Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/signatures/tcp-syn-with-payload.zeek
Arne Welzel 85b8c8866b testing/btest/*zeek: Comment all @TEST lines
2025-04-17 16:30:23 +02:00

20 lines
760 B
Text
Raw Blame History

# @TEST-EXEC: zeek -b -s payload-http.sig -r $TRACES/tcp/payload-syn.pcap %INPUT >payload-syn.out
# @TEST-EXEC: zeek -b -s payload-http.sig -r $TRACES/tcp/payload-synack.pcap %INPUT >payload-synack.out
# @TEST-EXEC: zeek -b -s payload-http.sig -r $TRACES/tcp/tcp-fast-open.pcap %INPUT >tcp-fast-open.out
# @TEST-EXEC: btest-diff payload-syn.out
# @TEST-EXEC: btest-diff payload-synack.out
# @TEST-EXEC: btest-diff tcp-fast-open.out
# @TEST-START-FILE payload-http.sig
signature test-signature {
ip-proto == tcp
dst-port = 80
payload /.*passwd/
event "payload of dst-port=80/tcp contains 'passwd'"
}
# @TEST-END-FILE
event signature_match(state: signature_state, msg: string, data: string)
{
print fmt("signature_match %s - %s", state$conn$id, msg);
}
Reference in a new issue View git blame Copy permalink