tests: add test for bug 5783

author Lancer Cheng <b1tg@protonmail.ch>

Wed, 1 Feb 2023 10:45:33 +0000 (10:45 +0000)

committer Victor Julien <victor@inliniac.net>

Fri, 24 Feb 2023 11:53:49 +0000 (12:53 +0100)
author Lancer Cheng <b1tg@protonmail.ch>
Wed, 1 Feb 2023 10:45:33 +0000 (10:45 +0000)
committer Victor Julien <victor@inliniac.net>
Fri, 24 Feb 2023 11:53:49 +0000 (12:53 +0100)
diff --git a/tests/smb2-ntlmssp-negotiateflags/README.md b/tests/smb2-ntlmssp-negotiateflags/README.md

new file mode 100644 (file)

index 0000000..7b78daa
--- /dev/null
+++ b/tests/smb2-ntlmssp-negotiateflags/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test SMB2 NTLM Negotiate Flags
+
+# PCAP
+
+The pcap comes from https://redmine.openinfosecfoundation.org/issues/5783
diff --git a/tests/smb2-ntlmssp-negotiateflags/input.pcap b/tests/smb2-ntlmssp-negotiateflags/input.pcap

new file mode 100644 (file)

index 0000000..3533790

Binary files /dev/null and b/tests/smb2-ntlmssp-negotiateflags/input.pcap differ
diff --git a/tests/smb2-ntlmssp-negotiateflags/test.yaml b/tests/smb2-ntlmssp-negotiateflags/test.yaml

new file mode 100644 (file)

index 0000000..7d3c479
--- /dev/null
+++ b/tests/smb2-ntlmssp-negotiateflags/test.yaml
@@ -0,0 +1,9 @@
+args:
+- -k none
+
+checks:
+  - filter:
+      count: 7
+      match:
+        event_type: smb
+        smb.ntlmssp.version: "10.0 build 10586 rev 15"
author	Lancer Cheng <b1tg@protonmail.ch>
	Wed, 1 Feb 2023 10:45:33 +0000 (10:45 +0000)
committer	Victor Julien <victor@inliniac.net>
	Fri, 24 Feb 2023 11:53:49 +0000 (12:53 +0100)
tests/smb2-ntlmssp-negotiateflags/README.md	[new file with mode: 0644]	patch \| blob
tests/smb2-ntlmssp-negotiateflags/input.pcap	[new file with mode: 0644]	patch \| blob
tests/smb2-ntlmssp-negotiateflags/test.yaml	[new file with mode: 0644]	patch \| blob