pk/zeek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zeek/testing/btest/scripts/base/protocols/dce-rpc/request-response-stub-events.zeek
Patrick Kelley 8fd444092b initial
2025-05-07 15:35:15 -04:00

29 lines
912 B
Plaintext
Raw Permalink Blame History

# @TEST-EXEC: zeek -b -C -r $TRACES/dce-rpc/cs_window7-join_stream092.pcap %INPUT > out
# @TEST-EXEC: btest-diff out
@load base/protocols/dce-rpc
event dce_rpc_request(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count)
{
print "dce_rpc_request ", c$id, fid, ctx_id, opnum, stub_len;
}
event dce_rpc_request_stub(c: connection, fid: count, ctx_id: count, opnum: count, stub: string)
{
print "dce_rpc_request_stub", c$id, fid, ctx_id, opnum, |stub|;
print bytestring_to_hexstr(stub);
}
event dce_rpc_response(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count)
{
print "dce_rpc_response ", c$id, fid, ctx_id, opnum, stub_len;
}
event dce_rpc_response_stub(c: connection, fid: count, ctx_id: count, opnum: count, stub: string)
{
print "dce_rpc_response_stub", c$id, fid, ctx_id, opnum, |stub|;
print bytestring_to_hexstr(stub);
terminate();
}
Reference in New Issue View Git Blame Copy Permalink