Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
10798 commits 386 branches 195 tags 257 MiB
Commit graph

17 commits

Author SHA1 Message Date
Jon Siwek
9c70bcecbc GH-865: fix parsing of SMB NegotiateContextList 
* The compression capability was incorrectly set to 0x0004 instead of 0x0003

* The padding was 4-byte instead of 8-byte aligned and also the spec.
  does not strictly require the padding for the last item in the list.

* Add a default case to handle parsing of unknown context types.
 2020-03-16 19:00:01 -07:00
Jon Siwek
7965dcd041 Convert pcapng test suite files to pcap format 
The former isn't supported by default on OpenBSD.
 2019-11-08 13:08:06 -08:00
Pavel Ershov
de4a83206d Fix for smb3 negotiate context 2019-08-27 12:21:03 +03:00
Jon Siwek
1b76d92e97 Merge branch 'smb3-negotiate-response' of https://github.com/mauropalumbo75/zeek 
* 'smb3-negotiate-response' of https://github.com/mauropalumbo75/zeek:
  added test and pcap files for smb 3.1.1 negotiate-response
  smb3.1.1 additions to negotiate-response command

I made several modifications:

  - Code format, style, naming changes

  - For completeness/correctness, I added parsing support for the remaining
    context type structures.

  - Moved the optional padding before the NegotiateContextList field to
    also require the 0x0311 dialect version (some failures in
    pre-existing unit tests pointed this out as an issue)
 2019-03-21 14:13:21 -07:00
Jon Siwek
9eb5449ecb Merge branch 'smb3-transform-header' of https://github.com/mauropalumbo75/zeek 
* 'smb3-transform-header' of https://github.com/mauropalumbo75/zeek:
  clean up, test and pcap for transform_header added
  added smb2-com-transform-header for smb3.x
 2019-03-20 19:30:32 -07:00
mauro
a346b01a85 clean up, test and pcap for transform_header added 2019-02-21 12:01:02 +01:00
mauro
84afafc512 added test and pcap files for smb_files.log fix 2019-02-14 16:51:50 +01:00
mauro
c9cc1a55b9 added test and pcap files for smb 3.1.1 negotiate-response 2019-02-13 17:39:37 +01:00
Jeffrey Bencteux
015eec8c71 add test for smb1_com_transaction_response event changes 2018-01-19 14:29:31 +01:00
Jeffrey Bencteux
4c0b6e0984 add test for smb1_com_transaction2_secondary_request event changes 2018-01-19 14:29:26 +01:00
Jeffrey Bencteux
4807b7d847 add test for smb1_com_transaction2_request event changes 2018-01-19 14:29:20 +01:00
Jeffrey Bencteux
314e992284 add test for smb1_com_transaction_secondary_request event changes 2018-01-19 14:29:09 +01:00
Jeffrey Bencteux
6d497ea8b0 add test for smb1_com_transaction_request event changes 2018-01-12 13:00:05 +01:00
Seth Hall
a836ece4e6 Including a test for raw NTLM in SMB 2016-10-26 10:41:08 -04:00
Seth Hall
5721db4be7 Lots of cleanup and improvement to DCE/RPC analyzer. 
- It works with DCE/RPC over SMB1+2 now.
   - Using named pipes in 1+2 and the transaction cmd in SMB1.
 - Base scripts based on work by Josh Liburdi.
 - New dce_rpc.log.  Feedback on how to make this log more compact
   and useful would be appreciated.
 2016-04-01 09:38:52 -04:00
Seth Hall
6e842cf4da Fix a problem I introduced with SMB2 file handling. 
- Added an SMB2 test that encompasses the problem.
 2016-03-07 15:36:25 -05:00
Seth Hall
21d8cab0c0 First SMB test. 2016-03-07 13:50:25 -05:00