mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 07:38:19 +00:00
c564f545c0
* New BiF named: decode_netbios_name_type * \x01 and \x02 are now decoded because I saw those bytes being actively used in names.
18 lines
442 B
Text
18 lines
442 B
Text
#
|
|
# @TEST-EXEC: bro %INPUT >out
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
event bro_init()
|
|
{
|
|
local names_to_decode = set(
|
|
"ejfdebfeebfacacacacacacacacacaaa", # ISATAP
|
|
"fhepfcelehfcepfffacacacacacacabl", # WORKGROUP
|
|
"abacfpfpenfdecfcepfhfdeffpfpacab", # \001\002__MSBROWSE__\002
|
|
"enebfcfeejeocacacacacacacacacaad"); # MARTIN
|
|
|
|
for ( name in names_to_decode )
|
|
{
|
|
print decode_netbios_name(name);
|
|
print decode_netbios_name_type(name);
|
|
}
|
|
}
|