Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/testing/btest/Traces
History
Jon Siwek e2dc0092f3 Merge branch 'ntp-rewrite' of https://github.com/mauropalumbo75/zeek 
* 'ntp-rewrite' of https://github.com/mauropalumbo75/zeek: (25 commits)
  update tests baseline
  Apply requested changes: - file dpd.sig and TODO comments for signature protocol detection removed - missing doc field filled in events.bif - rename OpCode and ReqCode fields into op_code and req_code respectively - removed unnecessary child method in NTP.h/.cc - main.zeek and ntp-protocol.pac reformatted
  minor changes in the documentation
  fix some initializations
  fix wrong assignment of control key_id/crypto_checksum
  code clean up
  add extension fields parsing
  add extended mac field with 20 byte digest (+4 byte key id)
  update tests and add a new one for key_id and mac
  fix auth field (key_id and mac) in standard and control msg
  remove old NTP record in init-bare.zeek
  fix key_id and digest (WIP)
  fix wrong Assign with reference_id
  add tests for ntp protocol (finished)
  add tests for ntp protocol (WIP)
  fix problem with time vals
  add ntp records to init-bare.zeek
  update ntp analyzer to val_mgr
  extend and refact script-side of NTP analyzer
  extend and refactor several fields
  ...
2019-06-15 19:11:34 -07:00
..
chksums Change ICMPv6 checksum calculation to use IP_Hdr wrapper. 2012-04-10 11:37:08 -05:00
dce-rpc Fix tracking of DCE-RPC context identifier mappings 2018-08-23 15:11:38 -05:00
dhcp add some dhcp options 2019-05-24 16:52:12 -04:00
dnp3 Change snaplens of a few more tests. 2017-02-03 14:10:11 -08:00
dnssec Merge branch 'fatemabw/bro' of https://github.com/fatemabw/bro into dev/2.7 2018-09-21 16:40:41 -05:00
ftp Fixing FTP cwd getting overlue long. 2016-05-29 08:52:47 -07:00
http BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
icmp BIT-342: add "icmp_sent_payload" event. 2015-03-18 16:16:24 -05:00
ipv4 A set of tests exercising IP defragmentation and TCP reassembly. 2015-07-03 08:40:22 -07:00
krb Fix potential memory leak in Kerberos scripts 2018-09-10 18:06:07 -05:00
mobile-ipv6 Add support for mobile IPv6 Mobility Header (RFC 6275). 2012-04-09 14:39:00 -05:00
modbus BIT-1829: add unit test for modbus parser issue 2018-05-18 09:24:06 -05:00
mount Add unit tests for new MOUNT events -- mount_proc_mnt, mount_proc_umnt, 2018-01-11 17:00:15 -05:00
mysql Add a test with an encrypted MySQL connection 2018-10-29 15:58:06 -05:00
nfs Format print nfs units tests to improve output readability. Add unit 2018-01-11 17:02:47 -05:00
ntp update tests and add a new one for key_id and mac 2019-06-06 16:45:09 +02:00
pe Add a PE memleak test, and fix a memleak. 2015-04-19 20:22:42 -04:00
radius Rework the RADIUS base script. 2017-02-20 00:07:14 -05:00
rdp Huge updates to the RDP analyzer from Josh Liburdi. 2015-03-04 13:12:03 -05:00
rfb Analyzer and bro script for RFB protocol (VNC) 2016-04-11 10:35:00 +02:00
sip Add SIP btests. 2015-04-19 22:25:37 -04:00
smb Merge branch 'smb3-negotiate-response' of https://github.com/mauropalumbo75/zeek 2019-03-21 14:13:21 -07:00
