From 7cc0e1bd0a5249b52e6e87d82d57c0b6aaf75fce Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 14 Jun 2017 10:33:26 -0600 Subject: [PATCH] add a dns test - has pcap for some unit tests --- dns-udp-dig-a-www-suricata-ids-org/README.md | 1 + dns-udp-dig-a-www-suricata-ids-org/check.sh | 15 +++++++++++++++ .../dig-a-www.suricata-ids.org.pcap | Bin 0 -> 289 bytes 3 files changed, 16 insertions(+) create mode 100644 dns-udp-dig-a-www-suricata-ids-org/README.md create mode 100755 dns-udp-dig-a-www-suricata-ids-org/check.sh create mode 100644 dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap diff --git a/dns-udp-dig-a-www-suricata-ids-org/README.md b/dns-udp-dig-a-www-suricata-ids-org/README.md new file mode 100644 index 000000000..ea42c65ad --- /dev/null +++ b/dns-udp-dig-a-www-suricata-ids-org/README.md @@ -0,0 +1 @@ +Basic DNS test running on valid data. diff --git a/dns-udp-dig-a-www-suricata-ids-org/check.sh b/dns-udp-dig-a-www-suricata-ids-org/check.sh new file mode 100755 index 000000000..5a4dc5dbc --- /dev/null +++ b/dns-udp-dig-a-www-suricata-ids-org/check.sh @@ -0,0 +1,15 @@ +#! /bin/sh + +. ../functions.sh + +n=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l) +assert_eq 1 $n + +n=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l) +assert_eq 3 $n + +n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "CNAME")' | wc -l) +assert_eq 1 $n + +n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "A")' | wc -l) +assert_eq 3 $n diff --git a/dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap b/dns-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap new file mode 100644 index 0000000000000000000000000000000000000000..663a6797f0c7745903a83210be27c39049b8eaf9 GIT binary patch literal 289 zc-p&ic+)~A1{MYcU}0bcl6D=St_%#m%7P3G z4uXy;Tmp>TK+L$}Au literal 0 Hc-jL100001 -- 2.47.2