mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
21 lines
700 B
Text
21 lines
700 B
Text
# This test verifies that given the proper keytab file, the
|
|
# Kerberos analyzer can open the AD ticket in the Negociate
|
|
# Protocol Request and find the user.
|
|
#
|
|
# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h
|
|
#
|
|
# @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab
|
|
# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT
|
|
# @TEST-EXEC: btest-diff .stdout
|
|
|
|
redef KRB::keytab = "smb2_krb.keytab";
|
|
global monitor_ports: set[port] = { 445/tcp, 139/tcp } &redef;
|
|
|
|
event zeek_init() &priority=5{
|
|
Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, monitor_ports);
|
|
}
|
|
|
|
event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options){
|
|
print ticket$authenticationinfo;
|
|
}
|
|
|