smtp: use simulate-ips and update test

author Shivani Bhardwaj <shivanib134@gmail.com>

Thu, 6 Jul 2023 13:18:37 +0000 (18:48 +0530)

committer Shivani Bhardwaj <shivanib134@gmail.com>

Sat, 8 Jul 2023 03:54:34 +0000 (09:24 +0530)
author Shivani Bhardwaj <shivanib134@gmail.com>
Thu, 6 Jul 2023 13:18:37 +0000 (18:48 +0530)
committer Shivani Bhardwaj <shivanib134@gmail.com>
Sat, 8 Jul 2023 03:54:34 +0000 (09:24 +0530)
diff --git a/tests/smtp-long-DATA-line/test.yaml b/tests/smtp-long-DATA-line/test.yaml

index 05cd8241eb455e748a2b210bbe0c6d8eeb83e7ac..483b8c0de158903285b7ee15ad370a3779f0b85d 100644 (file)
--- a/tests/smtp-long-DATA-line/test.yaml
+++ b/tests/smtp-long-DATA-line/test.yaml
@@ -4,101 +4,58 @@ requires:
  
  args:
  - -k none
+- --simulate-ips
  
  checks:
  - filter:
      count: 1
      match:
-      anomaly.app_proto: smtp
        anomaly.event: APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION
-      anomaly.layer: proto_detect
-      anomaly.type: applayer
-      dest_ip: 192.168.1.4
-      dest_port: 3326
        event_type: anomaly
-      pcap_cnt: 6
-      proto: TCP
-      src_ip: 217.12.11.66
-      src_port: 587
  - filter:
      count: 1
      match:
        anomaly.app_proto: smtp
        anomaly.event: MIME_LONG_LINE
-      anomaly.layer: proto_parser
-      anomaly.type: applayer
-      dest_ip: 192.168.1.4
-      dest_port: 3326
        event_type: anomaly
-      proto: TCP
-      src_ip: 217.12.11.66
-      src_port: 587
-      tx_id: 0
  - filter:
      count: 1
      match:
        anomaly.app_proto: smtp
        anomaly.event: MIME_LONG_ENC_LINE
-      anomaly.layer: proto_parser
-      anomaly.type: applayer
-      dest_ip: 192.168.1.4
-      dest_port: 3326
        event_type: anomaly
-      proto: TCP
-      src_ip: 217.12.11.66
-      src_port: 587
-      tx_id: 0
  - filter:
      count: 1
      match:
-      dest_ip: 217.12.11.66
-      dest_port: 587
        email.attachment[0]: winmail.dat
        email.from: '"Xxxxxx xxxx" <xxxxxx@xxxxx.co.uk>'
        email.status: PARSE_DONE
        email.to[0]: <xxxxxx@xxxxx.co.uk>
        event_type: smtp
-      pcap_cnt: 40
-      proto: TCP
        smtp.helo: Percival
        smtp.mail_from: <xxxxxx@xxxxx.co.uk>
        smtp.rcpt_to[0]: <xxxxxx@xxxxx.co.uk>
-      src_ip: 192.168.1.4
-      src_port: 3326
-      tx_id: 0
  - filter:
      count: 1
      match:
        app_proto: smtp
-      dest_ip: 217.12.11.66
-      dest_port: 587
        email.attachment[0]: winmail.dat
        email.from: '"Xxxxxx xxxx" <xxxxxx@xxxxx.co.uk>'
-      email.status: PARSE_DONE
        email.to[0]: <xxxxxx@xxxxx.co.uk>
        event_type: fileinfo
        fileinfo.filename: winmail.dat
        fileinfo.gaps: false
-      fileinfo.size: 10383
+      fileinfo.size: 10451
        fileinfo.state: CLOSED
        fileinfo.stored: true
-      fileinfo.sha256: "81d7ff46d57b5e79df686a72c160225d644e43c47c219f6bbdc5a6699df702d5"
+      fileinfo.sha256: "c14d632ab473fb815381a33bc29103fe34a2bea0e3451a9eae8c6dc0bee2f3eb"
        fileinfo.tx_id: 0
-      pcap_cnt: 42
-      proto: TCP
        smtp.helo: Percival
        smtp.mail_from: <xxxxxx@xxxxx.co.uk>
        smtp.rcpt_to[0]: <xxxxxx@xxxxx.co.uk>
-      src_ip: 192.168.1.4
-      src_port: 3326
  - filter:
      count: 1
      match:
-      dest_ip: 217.12.11.66
-      dest_port: 587
        event_type: smtp
-      proto: TCP
        smtp.helo: Percival
-      src_ip: 192.168.1.4
-      src_port: 3326
        tx_id: 1
author	Shivani Bhardwaj <shivanib134@gmail.com>
	Thu, 6 Jul 2023 13:18:37 +0000 (18:48 +0530)
committer	Shivani Bhardwaj <shivanib134@gmail.com>
	Sat, 8 Jul 2023 03:54:34 +0000 (09:24 +0530)