From 1ecc6d323eff8f5d7990e88675c1cc99c4eadb79 Mon Sep 17 00:00:00 2001
From: rafaliusz <rafaliusz@o2.pl>
Date: Tue, 8 Dec 2020 15:48:53 +0100
Subject: Add a connectionless DCE/RPC detection (#1078)

* Add connectionless DCE/RPC detection

* Add DCE/RPC pcap file as well as its test result

Co-authored-by: rafal <rafal.burzynski@cryptomage.com>
---
 tests/pcap/dcerpc.pcap       | Bin 0 -> 7146 bytes
 tests/result/dcerpc.pcap.out |   6 ++++++
 2 files changed, 6 insertions(+)
 create mode 100644 tests/pcap/dcerpc.pcap
 create mode 100644 tests/result/dcerpc.pcap.out

(limited to 'tests')

diff --git a/tests/pcap/dcerpc.pcap b/tests/pcap/dcerpc.pcap
new file mode 100644
index 000000000..54f6414b8
Binary files /dev/null and b/tests/pcap/dcerpc.pcap differ
diff --git a/tests/result/dcerpc.pcap.out b/tests/result/dcerpc.pcap.out
new file mode 100644
index 000000000..8a85d5c4e
--- /dev/null
+++ b/tests/result/dcerpc.pcap.out
@@ -0,0 +1,6 @@
+DCE_RPC	16	6866	4
+
+	1	UDP 192.168.1.11:49155 -> 192.168.1.20:34964 [proto: 127/DCE_RPC][cat: RPC/16][6 pkts/3706 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/0 32/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 618/0 995/0 338/0][PLAIN TEXT (mrpdomain)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.1.20:49161 -> 192.168.1.11:49155 [proto: 127/DCE_RPC][cat: RPC/16][6 pkts/2464 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 37/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 411/0 846/0 308/0][Plen Bins: 0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP 192.168.1.11:49154 -> 192.168.1.20:49162 [proto: 127/DCE_RPC][cat: RPC/16][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 192.168.1.20:49162 -> 192.168.1.11:34964 [proto: 127/DCE_RPC][cat: RPC/16][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-- 
cgit v1.2.3