Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-client/weird.log
Arne Welzel 4f084b0b9a ssh: Fallback to client or server selected version for parsing 
In half-duplex setups (or when client/server coalesce the SSH version
line with the KEX packet, get_version() would return UNK as version,
causing a protocol violation. Make this slightly more robust by using
and setting the version which either side had set to continue parsing.

For the special case of SSH-1.99, select SSH-2.0. We could try to peak
into the payload following the packet length field and check for
a KEX_INIT type byte to select SSH2 as a heuristic, but not sure how
to accomplish this.

Slight regression fix for 3769ed6c66
which started to require visibility for client and server version
rather than just the client's version.
2024-06-12 16:30:18 +02:00

65 lines
6.1 KiB
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
#types time string addr port addr port string string bool string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.1 57191 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.1 57191 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 192.168.2.1 57191 192.168.2.158 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.1 56821 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.1 56821 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.2.1 56821 192.168.2.158 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.1 56837 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.1 56837 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 192.168.2.1 56837 192.168.2.158 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.1 56845 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.1 56845 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 192.168.2.1 56845 192.168.2.158 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.1 56875 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 192.168.2.1 56875 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 192.168.2.1 56878 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 192.168.2.1 56878 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 192.168.2.1 56878 192.168.2.158 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.1 56940 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.1 56940 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 192.168.2.1 56940 192.168.2.158 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 192.168.2.1 57831 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 192.168.2.1 57831 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 192.168.2.1 57831 192.168.2.158 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 192.168.2.1 59246 192.168.2.158 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 192.168.2.1 59246 192.168.2.158 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 192.168.2.1 59246 192.168.2.158 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.1.32 41164 128.2.10.238 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 192.168.1.32 41164 128.2.10.238 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.1.32 33910 128.2.13.133 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.1.32 33910 128.2.13.133 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 192.168.1.32 33910 128.2.13.133 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.1.32 41268 128.2.10.238 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.1.32 41268 128.2.10.238 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 192.168.1.32 41268 128.2.10.238 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.1.31 52294 192.168.1.32 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.1.31 52294 192.168.1.32 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 192.168.1.31 52294 192.168.1.32 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 192.168.1.31 51489 192.168.1.32 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 192.168.1.31 51489 192.168.1.32 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 192.168.1.31 51489 192.168.1.32 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 inappropriate_FIN - F zeek TCP
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 possible_split_routing - F zeek -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 data_before_established - F zeek TCP
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 inappropriate_FIN - F zeek TCP
#close XXXX-XX-XX-XX-XX-XX
Reference in a new issue View git blame Copy permalink