zeek/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test at 78d9e38167662a5b6f04a80c51a6112c99587de2 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00

Seth Hall 5721db4be7 Lots of cleanup and improvement to DCE/RPC analyzer.

- It works with DCE/RPC over SMB1+2 now.
   - Using named pipes in 1+2 and the transaction cmd in SMB1.
 - Base scripts based on work by Josh Liburdi.
 - New dce_rpc.log.  Feedback on how to make this log more compact
   and useful would be appreciated.

2016-04-01 09:38:52 -04:00

5 lines

207 B

Text

Raw Blame History

 # @TEST-EXEC: bro -b -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT
 # @TEST-EXEC: btest-diff dce_rpc.log
 @load base/protocols/dce-rpc
 @load base/protocols/smb