Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base/protocols
History
Seth Hall bbedb73a45 Huge updates to the RDP analyzer from Josh Liburdi. 
- More data pulled into scriptland.
  - Logs expanded with client screen resolution and desired color depth.
  - Values in UTF-16 on the wire are converted to UTF-8 before being
    sent to scriptland.
  - If the RDP turns into SSL records, we now pass data that appears
    to be SSL to the PIA analyzer.
  - If RDP uses native encryption with X.509 certs we pass those
    certs to the files framework and the base scripts pass them forward
    to the X.509 analyzer.
  - Lots of cleanup and adjustment to fit the documented protocol
    a bit better.
  - Cleaned up the DPD signatures.
  - Moved to flowunit instead of datagram.
  - Added tests.
2015-03-04 13:12:03 -05:00
..
conn Add README files for base/protocols 2013-10-17 12:47:32 -05:00
dhcp Deprecate split* family of BIFs. 2015-01-21 15:34:42 -06:00
dnp3 add test trace in which DNP3 packets are over UDP; update test scripts and baseline results 2015-01-07 15:04:22 -06:00
dns BIT-1156: Fix parsing of DNS TXT RRs w/ multiple character-strings. 2014-04-24 16:20:01 -05:00
ftp Deprecate split* family of BIFs. 2015-01-21 15:34:42 -06:00
http Deprecate split* family of BIFs. 2015-01-21 15:34:42 -06:00
irc Updates the files event api and brings file reassembly up to master. 2014-09-26 00:40:37 -04:00
modbus Add README files for base/protocols 2013-10-17 12:47:32 -05:00
mysql Merge remote-tracking branch 'origin/topic/vladg/mysql' 2015-01-14 14:21:00 -08:00
pop3 Add README files for base/protocols 2013-10-17 12:47:32 -05:00
radius Merge remote-tracking branch 'origin/topic/vladg/radius' into topic/robin/radius-merge 2014-05-15 11:39:05 -07:00
rdp Huge updates to the RDP analyzer from Josh Liburdi. 2015-03-04 13:12:03 -05:00
smtp Deprecate split* family of BIFs. 2015-01-21 15:34:42 -06:00
snmp Clean up base SNMP script. Mostly docs, some logic refactors. 2014-05-02 12:36:02 -05:00
socks Refactor SOCKS5 user/pass authentication support. 2015-02-12 17:06:38 -06:00
ssh Remove resp_size from the log. Refactor when we write out to the log a bit. Geodata now works reliably. 2013-11-05 11:58:00 -05:00
ssl small changes to ec curve names in a newer draft 2015-01-13 08:38:18 -08:00
syslog Add README files for base/protocols 2013-10-17 12:47:32 -05:00
tunnels Moved DPD signatures into script specific directories. 2013-07-09 22:44:55 -04:00