Adds test about ftp epsv response parsing

author Philippe Antoine <contact@catenacyber.fr>

Tue, 27 Apr 2021 07:15:24 +0000 (09:15 +0200)

committer Philippe Antoine <contact@catenacyber.fr>

Mon, 21 Jun 2021 14:33:23 +0000 (16:33 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Tue, 27 Apr 2021 07:15:24 +0000 (09:15 +0200)
committer Philippe Antoine <contact@catenacyber.fr>
Mon, 21 Jun 2021 14:33:23 +0000 (16:33 +0200)
diff --git a/tests/ftp-epsv/README.md b/tests/ftp-epsv/README.md

new file mode 100644 (file)

index 0000000..df9a306
--- /dev/null
+++ b/tests/ftp-epsv/README.md
@@ -0,0 +1,8 @@
+# Description
+
+Test FTP EPSV response parsing
+
+# PCAP
+
+The pcap comes from https://www.cloudshark.org/captures/abdc8742488f
+(first answer for `ftp epsv pcap`)
diff --git a/tests/ftp-epsv/input.pcap b/tests/ftp-epsv/input.pcap

new file mode 100644 (file)

index 0000000..bf22acc

Binary files /dev/null and b/tests/ftp-epsv/input.pcap differ
diff --git a/tests/ftp-epsv/test.yaml b/tests/ftp-epsv/test.yaml

new file mode 100644 (file)

index 0000000..69848da
--- /dev/null
+++ b/tests/ftp-epsv/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 6.0.0
+
+checks:
+
+  - filter:
+      count: 1
+      match:
+        event_type: ftp
+        ftp.command: "EPSV"
+        ftp.dynamic_port: 58612
author	Philippe Antoine <contact@catenacyber.fr>
	Tue, 27 Apr 2021 07:15:24 +0000 (09:15 +0200)
committer	Philippe Antoine <contact@catenacyber.fr>
	Mon, 21 Jun 2021 14:33:23 +0000 (16:33 +0200)
tests/ftp-epsv/README.md	[new file with mode: 0644]	patch \| blob
tests/ftp-epsv/input.pcap	[new file with mode: 0644]	patch \| blob
tests/ftp-epsv/test.yaml	[new file with mode: 0644]	patch \| blob