snmp Correct endianness of IP addresses in SNMP. 2016-07-26 15:02:11 -07:00
ssh Add btest for new SSH curve25519 KEX 2017-10-05 14:36:13 -05:00
tcp Change snaplen of test trace from 1,000,000 to 10,000 2017-01-31 13:10:36 -08:00
tls support the newer TLS 1.3 key_share extension. 2019-06-03 14:40:33 +10:00
trunc Fix the ip-broken-header.bro test on macOS 2018-04-23 17:06:01 -05:00
tunnels GH-250: Improve/cleanup VXLAN decapsulation support 2019-03-12 18:15:34 -07:00
arp-leak.pcap Add bad ARP tests 2018-05-18 17:39:53 +02:00
arp-who-has-radiotap.pcap Tests/ARP: fix capture files. 2018-05-18 17:25:55 +02:00
arp-who-has-wlanmon.pcap Tests/ARP: fix capture files. 2018-05-18 17:25:55 +02:00
arp-who-has.pcap ARP: remove unnecessary variables and add testcase 2016-04-27 06:51:04 -07:00
auth_change_session_keys.pcap Fix invalid memory free when using Log::default_field_name_map 2018-09-10 19:06:35 -05:00
cisco-fabric-path.pcap Add Cisco FabricPath support 2018-07-27 16:00:54 -05:00
conn-size.trace Merge of Gregor's conn-size branch. 2011-05-09 17:14:31 -07:00
contentline-irc-5k-line.pcap add a max_line_length flag to ContentLine_Analyzer 2017-11-03 16:25:26 -04:00
dns-caa.pcap Add DNS tests for huge TLL and CAA 2016-04-25 15:43:20 -07:00
dns-huge-ttl.pcap Change snaplens of a few more tests. 2017-02-03 14:10:11 -08:00
dns-inverse-query.trace Change dns.log to include only standard DNS queries. 2014-01-28 13:56:22 -06:00
dns-spf.pcap DNS: Add support for SPF response records 2019-06-14 10:18:37 -05:00
dns-tsig.trace Fix possible buffer over-read in DNS TSIG parsing 2014-09-02 14:22:26 -05:00
dns-two-responses.trace Fixing a dns reporter message in master. 2013-07-18 09:24:22 -04:00
dns-txt-multiple.trace Merge remote-tracking branch 'origin/topic/jsiwek/bit-1156' 2014-04-24 16:36:47 -07:00
dns-zero-RRs.trace Fix for DNS log problem when a DNS response is seen with 0 RRs. 2012-10-05 13:48:49 -04:00
dns53.pcap BIT-788: use DNS QR field to better identify flow direction. 2015-03-19 11:53:40 -05:00
empty.trace Porting the istate tests to btest. 2011-03-29 21:46:06 -07:00
erspan.trace Implement ERSPAN support. 2017-02-03 12:29:22 -08:00
erspanII.pcap Improve ERSPAN Type III support 2019-01-17 18:06:10 -06:00
erspanIII.pcap Added ERSPAN III testing 2019-01-24 14:05:13 +00:00
globus-url-copy.trace Add an example of a GridFTP data channel detection script. 2012-10-01 12:32:24 -05:00
icmp_dot1q.trace Refactor to make bro use a common Packet object. 2015-05-29 10:37:39 -04:00
ip6_esp.trace Fix ipv6_ext_headers event and add routing0_data_to_addrs BIF. 2012-03-14 10:31:08 -05:00
ipv6-fragmented-dns.trace Add unit test for IPv6 fragment reassembly. 2012-03-12 15:26:51 -05:00
ipv6-hbh-routing0.trace Improve handling of IPv6 routing type 0 extension headers. 2012-03-27 16:05:45 -05:00
ipv6-http-atomic-frag.trace Fix handling of IPv6 atomic fragments. 2012-04-04 15:27:43 -05:00
ipv6_zero_len_ah.trace Fix construction of ip6_ah (Authentication Header) record values. 2012-09-18 16:52:12 -05:00
irc-353.pcap Fix IRC names command parsing 2018-09-12 19:47:57 -05:00
