From 2c4d300ece8a053a2aa09e90030b636c5a3b117a Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 18 Jan 2021 10:38:25 +0100 Subject: [PATCH] tests: bug 856 test --- tests/bug-856/input.pcap | Bin 0 -> 653 bytes tests/bug-856/test.yaml | 135 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+) create mode 100644 tests/bug-856/input.pcap create mode 100644 tests/bug-856/test.yaml diff --git a/tests/bug-856/input.pcap b/tests/bug-856/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..6437471b0365717383553aa2a1bb8973f2a77460 GIT binary patch literal 653 zc-p&ic+)~A1{MYw`2U}Qfe}cjU%VQ~y`POC7{~@;x0N;t8!s`XrrKwPaWJ?tFt}2r&W(*osRMOEQyr3X1a6ixP8lQ*}$qnDbIg zKnfT^R;b{&q6BQk8B{AO`ct+OV}%UFiuE5j7bwtVq5EG9F|N zgDKFG>8)p;%QiLutzaSOivv6itRS~Al`+U-sNhUZNlz^<%`8bhpm4wxqR{^WgCJ|7 zp@pd>V>(-6c4BT~CQvdCWERjaJ_eSk5OV`Gz5~c3;XIrS*MLITuzBPJ)FXRQJhEk{ zT*`K^N0>mS;SDP)c_f8_4J66@g29kE&mjFk8dpYsaY=4saY JWpK>S0RR+8wxs|7 literal 0 Hc-jL100001 diff --git a/tests/bug-856/test.yaml b/tests/bug-856/test.yaml new file mode 100644 index 000000000..bc722870c --- /dev/null +++ b/tests/bug-856/test.yaml @@ -0,0 +1,135 @@ +requires: + min-version: 6 + +args: +- -k none + +checks: +- filter: + count: 1 + match: + dest_ip: 192.168.42.129 + dest_port: 53 + dns.id: 59165 + dns.rrname: static.programme-tv.net + dns.rrtype: A + dns.tx_id: 0 + dns.type: query + event_type: dns + pcap_cnt: 1 + proto: UDP + src_ip: 192.168.42.150 + src_port: 55597 +- filter: + count: 1 + match: + dest_ip: 192.168.42.129 + dest_port: 53 + dns.id: 25783 + dns.rrname: static.programme-tv.net + dns.rrtype: AAAA + dns.tx_id: 1 + dns.type: query + event_type: dns + pcap_cnt: 2 + proto: UDP + src_ip: 192.168.42.150 + src_port: 55597 +- filter: + count: 1 + match: + dest_ip: 192.168.42.129 + dest_port: 53 + dns.answers[0].rdata: programme-tv.net.edgesuite.net + dns.answers[0].rrname: static.programme-tv.net + dns.answers[0].rrtype: CNAME + dns.answers[0].ttl: 630 + dns.answers[1].rdata: a1859.g.akamai.net + dns.answers[1].rrname: programme-tv.net.edgesuite.net + dns.answers[1].rrtype: CNAME + dns.answers[1].ttl: 20432 + dns.answers[2].rdata: 90.84.55.48 + dns.answers[2].rrname: a1859.g.akamai.net + dns.answers[2].rrtype: A + dns.answers[2].ttl: 14 + dns.answers[3].rdata: 90.84.55.64 + dns.answers[3].rrname: a1859.g.akamai.net + dns.answers[3].rrtype: A + dns.answers[3].ttl: 14 + dns.flags: '8180' + dns.grouped.A[0]: 90.84.55.48 + dns.grouped.A[1]: 90.84.55.64 + dns.grouped.CNAME[0]: programme-tv.net.edgesuite.net + dns.grouped.CNAME[1]: a1859.g.akamai.net + dns.id: 59165 + dns.qr: true + dns.ra: true + dns.rcode: NOERROR + dns.rd: true + dns.rrname: static.programme-tv.net + dns.rrtype: A + dns.type: answer + dns.version: 2 + event_type: dns + pcap_cnt: 3 + proto: UDP + src_ip: 192.168.42.150 + src_port: 55597 +- filter: + count: 1 + match: + dest_ip: 192.168.42.129 + dest_port: 53 + dns.answers[0].rdata: programme-tv.net.edgesuite.net + dns.answers[0].rrname: static.programme-tv.net + dns.answers[0].rrtype: CNAME + dns.answers[0].ttl: 630 + dns.answers[1].rdata: a1859.g.akamai.net + dns.answers[1].rrname: programme-tv.net.edgesuite.net + dns.answers[1].rrtype: CNAME + dns.answers[1].ttl: 20432 + dns.authorities[0].rrname: g.akamai.net + dns.authorities[0].rrtype: SOA + dns.authorities[0].soa.expire: 1000 + dns.authorities[0].soa.minimum: 1800 + dns.authorities[0].soa.mname: n0g.akamai.net + dns.authorities[0].soa.refresh: 1000 + dns.authorities[0].soa.retry: 1000 + dns.authorities[0].soa.rname: hostmaster.akamai.com + dns.authorities[0].soa.serial: 1372967523 + dns.authorities[0].ttl: 1000 + dns.flags: '8180' + dns.grouped.CNAME[0]: programme-tv.net.edgesuite.net + dns.grouped.CNAME[1]: a1859.g.akamai.net + dns.id: 25783 + dns.qr: true + dns.ra: true + dns.rcode: NOERROR + dns.rd: true + dns.rrname: static.programme-tv.net + dns.rrtype: AAAA + dns.type: answer + dns.version: 2 + event_type: dns + pcap_cnt: 4 + proto: UDP + src_ip: 192.168.42.150 + src_port: 55597 +- filter: + count: 1 + match: + app_proto: dns + dest_ip: 192.168.42.129 + dest_port: 53 + event_type: flow + flow.age: 0 + flow.alerted: false + flow.bytes_toclient: 399 + flow.bytes_toserver: 166 + flow.pkts_toclient: 2 + flow.pkts_toserver: 2 + flow.reason: shutdown + flow.state: established + proto: UDP + src_ip: 192.168.42.150 + src_port: 55597 -- 2.47.2