASS)
|
||||
composite index in operator (PASS)
|
||||
composite index in operator (PASS)
|
||||
remove element (PASS)
|
||||
!in operator (PASS)
|
||||
remove element (PASS)
|
||||
!in operator (PASS)
|
||||
remove element (PASS)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
cluster_new_item: 123.123.123.123 inserted by worker-1 (from peer: worker-1)
|
||||
cluster_new_item: 4.3.2.1 inserted by worker-2 (from peer: worker-2)
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path intel
|
||||
#open 2012-10-03-20-20-39
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.host seen.str seen.str_type seen.where sources
|
||||
#types time string addr port addr port addr string enum enum table[string]
|
||||
1349295639.424940 - - - - - 123.123.123.123 - - Intel::IN_ANYWHERE worker-1
|
||||
#close 2012-10-03-20-20-49
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
cluster_new_item: 1.2.3.4 inserted by manager (from peer: manager-1)
|
||||
cluster_new_item: 123.123.123.123 inserted by worker-1 (from peer: manager-1)
|
||||
cluster_new_item: 4.3.2.1 inserted by worker-2 (from peer: manager-1)
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
cluster_new_item: 1.2.3.4 inserted by manager (from peer: manager-1)
|
||||
cluster_new_item: 123.123.123.123 inserted by worker-1 (from peer: manager-1)
|
||||
cluster_new_item: 4.3.2.1 inserted by worker-2 (from peer: manager-1)
|
||||
Doing a lookup
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path intel
|
||||
#open 2012-10-03-20-18-05
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.host seen.str seen.str_type seen.where sources
|
||||
#types time string addr port addr port addr string enum enum table[string]
|
||||
1349295485.114156 - - - - - - e@mail.com Intel::EMAIL SOMEWHERE source1
|
||||
1349295485.114156 - - - - - 1.2.3.4 - - SOMEWHERE source1
|
||||
#close 2012-10-03-20-18-05
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
VALID
|
||||
VALID
|
||||
VALID
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path intel
|
||||
#open 2012-10-10-15-05-23
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.host seen.str seen.str_type seen.where sources
|
||||
#types time string addr port addr port addr string enum enum table[string]
|
||||
1349881523.548946 - - - - - 1.2.3.4 - - Intel::IN_A_TEST source1
|
||||
1349881523.548946 - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
|
||||
1349881524.567896 - - - - - 1.2.3.4 - - Intel::IN_A_TEST source1
|
||||
1349881524.567896 - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
|
||||
#close 2012-10-10-15-05-24
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
t id.orig_h id.orig_p id.resp_h id.resp_p status country b
|
||||
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 success unknown -
|
||||
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 - US -
|
||||
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 failure UK -
|
||||
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 - BR -
|
||||
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 failure (empty) T
|
||||
|
|
@ -0,0 +1 @@
|
|||
18 of 28 events triggered by trace
|
||||
159379
testing/btest/Baseline/scripts.base.protocols.modbus.events/output
Normal file
159379
testing/btest/Baseline/scripts.base.protocols.modbus.events/output
Normal file
File diff suppressed because it is too large
Load diff
|
|
@ -0,0 +1,11 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path modbus
|
||||
#open 2012-11-12-17-40-34
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p func exception
|
||||
#types time string addr port addr port string string
|
||||
1153491909.414125 UWkUyAuUGXf 192.168.66.235 2582 166.161.16.230 502 unknown-156 -
|
||||
1153491913.013726 UWkUyAuUGXf 192.168.66.235 2582 166.161.16.230 502 unknown-162 -
|
||||
#close 2012-11-12-17-40-34
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2012-11-12-17-40-34
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1153491909.414066 - - - - - truncated_IP - F bro
|
||||
1153491912.529443 UWkUyAuUGXf 192.168.66.235 2582 166.161.16.230 502 binpac exception: out_of_bound: WriteSingleRegisterRequest: 4 > 0 - F bro
|
||||
#close 2012-11-12-17-40-34
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_modbus
|
||||
#open 2012-11-06-00-51-15
|
||||
#fields ts host device_type
|
||||
#types time addr enum
|
||||
1093521694.211940 10.0.0.57 Known::MODBUS_MASTER
|
||||
1093521694.211940 10.0.0.3 Known::MODBUS_SLAVE
|
||||
1093521958.375300 10.0.0.8 Known::MODBUS_SLAVE
|
||||
1093522338.985618 10.0.0.9 Known::MODBUS_MASTER
|
||||
1153491892.212845 192.168.66.235 Known::MODBUS_MASTER
|
||||
1153491892.212845 166.161.16.230 Known::MODBUS_SLAVE
|
||||
1342774499.589057 10.1.1.234 Known::MODBUS_MASTER
|
||||
1342774499.589057 10.10.5.85 Known::MODBUS_SLAVE
|
||||
#close 2012-11-06-00-51-23
|
||||
19990
testing/btest/Baseline/scripts.base.protocols.modbus.policy/modbus.log
Normal file
19990
testing/btest/Baseline/scripts.base.protocols.modbus.policy/modbus.log
Normal file
File diff suppressed because it is too large
Load diff
|
|
@ -0,0 +1,49 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path modbus_register_change
|
||||
#open 2012-11-06-00-51-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p register old_val new_val delta
|
||||
#types time string addr port addr port count count count interval
|
||||
1342774501.024564 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 0 1 1.250066
