mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 23:28:20 +00:00
e2dc0092f3
* 'ntp-rewrite' of https://github.com/mauropalumbo75/zeek: (25 commits) update tests baseline Apply requested changes: - file dpd.sig and TODO comments for signature protocol detection removed - missing doc field filled in events.bif - rename OpCode and ReqCode fields into op_code and req_code respectively - removed unnecessary child method in NTP.h/.cc - main.zeek and ntp-protocol.pac reformatted minor changes in the documentation fix some initializations fix wrong assignment of control key_id/crypto_checksum code clean up add extension fields parsing add extended mac field with 20 byte digest (+4 byte key id) update tests and add a new one for key_id and mac fix auth field (key_id and mac) in standard and control msg remove old NTP record in init-bare.zeek fix key_id and digest (WIP) fix wrong Assign with reference_id add tests for ntp protocol (finished) add tests for ntp protocol (WIP) fix problem with time vals add ntp records to init-bare.zeek update ntp analyzer to val_mgr extend and refact script-side of NTP analyzer extend and refactor several fields ...
16 lines
1.4 KiB
Text
16 lines
1.4 KiB
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path conn
|
|
#open 2019-06-15-20-36-46
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
|
1055289978.756932 CtPZjS20MLrsMUOJi2 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF - - 0 ShAdDaFf 12 1584 10 2199 CHhAvVGS1DHFjwGM9
|
|
1055289987.055189 CUM0KZ3MLUfNB0cl11 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 - - 0 D 2 122 0 0 CHhAvVGS1DHFjwGM9
|
|
1055289973.849878 C4J4Th3PJpwUYZZ6gc 66.59.111.190 123 18.26.4.105 123 udp ntp 0.074086 48 48 SF - - 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
|
|
1055289992.849231 CP5puj4I8PtEU4qzYg 66.59.111.190 123 66.59.111.182 123 udp ntp 0.056629 48 48 SF - - 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
|
|
1055289996.849099 C37jN32gN3y3AZzyf6 66.59.111.190 123 129.170.17.4 123 udp ntp 0.072374 48 48 SF - - 0 Dd 1 76 1 76 CHhAvVGS1DHFjwGM9
|
|
1055289968.793044 ClEkJM2Vm5giqnMf4h 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - - 0 - 4 336 4 336 CHhAvVGS1DHFjwGM9
|
|
1055289987.106744 CmES5u32sYpV7JYN 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - - 0 - 2 178 0 0 CHhAvVGS1DHFjwGM9
|
|
#close 2019-06-15-20-36-46
|