Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
19618 commits 386 branches 195 tags 256 MiB
Commit graph

9 commits

Author SHA1 Message Date
Christian Kreibich
0b674eb851 Baseline refresh to reflect btest 0.64 2020-12-06 20:19:49 -08:00
Johanna Amann
cdb6a1b6e6 Baseline updates after hash function change. 2016-07-13 10:11:37 -07:00
Seth Hall
9592f64225 Update the SOCKS analyzer to support user/pass login. 
- This addresses BIT-1011
 - Add a new field to socks.log; "password".
 - Two new events; socks_login_userpass and socks_login_reply.
 - One new weird for unsupported authentication method.
 - A new test for authenticated socks traffic.
 - Credit to Nicolas Retrain for the initial patch.  Thanks!
 2015-02-05 12:44:10 -05:00
Jon Siwek
22bf3e1196 Increase UIDs to 96 bits w/ C/F prefix - BIT-1016 
- The bit-length is adjustable via redef'ing bits_per_uid.

- Prefix 'C' is used for connection UIDS (including IP tunnels) and
  'F' for files.
 2013-08-26 15:36:31 -05:00
Robin Sommer
1603da5af3 Always apply tcp_connection_attempt. 
Before this change it was only applied when a connection_attempt()
event handler was defined.
 2013-05-01 18:03:52 -07:00
Robin Sommer
1fd0d7a607 Changing the start/end markers in logs to open/close now reflecting 
wall clock.

Triggers lots of (simple) baseline updates.
 2012-07-27 12:15:21 -07:00
Robin Sommer
5cfb8d65c3 Updating tests for the #start/#end change. 2012-07-19 22:28:55 -07:00
Seth Hall
6b8b4dab71 Fixed some problems with the SOCKS analyzer and tests. 2012-06-20 22:57:46 -04:00
Seth Hall
896f252a31 Updates for the SOCKS analyzer. 
- Now supports SOCKSv5 in the analyzer and the DPD sigs.

- Reworked the core events.

- Tests.

- A SOCKS log!
 2012-06-20 13:58:25 -04:00