Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
19555 commits 386 branches 195 tags 256 MiB
Commit graph

68 commits

Author SHA1 Message Date
Seth Hall
c8818da09a Fix a bug that resulted in recursion in the type system. 
- There is a bit of other minor reorganization cleanup here too.
 2016-03-07 13:50:12 -05:00
Seth Hall
ca58dc84d5 Create an smb_auth.log. 
- Brings the SMB NTLM support all the way to a log.
 - Only support SMB1 right now.
 - A bit more clean up of logged file actions and code organization.
 2016-03-07 11:17:51 -05:00
Seth Hall
462316acdf Prevent some extra smb logging of cmd messages. 2016-03-03 16:33:29 -05:00
Seth Hall
b9afc01d91 Fixed a problem with file names and path names containing nulls. 
This would come up when a string is UTF-16 containing characters
outside of straight ASCII.  The file analysis framework uses
CheckString to create file IDs which can't cope with the NULL bytes.
 2016-03-03 15:52:34 -05:00
Seth Hall
e02c612742 Fix some SMB1 "field missing" expression errors. 2016-03-03 15:31:26 -05:00
Seth Hall
d453dc149c A lot of changes to SMB analyzer. 
- Add beginning of infrastructure for pipe support in SMB2.
 - Improve identification of non-file tree mappings.
 - Stop passing pipe data to the file analysis framework.
 - Reduce log volume in smb_files.log by watching for repeated
   files being seen so that you don't end up with nearly
   the exact same log line over and over and over.
 - Lots of little whitespace and indentation changes.
 2016-03-03 14:27:15 -05:00
Seth Hall
41e2eaa02d Source clean up and some fixes for SMB. 
- Remove the separate string handling for NTLM.
 - Fixed a crash in RPC Bind handling when no context
   elements are included.
 2016-03-01 14:16:45 -05:00
Seth Hall
2e2fb6831f Merge remote-tracking branch 'origin/topic/vladg/smb' into topic/seth/smb 
# Conflicts:
#	scripts/base/protocols/smb/files.bro
#	scripts/base/protocols/smb/main.bro
#	scripts/base/protocols/smb/smb1-main.bro
#	scripts/base/protocols/smb/smb2-main.bro
 2016-03-01 11:11:50 -05:00
Seth Hall
dbb5992f43 Disable the smb_cmd.log by default. 2016-02-19 00:23:05 -05:00
Vlad Grigorescu
9a73033b19 Redo DCE/RPC code. 2014-10-09 21:06:38 -04:00
Vlad Grigorescu
c4eb7e2377 Add support for TRANSACTION subcommands. 2014-10-08 18:01:55 -04:00
Vlad Grigorescu
10db1b552d Add username tracking 2014-10-08 17:23:20 -04:00
Vlad Grigorescu
f38a580c8c Add support for transaction2 Find_First2. 2014-10-08 16:29:51 -04:00
Vlad Grigorescu
261f6e8c45 Fix a segfault, and add script-level support for some more commands. 2014-10-08 12:06:33 -04:00
Vlad Grigorescu
0d615b0319 Add more SMB subcommands and arguments. Log SMB1 error messages too. 2014-10-07 17:32:01 -04:00
Vlad Grigorescu
a6de23aaa3 Refine transaction2 support, rewrite SMB scripts. 2014-10-07 16:31:02 -04:00
Seth Hall
e4ca588127 Does the initial effort to add the SMB2 SetInfo command and better handle file lengths. 2014-09-27 03:11:01 -04:00
Vlad Grigorescu
6a34de5dd8 SMB & NTLM analyzers. 2014-07-24 21:46:38 -04:00