Add a connectionless DCE/RPC detection (#1078)

* Add connectionless DCE/RPC detection

* Add DCE/RPC pcap file as well as its test result

Co-authored-by: rafal <rafal.burzynski@cryptomage.com>

2 files changed, 6 insertions, 0 deletions

diff --git a/tests/pcap/dcerpc.pcap b/tests/pcap/dcerpc.pcap
new file mode 100644
index 000000000..54f6414b8
--- /dev/null
+++ b/tests/pcap/dcerpc.pcap
diff --git a/tests/result/dcerpc.pcap.out b/tests/result/dcerpc.pcap.out
new file mode 100644
index 000000000..8a85d5c4e
--- /dev/null
+++ b/tests/result/dcerpc.pcap.out
@@ -0,0 +1,6 @@
+DCE_RPC	16	6866	4
+
+	1	UDP 192.168.1.11:49155 -> 192.168.1.20:34964 [proto: 127/DCE_RPC][cat: RPC/16][6 pkts/3706 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/0 32/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 618/0 995/0 338/0][PLAIN TEXT (mrpdomain)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.1.20:49161 -> 192.168.1.11:49155 [proto: 127/DCE_RPC][cat: RPC/16][6 pkts/2464 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 37/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 411/0 846/0 308/0][Plen Bins: 0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP 192.168.1.11:49154 -> 192.168.1.20:49162 [proto: 127/DCE_RPC][cat: RPC/16][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 192.168.1.20:49162 -> 192.168.1.11:34964 [proto: 127/DCE_RPC][cat: RPC/16][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]