tests: add basic telnet test

diff --git a/tests/telnet/telnet-01/README.md b/tests/telnet/telnet-01/README.md
new file mode 100644 (file)
index 0000000..38b03f1
--- /dev/null
+++ b/tests/telnet/telnet-01/README.md
@@ -0,0 +1 @@
+https://github.com/markofu/pcaps/blob/master/PracticalPacketAnalysis/ppa-capture-files/telnet.pcap

diff --git a/tests/telnet/telnet-01/suricata.yaml b/tests/telnet/telnet-01/suricata.yaml
new file mode 100644 (file)
index 0000000..3cafd21
--- /dev/null
+++ b/tests/telnet/telnet-01/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - flow
+        - frame
+        - alert

diff --git a/tests/telnet/telnet-01/telnet.pcap b/tests/telnet/telnet-01/telnet.pcap
new file mode 100644 (file)
index 0000000..34515d4
Binary files /dev/null and b/tests/telnet/telnet-01/telnet.pcap differ

diff --git a/tests/telnet/telnet-01/test.rules b/tests/telnet/telnet-01/test.rules
new file mode 100644 (file)
index 0000000..b3106ea
--- /dev/null
+++ b/tests/telnet/telnet-01/test.rules
@@ -0,0 +1 @@
+alert telnet any any -> any any (flow:to_server; frame:data; content:"/sbin/ping www.yahoo.com"; sid:1;)

diff --git a/tests/telnet/telnet-01/test.yaml b/tests/telnet/telnet-01/test.yaml
new file mode 100644 (file)
index 0000000..d32a0ce
--- /dev/null
+++ b/tests/telnet/telnet-01/test.yaml
@@ -0,0 +1,30 @@
+requires:
+  min-version: 7
+
+args:
+ - -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        app_proto: telnet
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        app_proto: telnet
+  - filter:
+      count: 32
+      match:
+        event_type: frame
+        app_proto: telnet
+        frame.type: data
+  - filter:
+      count: 68
+      match:
+        event_type: frame
+        app_proto: telnet
+        frame.type: ctl