mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 12:08:20 +00:00
574bcb0a51
This is a very simple XMPP analyzer that basically only can parse the protocol until the client and server start negotiating a TLS session. At that point, the TLS analyzer is attached. While the basic case seems to be working, I fully expect that I missed something and that this might break in a lot of cases.
11 lines
1.4 KiB
Text
11 lines
1.4 KiB
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path x509
|
|
#open 2015-07-21-18-55-16
|
|
#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len
|
|
#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count
|
|
1437091702.407347 F5Nz2G1vSZQ0QXM2s8 3 0DF4F2 CN=jabber.ccc.de,O=Chaos Computer Club e.V.,L=Hamburg,ST=Hamburg,C=DE emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 1382043019.000000 1445115019.000000 rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - jabber.ccc.de,conference.jabber.ccc.de,jabberd.jabber.ccc.de,pubsub.jabber.ccc.de,vjud.jabber.ccc.de - - - F -
|
|
1437091702.407347 FUw8omi2keRxShDUa 3 00 emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 1049027389.000000 1995712189.000000 rsaEncryption md5WithRSAEncryption rsa 4096 65537 - - - - - T -
|
|
#close 2015-07-21-18-55-16
|