Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek
Arne Welzel 4f084b0b9a ssh: Fallback to client or server selected version for parsing 
In half-duplex setups (or when client/server coalesce the SSH version
line with the KEX packet, get_version() would return UNK as version,
causing a protocol violation. Make this slightly more robust by using
and setting the version which either side had set to continue parsing.

For the special case of SSH-1.99, select SSH-2.0. We could try to peak
into the payload following the packet length field and check for
a KEX_INIT type byte to select SSH2 as a heuristic, but not sure how
to accomplish this.

Slight regression fix for 3769ed6c66
which started to require visibility for client and server version
rather than just the client's version.
2024-06-12 16:30:18 +02:00

8 lines
310 B
Text
Raw Blame History

# Tests processing of half-duplex server-side connections, including no
# analyzer.log output.
# @TEST-EXEC: zeek -r $TRACES/ssh/ssh.server-side-half-duplex.pcap %INPUT
# @TEST-EXEC: btest-diff analyzer.log
# @TEST-EXEC: btest-diff ssh.log
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff weird.log
Reference in a new issue View git blame Copy permalink