|
||||
1342774540.946501 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 1 0 39.921937
|
||||
1342774540.946501 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 0 1 41.172003
|
||||
1342774811.727563 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 0 1 311.953065
|
||||
1342774811.727563 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 1 0 270.781062
|
||||
1342774831.727542 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 0 1 290.781041
|
||||
1342774831.727542 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 1 0 19.999979
|
||||
1342774872.821282 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 1 0 41.093740
|
||||
1342774872.821282 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 0 1 61.093719
|
||||
1342775143.602482 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 0 1 311.874940
|
||||
1342775143.602482 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 1 0 270.781200
|
||||
1342775164.774350 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 0 1 291.953068
|
||||
1342775164.774350 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 1 0 21.171868
|
||||
1342775204.696194 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 1 0 39.921844
|
||||
1342775204.696194 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 0 1 61.093712
|
||||
1342775475.477365 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 0 1 310.703015
|
||||
1342775475.477365 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 1 0 270.781171
|
||||
1342775495.477389 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 0 1 290.781195
|
||||
1342775495.477389 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 1 0 20.000024
|
||||
1342775535.399236 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 1 0 39.921847
|
||||
1342775535.399236 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 0 1 59.921871
|
||||
1342775806.180404 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 0 1 310.703015
|
||||
1342775806.180404 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 1 0 270.781168
|
||||
1342775826.180415 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 0 1 290.781179
|
||||
1342775826.180415 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 1 0 20.000011
|
||||
1342775848.508596 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 501 80 90 1348.671590
|
||||
1342775871.961652 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 1 0 45.781237
|
||||
1342775871.961652 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 0 1 65.781248
|
||||
1342776142.758456 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 0 1 316.578041
|
||||
1342776142.758456 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 1 0 270.796804
|
||||
1342776167.445943 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 0 1 295.484291
|
||||
1342776167.445943 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 1 0 24.687487
|
||||
1342776213.274085 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 1 0 45.828142
|
||||
1342776213.274085 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 0 1 70.515629
|
||||
1342776484.055366 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 0 1 316.609423
|
||||
1342776484.055366 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 1 0 270.781281
|
||||
1342776507.570851 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 0 1 294.296766
|
||||
1342776507.570851 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 102 1 0 23.515485
|
||||
1342776553.352098 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 101 1 0 45.781247
|
||||
1342776553.352098 3PKsZ2Uye21 10.1.1.234 51411 10.10.5.85 502 103 0 1 69.296732
|
||||
#close 2012-11-06-00-51-23
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path modbus
|
||||
#open 2012-11-12-21-51-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p func exception
|
||||
#types time string addr port addr port string string
|
||||
1342774775.305761 UWkUyAuUGXf 10.1.1.234 51411 10.10.5.104 502 READ_INPUT_REGISTERS -
|
||||
1342775209.493066 arKYeMETxOg 10.1.1.234 51411 10.10.5.104 502 READ_INPUT_REGISTERS -
|
||||
1342776371.617757 nQcgTWjvg4c 10.1.1.234 51411 10.10.5.104 502 READ_INPUT_REGISTERS -
|
||||
#close 2012-11-12-21-51-15
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=1119, pid=0, uid=255, function_code=4], 900, 147
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=2606, pid=0, uid=255, function_code=4], [0, 0, 0, 0, 0, 0, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=12993, pid=0, uid=255, function_code=4], 400, 100
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=17667, pid=0, uid=255, function_code=4], [49, 18012, 51, 42, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 54324, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 69, 63, 64, 65, 66, 67, 68, 49, 189, 51, 52, 53, 54, 4151, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 136, 49, 50, 51, 212, 53, 54, 170, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
79
testing/btest/Baseline/signatures.dpd/dpd-ipv4.out
Normal file
79
testing/btest/Baseline/signatures.dpd/dpd-ipv4.out
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
dpd_config, {
|
||||
|
||||
}
|
||||
signature_match [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp] - matched my_ftp_client
|
||||
ftp_reply 199.233.217.249:21 - 220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20100320) ready.
