Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/Traces
History
Robin Sommer a9979d56a4 Merge remote-tracking branch 'origin/topic/vladg/file-analysis-exe-analyzer' 
* origin/topic/vladg/file-analysis-exe-analyzer: (31 commits)
  Tweak the PE OS versions based on real-world traffic.
  Update pe/main.bro to user register_for_mime_types, ensuring it will also work with the upcoming Files framework changes.
  A bit of final core-level cleanup.
  A bit of final script cleanup.
  Update baselines.
  Add a btest for the PE analyzer.
  Add a PE memleak test, and fix a memleak.
  Documentation and a bit of overall cleanup.
  Add data about which tables are present.
  Remove the .idata parsing, as it can be more complicated in some cases.
  Fix a PE analyzer failure where the IAT isn't aligned with a section boundary.
  PE: Rehash the log a bit.
  Make base_of_data optional.
  Fix support for PE32+ files.
  PE Analyzer cleanup.
  Checkpoint - Import Address Table being parsed.
  Some changes to fix PE analyzer on master.
  Parse PE section headers.
  Updated PE analyzer to work with changes in master.
  In progress checkpoint.  Things are starting to work.
  ...

BIT-1369 #merged
2015-04-20 19:23:31 -07:00
..
chksums Change ICMPv6 checksum calculation to use IP_Hdr wrapper. 2012-04-10 11:37:08 -05:00
dhcp DHCP: Adding unit tests. 2013-07-31 17:30:56 -04:00
dnp3 add test trace in which DNP3 packets are over UDP; update test scripts and baseline results 2015-01-07 15:04:22 -06:00
ftp Fix reassembly of data w/ sizes beyond 32-bit capacities (BIT-348). 2014-04-09 13:03:24 -05:00
http Fix an issue with packet loss in http file reporting. 2015-04-08 13:39:42 -04:00
icmp BIT-342: add "icmp_sent_payload" event. 2015-03-18 16:16:24 -05:00
mobile-ipv6 Add support for mobile IPv6 Mobility Header (RFC 6275). 2012-04-09 14:39:00 -05:00
modbus Merge remote-tracking branch 'origin/topic/robin/modbus-events-merge' 2014-07-22 17:34:11 -07:00
mysql Add a btest for the Wireshark sample MySQL PCAP 2014-08-08 15:02:18 -05:00
pe Add a PE memleak test, and fix a memleak. 2015-04-19 20:22:42 -04:00
radius Radius functionality and memleak test. 2014-05-15 11:49:03 -04:00
rdp Huge updates to the RDP analyzer from Josh Liburdi. 2015-03-04 13:12:03 -05:00
snmp Add SNMP datagram parsing support. 2014-02-18 14:41:32 -06:00
ssh Updates related to SSH analysis. 2015-03-30 11:30:48 -05:00
tcp Improve analysis of TCP SYN/SYN-ACK reversal situations. 2014-03-11 17:03:59 -05:00
tls Merge remote-tracking branch 'origin/master' into topic/johanna/dtls 2015-03-18 12:25:39 -07:00
trunc Remove unnecessary assert in ICMP analyzer (addresses #822). 2012-05-29 17:29:11 -05:00
tunnels BIT-867 - Support GRE tunnel decapsulation. 2014-01-16 16:03:04 -06:00
conn-size.trace Merge of Gregor's conn-size branch. 2011-05-09 17:14:31 -07:00
dns-dnskey.trace Adding a trace with a DNSKEY RR. 2013-07-29 14:08:33 -07:00
dns-inverse-query.trace Change dns.log to include only standard DNS queries. 2014-01-28 13:56:22 -06:00
dns-tsig.trace Fix possible buffer over-read in DNS TSIG parsing 2014-09-02 14:22:26 -05:00
dns-two-responses.trace Fixing a dns reporter message in master. 2013-07-18 09:24:22 -04:00
dns-txt-multiple.trace Merge remote-tracking branch 'origin/topic/jsiwek/bit-1156' 2014-04-24 16:36:47 -07:00
dns-zero-RRs.trace Fix for DNS log problem when a DNS response is seen with 0 RRs. 2012-10-05 13:48:49 -04:00
dns53.pcap BIT-788: use DNS QR field to better identify flow direction. 2015-03-19 11:53:40 -05:00
empty.trace Porting the istate tests to btest. 2011-03-29 21:46:06 -07:00
globus-url-copy.trace Add an example of a GridFTP data channel detection script. 2012-10-01 12:32:24 -05:00
ip6_esp.trace Fix ipv6_ext_headers event and add routing0_data_to_addrs BIF. 2012-03-14 10:31:08 -05:00
ipv6-fragmented-dns.trace Add unit test for IPv6 fragment reassembly. 2012-03-12 15:26:51 -05:00
ipv6-hbh-routing0.trace Improve handling of IPv6 routing type 0 extension headers. 2012-03-27 16:05:45 -05:00
ipv6-http-atomic-frag.trace Fix handling of IPv6 atomic fragments. 2012-04-04 15:27:43 -05:00
ipv6_zero_len_ah.trace Fix construction of ip6_ah (Authentication Header) record values. 2012-09-18 16:52:12 -05:00
irc-dcc-send.trace Add IRC unit tests. 2011-07-20 14:49:20 -05:00
mixed-vlan-mpls.trace Support for (mixed) MPLS and VLAN traffic, and a new default BPF 2011-04-29 09:10:43 -07:00
mpls-in-vlan.trace Support for MPLS over VLAN. 2014-02-14 12:07:24 -08:00
nmap-vsn.trace Added a document for the SumStats framework. 2013-11-06 13:52:29 -05:00
port4242.trace Checkpointing the dynamic plugin code. 2013-11-26 14:04:29 -08:00
pppoe.trace Adding a test for PPPoE support. 2012-10-24 01:05:01 -04:00
q-in-q.trace Add support for 802.1ah (Q-in-Q). 2013-03-22 12:38:43 -04:00
rotation.trace Moving trace for rotation test into traces directory. 2012-05-16 18:28:51 -07:00
smtp-one-side-only.trace Fixing SMTP state tracking. 2014-06-10 18:01:38 -07:00
smtp.trace SMTP script refactor. (addresses #509) 2011-07-29 14:55:53 -05:00
socks-auth.pcap Update the SOCKS analyzer to support user/pass login. 2015-02-05 12:44:10 -05:00
socks-with-ssl.trace Updates for the SOCKS analyzer. 2012-06-20 13:58:25 -04:00
socks.trace Updates for the SOCKS analyzer. 2012-06-20 13:58:25 -04:00
syslog-single-udp.trace Porting syslog analyzer as another example. 2013-04-05 13:13:30 -07:00
udp-signature-test.pcap BIT-844: fix UDP payload signatures to match packet-wise 2015-04-06 15:22:26 -05:00
var-services-std-ports.trace Update/improve known-services test. 2011-06-24 11:18:25 -05:00
web.trace Porting the istate tests to btest. 2011-03-29 21:46:06 -07:00
wikipedia.trace Fixing checksums in test trace because Bro now reports them. :-) 2012-12-14 14:48:16 -08:00
workshop_2011_browse.trace Basic cross-referencing UIDs between files, btests, and baselines. 2013-05-07 13:33:38 -04:00
www-odd-url.trace Bugfix for log writer. 2011-09-11 21:33:09 -07:00