Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Traces/README
Arne Welzel 5200b84fb3 Merge branch 'sqli-spaces-encode-to-plus' of https://github.com/cooper-grill/zeek 
* 'sqli-spaces-encode-to-plus' of https://github.com/cooper-grill/zeek:
  account for spaces encoding to plus signs in sqli regex detection
2024-10-29 14:08:39 +01:00

37 lines
2.1 KiB
Text
Raw Blame History

These are the trace files that are used by the Zeek test suite.
Note to maintainers: please take care when modifying/removing files from here.
We install these traces with the Zeek distribution and external packages might
depend on them for tests.
Trace Index/Sources:
- modbus/modbus-eit.trace: Sourced from https://www.netresec.com/?page=PCAP4SICS, credit to https://cs3sthlm.se/. The packets in this trace were pulled from the 4SICS-GeekLounge-151021.pcap file.
- [ldap/simpleauth.pcap](https://github.com/arkime/arkime/blob/main/tests/pcap/ldap-simpleauth.pcap)
- ldap/simpleauth-diff-port.pcap: made with
`tcprewrite -r 3268:32681 -i simpleauth.pcap -o simpleauth-diff-port.pcap`
- ldap/krb5-sign-seal-01.pcap: trace is derived from
<https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/ldap-krb5-sign-seal-01.cap>
- the LDAP flow selected (filtered out the Kerberos packets)
- truncated to 10 packets (where packet 10 contains the SASL encrypted LDAP message)
- one `\x30` byte in the ciphertext changed to `\x00`
- ldap/issue-32.pcapng: Provided by GH user martinvanhensbergen,
<https://github.com/zeek/spicy-ldap/issues/23>
- ldap/ctu-sme-11-win7ad-1-ldap-tcp-50041.pcap: Harvested from CTU-SME-11
(Experiment-VM-Microsoft-Windows7AD-1) dataset, filtering on tcp port 389 and port 50041.
https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
- ldap/ldap_invalid_credentials.pcap
Provided by Martin van Hensbergen in issue #3919.
- dns/tkey.pcap: Harvested from CTU-SME-11
(Experiment-VM-Microsoft-Windows7AD-1) dataset, filtering on tcp port 53.
https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
- dns/dynamic-update.pcap: : Harvested from CTU-SME-11
(Experiment-VM-Microsoft-Windows7AD-1) dataset, filtering on tcp port 53.
https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
- pop3/POP3.pcap: Picked up from POP tutorial on tranalyzer.com
https://tranalyzer.com/tutorial/pop
https://tranalyzer.com/download/data/pop3.pcap
- http/cooper-grill-dvwa.pcapng
Provided by cooper-grill on #3995
https://github.com/zeek/zeek/pull/3995
Reference in a new issue View git blame Copy permalink