|
||||
ftp_request 141.142.220.235:50003 - USER anonymous
|
||||
ftp_reply 199.233.217.249:21 - 331 Guest login ok, type your name as password.
|
||||
signature_match [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp] - matched my_ftp_server
|
||||
ftp_request 141.142.220.235:50003 - PASS test
|
||||
ftp_reply 199.233.217.249:21 - 230
|
||||
ftp_reply 199.233.217.249:21 - 0 The NetBSD Project FTP Server located in Redwood City, CA, USA
|
||||
ftp_reply 199.233.217.249:21 - 0 1 Gbps connectivity courtesy of , ,
|
||||
ftp_reply 199.233.217.249:21 - 0 Internet Systems Consortium WELCOME! /( )`
|
||||
ftp_reply 199.233.217.249:21 - 0 \ \___ / |
|
||||
ftp_reply 199.233.217.249:21 - 0 +--- Currently Supported Platforms ----+ /- _ `-/ '
|
||||
ftp_reply 199.233.217.249:21 - 0 | acorn[26,32], algor, alpha, amd64, | (/\/ \ \ /\
|
||||
ftp_reply 199.233.217.249:21 - 0 | amiga[,ppc], arc, atari, bebox, | / / | ` \
|
||||
ftp_reply 199.233.217.249:21 - 0 | cats, cesfic, cobalt, dreamcast, | O O ) / |
|
||||
ftp_reply 199.233.217.249:21 - 0 | evb[arm,mips,ppc,sh3], hp[300,700], | `-^--'`< '
|
||||
ftp_reply 199.233.217.249:21 - 0 | hpc[arm,mips,sh], i386, | (_.) _ ) /
|
||||
ftp_reply 199.233.217.249:21 - 0 | ibmnws, iyonix, luna68k, | .___/` /
|
||||
ftp_reply 199.233.217.249:21 - 0 | mac[m68k,ppc], mipsco, mmeye, | `-----' /
|
||||
ftp_reply 199.233.217.249:21 - 0 | mvme[m68k,ppc], netwinders, | <----. __ / __ \
|
||||
ftp_reply 199.233.217.249:21 - 0 | news[m68k,mips], next68k, ofppc, | <----|====O)))==) \) /====
|
||||
ftp_reply 199.233.217.249:21 - 0 | playstation2, pmax, prep, sandpoint, | <----' `--' `.__,' \
|
||||
ftp_reply 199.233.217.249:21 - 0 | sbmips, sgimips, shark, sparc[,64], | | |
|
||||
ftp_reply 199.233.217.249:21 - 0 | sun[2,3], vax, x68k, xen | \ /
|
||||
ftp_reply 199.233.217.249:21 - 0 +--------------------------------------+ ______( (_ / \_____
|
||||
ftp_reply 199.233.217.249:21 - 0 See our website at http://www.NetBSD.org/ ,' ,-----' | \
|
||||
ftp_reply 199.233.217.249:21 - 0 We log all FTP transfers and commands. `--{__________) (FL) \/
|
||||
ftp_reply 199.233.217.249:21 - 0 230-
|
||||
ftp_reply 199.233.217.249:21 - 0 EXPORT NOTICE
|
||||
ftp_reply 199.233.217.249:21 - 0
|
||||
ftp_reply 199.233.217.249:21 - 0 Please note that portions of this FTP site contain cryptographic
|
||||
ftp_reply 199.233.217.249:21 - 0 software controlled under the Export Administration Regulations (EAR).
|
||||
ftp_reply 199.233.217.249:21 - 0
|
||||
ftp_reply 199.233.217.249:21 - 0 None of this software may be downloaded or otherwise exported or
|
||||
ftp_reply 199.233.217.249:21 - 0 re-exported into (or to a national or resident of) Cuba, Iran, Libya,
|
||||
ftp_reply 199.233.217.249:21 - 0 Sudan, North Korea, Syria or any other country to which the U.S. has
|
||||
ftp_reply 199.233.217.249:21 - 0 embargoed goods.
|
||||
ftp_reply 199.233.217.249:21 - 0
|
||||
ftp_reply 199.233.217.249:21 - 0 By downloading or using said software, you are agreeing to the
|
||||
ftp_reply 199.233.217.249:21 - 0 foregoing and you are representing and warranting that you are not
|
||||
ftp_reply 199.233.217.249:21 - 0 located in, under the control of, or a national or resident of any
|
||||
ftp_reply 199.233.217.249:21 - 0 such country or on any such list.
