Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add btest for conn_generic_packet_threshold_crossed event

Browse source
This commit is contained in:
Jan Grashoefer 2025-06-30 14:58:18 +02:00
parent b0d2713547
commit d8ee27bdcc
2 changed files with 31 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
testing/btest/Baseline/core.conn-generic-packet-threshold/out Normal file
View file

@ -0,0 +1,15 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
Generic threshold crossed:
new_connection: [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6]
conn_generic_packet_threshold_crossed: [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6]
new_connection: [orig_h=192.168.170.8, orig_p=32795/udp, resp_h=192.168.170.20, resp_p=53/udp, proto=17]
conn_generic_packet_threshold_crossed: [orig_h=192.168.170.8, orig_p=32795/udp, resp_h=192.168.170.20, resp_p=53/udp, proto=17]
new_connection: [orig_h=192.168.170.8, orig_p=32795/udp, resp_h=192.168.170.20, resp_p=53/udp, proto=17]
conn_generic_packet_threshold_crossed: [orig_h=192.168.170.8, orig_p=32795/udp, resp_h=192.168.170.20, resp_p=53/udp, proto=17]
new_connection: [orig_h=192.168.170.8, orig_p=0/unknown, resp_h=192.168.170.56, resp_p=0/unknown, proto=132]
conn_generic_packet_threshold_crossed: [orig_h=192.168.170.8, orig_p=0/unknown, resp_h=192.168.170.56, resp_p=0/unknown, proto=132]
Generic threshold not crossed:
new_connection: [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6]
new_connection: [orig_h=10.87.3.74, orig_p=51871/udp, resp_h=10.87.1.10, resp_p=53/udp, proto=17]
new_connection: [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6]

16
testing/btest/core/conn-generic-packet-threshold.zeek Normal file
View file

@ -0,0 +1,16 @@
# @TEST-EXEC: echo "Generic threshold crossed:" > out
# @TEST-EXEC: zeek -b -C -r $TRACES/http/get.trace %INPUT >> out
# @TEST-EXEC: zeek -b -C -r $TRACES/dns/long-connection.pcap %INPUT >> out
# @TEST-EXEC: zeek -b -C -r $TRACES/communityid/sctp.pcap %INPUT >> out
# @TEST-EXEC: echo "\nGeneric threshold not crossed:" >> out
# @TEST-EXEC: zeek -b -C -r $TRACES/tcp/syn.pcap %INPUT >> out
# @TEST-EXEC: zeek -b -C -r $TRACES/dns/dns-binds.pcap %INPUT >> out
# @TEST-EXEC: zeek -b -C -r $TRACES/http/get.trace %INPUT ConnThreshold::generic_packet_threshold=15 >> out
# @TEST-EXEC: btest-diff out
event new_connection(c: connection)
{ print fmt("new_connection: %s", c$id); }
event conn_generic_packet_threshold_crossed(c: connection)
{ print fmt("conn_generic_packet_threshold_crossed: %s", c$id); }