From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Thu, 12 Nov 2020 11:02:29 +0000 (+0530)
Subject: Add tests for DCERPC/UDP
X-Git-Tag: suricata-6.0.4~218
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6134e27fe0cf1433f4d0996a10248afdcccc1f18;p=thirdparty%2Fsuricata-verify.git

Add tests for DCERPC/UDP
---

diff --git a/tests/dcerpc/dcerpc-udp/input.pcap b/tests/dcerpc/dcerpc-udp/input.pcap
new file mode 100644
index 000000000..f2f6e0ade
Binary files /dev/null and b/tests/dcerpc/dcerpc-udp/input.pcap differ
diff --git a/tests/dcerpc/dcerpc-udp/test.yaml b/tests/dcerpc/dcerpc-udp/test.yaml
new file mode 100644
index 000000000..8c7e3bbdf
--- /dev/null
+++ b/tests/dcerpc/dcerpc-udp/test.yaml
@@ -0,0 +1,240 @@
+requires:
+  min-version: 6.0
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      dcerpc.request: REQUEST_LOST
+      dcerpc.response: UNREPLIED
+      dest_ip: 141.81.0.10
+      dest_port: 33000
+      event_type: dcerpc
+      pcap_cnt: 1169
+      proto: UDP
+      src_ip: 141.81.0.11
+      src_port: 33002
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 3704
+      proto: TCP
+      smb.client_dialects[0]: PC NETWORK PROGRAM 1.0
+      smb.client_dialects[1]: LANMAN1.0
+      smb.client_dialects[2]: Windows for Workgroups 3.1a
+      smb.client_dialects[3]: LM1.2X002
+      smb.client_dialects[4]: LANMAN2.1
+      smb.client_dialects[5]: NT LM 0.12
+      smb.command: SMB1_COMMAND_NEGOTIATE_PROTOCOL
+      smb.dialect: NT LM 0.12
+      smb.id: 1
+      smb.server_guid: d523159e-e4af-4a9e-7b9b-4e318c6f6f36
+      smb.session_id: 0
+      smb.status: STATUS_SUCCESS
+      smb.status_code: '0x0'
+      smb.tree_id: 0
+      src_ip: 141.81.0.182
+      src_port: 4548
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 3709
+      proto: TCP
+      smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
+      smb.dialect: NT LM 0.12
+      smb.id: 2
+      smb.request.native_lm: Windows 2002 5.1
+      smb.request.native_os: Windows 2002 Service Pack 3 2600
+      smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
+      smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
+      smb.session_id: 57346
+      smb.status: STATUS_MORE_PROCESSING_REQUIRED
+      smb.status_code: '0xc0000016'
+      smb.tree_id: 0
+      src_ip: 141.81.0.182
+      src_port: 4548
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 3714
+      proto: TCP
+      smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
+      smb.dialect: NT LM 0.12
+      smb.id: 3
+      smb.ntlmssp.domain: ''
+      smb.ntlmssp.host: PANELPC02
+      smb.ntlmssp.user: ''
+      smb.request.native_lm: Windows 2002 5.1
+      smb.request.native_os: Windows 2002 Service Pack 3 2600
+      smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
+      smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
+      smb.session_id: 57346
+      smb.status: STATUS_SUCCESS
+      smb.status_code: '0x0'
+      smb.tree_id: 0
+      src_ip: 141.81.0.182
+      src_port: 4548
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 3718
+      proto: TCP
+      smb.command: SMB1_COMMAND_TREE_CONNECT_ANDX
+      smb.dialect: NT LM 0.12
+      smb.id: 4
+      smb.named_pipe: \IAS01\IPC$
+      smb.service.request: ?????
