Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/testing/btest/Traces
History
Bernhard Amann ea1616bed5 At the moment, SSL connections where the ssl_established event does not fire are not logged. 
That means that, for example, connections that are terminated with an alert during the
handshake never appear in the ssl.log.

This patch changes this behavior - now all ssl connections that fire any event are logged.

The protocol confirmation of the ssl analyzer is moved to the client_hello instead to
the server hello. Furthermore, an additional field is added to ssl.log, which indicates
if a connection has been established or not (which probably indicates a handshake problem).
2014-03-04 14:23:49 -08:00
..
chksums Change ICMPv6 checksum calculation to use IP_Hdr wrapper. 2012-04-10 11:37:08 -05:00
dhcp DHCP: Adding unit tests. 2013-07-31 17:30:56 -04:00
dnp3 added a test case for dnp3 packets with only link layer 2013-08-11 16:02:44 -07:00
ftp Add unit tests for new Bro Manual docs. 2014-01-21 16:01:55 -06:00
http HTTP CONNECT proxy support. 2014-02-12 22:38:59 -05:00
icmp Extract ICMPv6 NDP options and include in ICMP events (addresses #833). 2012-06-26 17:10:00 -05:00
mobile-ipv6 Add support for mobile IPv6 Mobility Header (RFC 6275). 2012-04-09 14:39:00 -05:00
modbus Adjust modbus register array parsing. 2012-11-12 16:40:16 -06:00
tcp Improve gap reporting in TCP connections that never see data. 2014-01-24 16:21:02 -06:00
trunc Remove unnecessary assert in ICMP analyzer (addresses #822). 2012-05-29 17:29:11 -05:00
tunnels BIT-867 - Support GRE tunnel decapsulation. 2014-01-16 16:03:04 -06:00
conn-size.trace Merge of Gregor's conn-size branch. 2011-05-09 17:14:31 -07:00
dns-dnskey.trace Adding a trace with a DNSKEY RR. 2013-07-29 14:08:33 -07:00
dns-inverse-query.trace Change dns.log to include only standard DNS queries. 2014-01-28 13:56:22 -06:00
dns-two-responses.trace Fixing a dns reporter message in master. 2013-07-18 09:24:22 -04:00
dns-zero-RRs.trace Fix for DNS log problem when a DNS response is seen with 0 RRs. 2012-10-05 13:48:49 -04:00
empty.trace Porting the istate tests to btest. 2011-03-29 21:46:06 -07:00
globus-url-copy.trace Add an example of a GridFTP data channel detection script. 2012-10-01 12:32:24 -05:00
ip6_esp.trace Fix ipv6_ext_headers event and add routing0_data_to_addrs BIF. 2012-03-14 10:31:08 -05:00
ipv6-fragmented-dns.trace Add unit test for IPv6 fragment reassembly. 2012-03-12 15:26:51 -05:00
ipv6-hbh-routing0.trace Improve handling of IPv6 routing type 0 extension headers. 2012-03-27 16:05:45 -05:00
ipv6-http-atomic-frag.trace Fix handling of IPv6 atomic fragments. 2012-04-04 15:27:43 -05:00
ipv6_zero_len_ah.trace Fix construction of ip6_ah (Authentication Header) record values. 2012-09-18 16:52:12 -05:00
irc-dcc-send.trace Add IRC unit tests. 2011-07-20 14:49:20 -05:00
mixed-vlan-mpls.trace Support for (mixed) MPLS and VLAN traffic, and a new default BPF 2011-04-29 09:10:43 -07:00
mpls-in-vlan.trace Support for MPLS over VLAN. 2014-02-14 12:07:24 -08:00
nmap-vsn.trace Added a document for the SumStats framework. 2013-11-06 13:52:29 -05:00
pppoe.trace Adding a test for PPPoE support. 2012-10-24 01:05:01 -04:00
q-in-q.trace Add support for 802.1ah (Q-in-Q). 2013-03-22 12:38:43 -04:00
rotation.trace Moving trace for rotation test into traces directory. 2012-05-16 18:28:51 -07:00
smtp.trace SMTP script refactor. (addresses #509) 2011-07-29 14:55:53 -05:00
socks-with-ssl.trace Updates for the SOCKS analyzer. 2012-06-20 13:58:25 -04:00
socks.trace Updates for the SOCKS analyzer. 2012-06-20 13:58:25 -04:00
ssh-on-port-80.trace More analyzer framework tests. 2013-06-02 18:22:08 -07:00
ssl.v3.trace Adding a test for extract-certs-pem.pem. 2013-03-17 13:06:24 -07:00
syslog-single-udp.trace Porting syslog analyzer as another example. 2013-04-05 13:13:30 -07:00
tls-1.2-handshake-failure.trace At the moment, SSL connections where the ssl_established event does not fire are not logged. 2014-03-04 14:23:49 -08:00
tls-conn-with-extensions.trace More bugfixs, cleanup, and test for SSL analyzer 2012-05-03 10:52:24 -04:00
tls1.2.trace Single character fix to correct support for TLS 1.2 (my bad). 2013-07-02 14:49:36 -04:00
var-services-std-ports.trace Update/improve known-services test. 2011-06-24 11:18:25 -05:00
web.trace Porting the istate tests to btest. 2011-03-29 21:46:06 -07:00
wikipedia.trace Fixing checksums in test trace because Bro now reports them. :-) 2012-12-14 14:48:16 -08:00
workshop_2011_browse.trace Basic cross-referencing UIDs between files, btests, and baselines. 2013-05-07 13:33:38 -04:00
www-odd-url.trace Bugfix for log writer. 2011-09-11 21:33:09 -07:00