|
||||
ftp_reply 199.233.217.249:21 - 230 Guest login ok, access restrictions apply.
|
||||
ftp_request 141.142.220.235:50003 - SYST
|
||||
ftp_reply 199.233.217.249:21 - 215 UNIX Type: L8 Version: NetBSD-ftpd 20100320
|
||||
ftp_request 141.142.220.235:50003 - PASV
|
||||
ftp_reply 199.233.217.249:21 - 227 Entering Passive Mode (199,233,217,249,221,90)
|
||||
ftp_request 141.142.220.235:50003 - LIST
|
||||
ftp_reply 199.233.217.249:21 - 150 Opening ASCII mode data connection for '/bin/ls'.
|
||||
ftp_reply 199.233.217.249:21 - 226 Transfer complete.
|
||||
ftp_request 141.142.220.235:50003 - TYPE I
|
||||
ftp_reply 199.233.217.249:21 - 200 Type set to I.
|
||||
ftp_request 141.142.220.235:50003 - PASV
|
||||
ftp_reply 199.233.217.249:21 - 227 Entering Passive Mode (199,233,217,249,221,91)
|
||||
ftp_request 141.142.220.235:50003 - RETR robots.txt
|
||||
ftp_reply 199.233.217.249:21 - 150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
|
||||
ftp_reply 199.233.217.249:21 - 226 Transfer complete.
|
||||
ftp_request 141.142.220.235:50003 - TYPE A
|
||||
ftp_reply 199.233.217.249:21 - 200 Type set to A.
|
||||
ftp_request 141.142.220.235:50003 - PORT 141,142,220,235,131,46
|
||||
ftp_reply 199.233.217.249:21 - 200 PORT command successful.
|
||||
ftp_request 141.142.220.235:50003 - LIST
|
||||
ftp_reply 199.233.217.249:21 - 150 Opening ASCII mode data connection for '/bin/ls'.
|
||||
ftp_reply 199.233.217.249:21 - 226 Transfer complete.
|
||||
ftp_request 141.142.220.235:50003 - TYPE I
|
||||
ftp_reply 199.233.217.249:21 - 200 Type set to I.
|
||||
ftp_request 141.142.220.235:50003 - PORT 141,142,220,235,147,203
|
||||
ftp_reply 199.233.217.249:21 - 200 PORT command successful.
|
||||
ftp_request 141.142.220.235:50003 - RETR robots.txt
|
||||
ftp_reply 199.233.217.249:21 - 150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
|
||||
ftp_reply 199.233.217.249:21 - 226 Transfer complete.
|
||||
ftp_request 141.142.220.235:50003 - QUIT
|
||||
ftp_reply 199.233.217.249:21 - 221
|
||||
ftp_reply 199.233.217.249:21 - 0 Data traffic for this session was 154 bytes in 2 files.
|
||||
ftp_reply 199.233.217.249:21 - 0 Total traffic for this session was 4037 bytes in 4 transfers.
|
||||
ftp_reply 199.233.217.249:21 - 221 Thank you for using the FTP service on ftp.NetBSD.org.
|
||||
100
testing/btest/Baseline/signatures.dpd/dpd-ipv6.out
Normal file
100
testing/btest/Baseline/signatures.dpd/dpd-ipv6.out
Normal file
|
|
@ -0,0 +1,100 @@
|
|||
dpd_config, {
|
||||
|
||||
}
|
||||
signature_match [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp] - matched my_ftp_client
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20100320) ready.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - USER anonymous
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 331 Guest login ok, type your name as password.
|
||||
signature_match [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp] - matched my_ftp_server
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - PASS test
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 230
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 The NetBSD Project FTP Server located in Redwood City, CA, USA
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 1 Gbps connectivity courtesy of , ,
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 Internet Systems Consortium WELCOME! /( )`
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 \ \___ / |
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 +--- Currently Supported Platforms ----+ /- _ `-/ '
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | acorn[26,32], algor, alpha, amd64, | (/\/ \ \ /\
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | amiga[,ppc], arc, atari, bebox, | / / | ` \
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | cats, cesfic, cobalt, dreamcast, | O O ) / |
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | evb[arm,mips,ppc,sh3], hp[300,700], | `-^--'`< '
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | hpc[arm,mips,sh], i386, | (_.) _ ) /
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | ibmnws, iyonix, luna68k, | .___/` /
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | mac[m68k,ppc], mipsco, mmeye, | `-----' /
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | mvme[m68k,ppc], netwinders, | <----. __ / __ \
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | news[m68k,mips], next68k, ofppc, | <----|====O)))==) \) /====
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | playstation2, pmax, prep, sandpoint, | <----' `--' `.__,' \
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | sbmips, sgimips, shark, sparc[,64], | | |
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 | sun[2,3], vax, x68k, xen | \ /
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 +--------------------------------------+ ______( (_ / \_____
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 See our website at http://www.NetBSD.org/ ,' ,-----' | \
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 We log all FTP transfers and commands. `--{__________) (FL) \/
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 230-
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 EXPORT NOTICE
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 Please note that portions of this FTP site contain cryptographic
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 software controlled under the Export Administration Regulations (EAR).