+      smb.service.response: IPC
+      smb.session_id: 57346
+      smb.status: STATUS_SUCCESS
+      smb.status_code: '0x0'
+      smb.tree_id: 57349
+      src_ip: 141.81.0.182
+      src_port: 4548
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 3721
+      proto: TCP
+      smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
+      smb.dialect: NT LM 0.12
+      smb.id: 5
+      smb.request.native_lm: Windows 2002 5.1
+      smb.request.native_os: Windows 2002 Service Pack 3 2600
+      smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
+      smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
+      smb.session_id: 12291
+      smb.status: STATUS_MORE_PROCESSING_REQUIRED
+      smb.status_code: '0xc0000016'
+      smb.tree_id: 0
+      src_ip: 141.81.0.182
+      src_port: 4548
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 3729
+      proto: TCP
+      smb.command: SMB1_COMMAND_SESSION_SETUP_ANDX
+      smb.dialect: NT LM 0.12
+      smb.id: 6
+      smb.ntlmssp.domain: PANELPC02
+      smb.ntlmssp.host: PANELPC02
+      smb.ntlmssp.user: Administrator
+      smb.request.native_lm: Windows 2002 5.1
+      smb.request.native_os: Windows 2002 Service Pack 3 2600
+      smb.response.native_lm: Windows Server (R) 2008 Standard 6.0
+      smb.response.native_os: Windows Server (R) 2008 Standard 6002 Service Pack 2
+      smb.session_id: 12291
+      smb.status: STATUS_SUCCESS
+      smb.status_code: '0x0'
+      smb.tree_id: 0
+      src_ip: 141.81.0.182
+      src_port: 4548
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 3731
+      proto: TCP
+      smb.command: SMB1_COMMAND_TREE_CONNECT_ANDX
+      smb.dialect: NT LM 0.12
+      smb.id: 7
+      smb.service.request: ?????
+      smb.session_id: 12291
+      smb.share: \IAS01\ARCHESTRA-ENGWESTBURY-INTOUCHVIEWAPP_PANELPC02
+      smb.status: STATUS_BAD_NETWORK_NAME
+      smb.status_code: '0xc00000cc'
+      smb.tree_id: 0
+      src_ip: 141.81.0.182
+      src_port: 4548
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 3844
+      proto: TCP
+      smb.command: SMB1_COMMAND_LOGOFF_ANDX
+      smb.dialect: NT LM 0.12
+      smb.id: 8
+      smb.session_id: 12291
+      smb.status: STATUS_SUCCESS
+      smb.status_code: '0x0'
+      smb.tree_id: 0
+      src_ip: 141.81.0.182
+      src_port: 4548
+- filter:
+    count: 1
+    match:
+      dcerpc.call_id: 17305
+      dcerpc.interfaces[0].ack_result: 0
+      dcerpc.interfaces[0].uuid: 99fcfec4-5260-101b-bbcb-00aa0021347a
+      dcerpc.interfaces[0].version: '0.0'
+      dcerpc.request: BIND
+      dcerpc.response: BINDACK
+      dcerpc.rpc_version: '5.0'
+      dest_ip: 141.81.0.10
+      dest_port: 135
+      event_type: dcerpc
+      pcap_cnt: 5051
+      proto: TCP
+      src_ip: 141.81.0.187
+      src_port: 3802
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 10846
+      proto: TCP
+      smb.command: SMB1_COMMAND_LOGOFF_ANDX
+      smb.dialect: NT LM 0.12
+      smb.id: 9
+      smb.session_id: 57346
+      smb.status: STATUS_SUCCESS
+      smb.status_code: '0x0'
+      smb.tree_id: 0
+      src_ip: 141.81.0.182
+      src_port: 4548
+- filter:
+    count: 1
+    match:
+      dest_ip: 141.81.0.10
+      dest_port: 139
+      event_type: smb
+      pcap_cnt: 10849
+      proto: TCP
+      smb.command: SMB1_COMMAND_TREE_DISCONNECT
+      smb.dialect: NT LM 0.12
+      smb.id: 10
+      smb.session_id: 57346
+      smb.status: STATUS_SUCCESS
+      smb.status_code: '0x0'
+      smb.tree_id: 57349
+      src_ip: 141.81.0.182
+      src_port: 4548