irc-basic.trace Merge branch 'master' of https://github.com/marktayl/bro 2016-02-08 13:02:09 -08:00
irc-dcc-send.trace Add IRC unit tests. 2011-07-20 14:49:20 -05:00
irc-whitespace.trace Merge branch 'master' of https://github.com/marktayl/bro 2016-02-12 18:55:25 -08:00
llc.pcap Merge branch 'topic/jgras/mac-logging' of https://github.com/J-Gras/bro 2016-06-06 17:59:34 -07:00
mixed-vlan-mpls.trace Support for (mixed) MPLS and VLAN traffic, and a new default BPF 2011-04-29 09:10:43 -07:00
mpls-in-vlan.trace Support for MPLS over VLAN. 2014-02-14 12:07:24 -08:00
ncp.pcap Migrate NCP analyzer to use latest analyzer API 2018-05-22 16:27:07 -05:00
negative-time.pcap Ignoring packets with negative timestamps. 2016-05-23 13:22:22 -07:00
nflog-http.pcap Merge branch 'master' of https://github.com/rdenniston/zeek 2019-03-19 19:19:02 -07:00
nmap-vsn.trace Added a document for the SumStats framework. 2013-11-06 13:52:29 -05:00
ntp.pcap Fix a couple of problems with signature matching. 2016-10-19 14:23:43 -07:00
port4242.trace Checkpointing the dynamic plugin code. 2013-11-26 14:04:29 -08:00
pppoe-over-qinq.pcap BIT-1950: support PPPoE over QinQ 2018-07-06 08:04:02 -05:00
pppoe.trace Adding a test for PPPoE support. 2012-10-24 01:05:01 -04:00
q-in-q.trace Add support for 802.1ah (Q-in-Q). 2013-03-22 12:38:43 -04:00
radiotap.pcap Improved Radiotap support and a test. 2016-01-19 04:10:44 -05:00
raw_packets.trace Refactor to make bro use a common Packet object. 2015-05-29 10:37:39 -04:00
rotation.trace Moving trace for rotation test into traces directory. 2012-05-16 18:28:51 -07:00
smtp-multi-addr.pcap Added test-case for intel framework matching email 2015-12-16 14:51:02 +01:00
smtp-one-side-only.trace Fixing SMTP state tracking. 2014-06-10 18:01:38 -07:00
smtp.trace Appended smtp.trace with CC: header baseline test 2015-07-26 22:48:31 +03:00
socks-auth.pcap Update the SOCKS analyzer to support user/pass login. 2015-02-05 12:44:10 -05:00
socks-with-ssl.trace Updates for the SOCKS analyzer. 2012-06-20 13:58:25 -04:00
socks.trace Updates for the SOCKS analyzer. 2012-06-20 13:58:25 -04:00
syslog-missing-pri.trace Make Syslog analyzer accept messages that omit Priority 2019-03-14 18:47:32 -07:00
syslog-single-udp.trace Porting syslog analyzer as another example. 2013-04-05 13:13:30 -07:00
udp-multiple-source-ports.pcap GH-173: Support ranges of values for value_list elements in the signature parser 2019-05-23 10:58:04 -07:00
udp-signature-test.pcap BIT-844: fix UDP payload signatures to match packet-wise 2015-04-06 15:22:26 -05:00
var-services-std-ports.trace Update/improve known-services test. 2011-06-24 11:18:25 -05:00
web.trace Porting the istate tests to btest. 2011-03-29 21:46:06 -07:00
wikipedia.trace Fixing checksums in test trace because Bro now reports them. :-) 2012-12-14 14:48:16 -08:00
wlanmon.pcap Add a test for 802.11 monitor mode 2018-05-15 17:59:26 +02:00
workshop_2011_browse.trace Basic cross-referencing UIDs between files, btests, and baselines. 2013-05-07 13:33:38 -04:00
www-odd-url.trace Bugfix for log writer. 2011-09-11 21:33:09 -07:00