zeek/testing/btest/scripts/base/protocols/ntp/ntpmode67.test at e5db1f085c034451d8b1068472554146ab103619 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Jon Siwek e2dc0092f3 Merge branch 'ntp-rewrite' of https://github.com/mauropalumbo75/zeek

* 'ntp-rewrite' of https://github.com/mauropalumbo75/zeek: (25 commits)
  update tests baseline
  Apply requested changes: - file dpd.sig and TODO comments for signature protocol detection removed - missing doc field filled in events.bif - rename OpCode and ReqCode fields into op_code and req_code respectively - removed unnecessary child method in NTP.h/.cc - main.zeek and ntp-protocol.pac reformatted
  minor changes in the documentation
  fix some initializations
  fix wrong assignment of control key_id/crypto_checksum
  code clean up
  add extension fields parsing
  add extended mac field with 20 byte digest (+4 byte key id)
  update tests and add a new one for key_id and mac
  fix auth field (key_id and mac) in standard and control msg
  remove old NTP record in init-bare.zeek
  fix key_id and digest (WIP)
  fix wrong Assign with reference_id
  add tests for ntp protocol (finished)
  add tests for ntp protocol (WIP)
  fix problem with time vals
  add ntp records to init-bare.zeek
  update ntp analyzer to val_mgr
  extend and refact script-side of NTP analyzer
  extend and refactor several fields
  ...

2019-06-15 19:11:34 -07:00

10 lines

279 B

Text

Raw Blame History

 # @TEST-EXEC: zeek -C -r $TRACES/ntp/ntpmode67.pcap %INPUT
 # @TEST-EXEC: btest-diff .stdout
 @load base/protocols/ntp
 event ntp_message(c: connection, is_orig: bool, msg: NTP::Message)
 	{
 	print fmt("ntp_message %s -> %s:%d %s", c$id$orig_h, c$id$resp_h, c$id$resp_p, msg);
 	}