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 None of this software may be downloaded or otherwise exported or
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 re-exported into (or to a national or resident of) Cuba, Iran, Libya,
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 Sudan, North Korea, Syria or any other country to which the U.S. has
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 embargoed goods.
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 By downloading or using said software, you are agreeing to the
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 foregoing and you are representing and warranting that you are not
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 located in, under the control of, or a national or resident of any
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 such country or on any such list.
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 230 Guest login ok, access restrictions apply.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - SYST
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 215 UNIX Type: L8 Version: NetBSD-ftpd 20100320
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - FEAT
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 211 Features supported
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 MDTM
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 MLST Type*;Size*;Modify*;Perm*;Unique*;
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 REST STREAM
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 SIZE
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 TVFS
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 211 End
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - PWD
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 257 "/" is the current directory.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - EPSV
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 229 Entering Extended Passive Mode (|||57086|)
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - LIST
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 150 Opening ASCII mode data connection for '/bin/ls'.
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 226 Transfer complete.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - EPSV
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 229 Entering Extended Passive Mode (|||57087|)
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - NLST
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 150 Opening ASCII mode data connection for 'file list'.
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 226 Transfer complete.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - TYPE I
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 200 Type set to I.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - SIZE robots.txt
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 213 77
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - EPSV
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 229 Entering Extended Passive Mode (|||57088|)
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - RETR robots.txt
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 226 Transfer complete.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - MDTM robots.txt
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 213 20090816112038
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - SIZE robots.txt
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 213 77
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49189|
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 200 EPRT command successful.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - RETR robots.txt
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 226 Transfer complete.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - MDTM robots.txt
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 213 20090816112038
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - TYPE A
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 200 Type set to A.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49190|
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 200 EPRT command successful.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - LIST
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 150 Opening ASCII mode data connection for '/bin/ls'.
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 226 Transfer complete.
|
||||
ftp_request [2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185 - QUIT
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 221
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 Data traffic for this session was 154 bytes in 2 files.
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 0 Total traffic for this session was 4512 bytes in 5 transfers.
|
||||
ftp_reply [2001:470:4867:99::21]:21 - 221 Thank you for using the FTP service on ftp.NetBSD.org.
|
||||
3
testing/btest/Baseline/signatures.dpd/nosig-ipv4.out
Normal file
3
testing/btest/Baseline/signatures.dpd/nosig-ipv4.out
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
dpd_config, {
|
||||
|
||||
}
|
||||
3
testing/btest/Baseline/signatures.dpd/nosig-ipv6.out
Normal file
3
testing/btest/Baseline/signatures.dpd/nosig-ipv6.out
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
dpd_config, {
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - dst-ip-eq-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - dst-ip-eq
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - dst-ip-ne-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - dst-ip-ne
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - dst-ip-eq-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - dst-ip-eq
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - dst-ip-ne-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - dst-ip-ne
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-ip-eq-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-ip-eq
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-ip-ne-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-ip-ne
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-ip-eq-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-ip-eq
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-ip-ne-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-ip-ne
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-port-eq
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - dst-port-eq-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - dst-port-eq
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-port-gt
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-port-gte1
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-port-gte2
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-port-lt
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-port-lte1
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-port-lte2
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-port-ne-list
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - dst-port-ne
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - icmp
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=128/icmp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=129/icmp] - icmp6
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - ip-mask
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - ip
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] - ip6
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/tcp, resp_h=127.0.0.1, resp_p=80/tcp] - tcp
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - udp
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - val-mask
|
||||
1
testing/btest/Baseline/signatures.id-lookup/id.out
Normal file
1
testing/btest/Baseline/signatures.id-lookup/id.out
Normal file
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - id
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=128/icmp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=129/icmp] - icmp6
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=192.168.1.100, orig_p=8/icmp, resp_h=192.168.1.101, resp_p=0/icmp] - icmp
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/tcp, resp_h=127.0.0.1, resp_p=80/tcp] - tcp
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/tcp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=80/tcp] - tcp
|
||||
|
|
@ -0,0 +1 @@
|
|||
signature_match [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - udp
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue