add a dns test - has pcap for some unit tests

author Jason Ish <ish@unx.ca>

Wed, 14 Jun 2017 16:33:26 +0000 (10:33 -0600)

committer Jason Ish <ish@unx.ca>

Wed, 14 Jun 2017 16:33:26 +0000 (10:33 -0600)
author Jason Ish <ish@unx.ca>
Wed, 14 Jun 2017 16:33:26 +0000 (10:33 -0600)
committer Jason Ish <ish@unx.ca>
Wed, 14 Jun 2017 16:33:26 +0000 (10:33 -0600)
diff --git a/dns-udp-dig-a-www-suricata-ids-org/README.md b/dns-udp-dig-a-www-suricata-ids-org/README.md

new file mode 100644 (file)

index 0000000..ea42c65
--- /dev/null
+++ b/dns-udp-dig-a-www-suricata-ids-org/README.md
@@ -0,0 +1 @@
+Basic DNS test running on valid data.
diff --git a/dns-udp-dig-a-www-suricata-ids-org/check.sh b/dns-udp-dig-a-www-suricata-ids-org/check.sh

new file mode 100755 (executable)

index 0000000..5a4dc5d
--- /dev/null
+++ b/dns-udp-dig-a-www-suricata-ids-org/check.sh
@@ -0,0 +1,15 @@
+#! /bin/sh
+
+. ../functions.sh
+
+n=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l)
+assert_eq 1 $n
+
+n=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l)
+assert_eq 3 $n
+
+n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "CNAME")' | wc -l)
+assert_eq 1 $n
+
+n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "A")' | wc -l)
+assert_eq 3 $n
diff --git a/dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap b/dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap

new file mode 100644 (file)

index 0000000..663a679

Binary files /dev/null and b/dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap differ
author	Jason Ish <ish@unx.ca>
	Wed, 14 Jun 2017 16:33:26 +0000 (10:33 -0600)
committer	Jason Ish <ish@unx.ca>
	Wed, 14 Jun 2017 16:33:26 +0000 (10:33 -0600)
dns-udp-dig-a-www-suricata-ids-org/README.md	[new file with mode: 0644]	patch \| blob
dns-udp-dig-a-www-suricata-ids-org/check.sh	[new file with mode: 0755]	patch \| blob
dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap	[new file with mode: 0644]	patch \| blob