Skip to content

Commit

Permalink
ldap: add tests for udp and frames
Browse files Browse the repository at this point in the history
  • Loading branch information
@glongo @victorjulien
glongo authored and victorjulien committed Aug 7, 2024
1 parent e63e895 commit e4f9762
Show file tree
Hide file tree
Showing 6 changed files with 85 additions and 0 deletions.
7 changes: 7 additions & 0 deletions tests/ldap-frames/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Test Purpose

Test that LDAP over UDP is parsed correctly.

## PCAP

PCAP downloaded from cloudshark.
8 changes: 8 additions & 0 deletions tests/ldap-frames/suricata.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
%YAML 1.1
---

outputs:
- eve-log:
enabled: yes
types:
- frame
34 changes: 34 additions & 0 deletions tests/ldap-frames/test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
requires:
min-version: 8

args:
- -k none

pcap: ../ldap-udp/cldap.pcap

checks:
- filter:
count: 1
match:
pcap_cnt: 1
event_type: frame
frame.direction: toserver
frame.length: 137
frame.complete: true
- filter:
count: 1
match:
pcap_cnt: 2
event_type: frame
frame.direction: toclient
frame.length: 137
frame.complete: true
- filter:
count: 1
match:
pcap_cnt: 2
event_type: frame
frame.direction: toclient
frame.length: 14
frame.complete: true
frame.tx_id: 1
7 changes: 7 additions & 0 deletions tests/ldap-udp/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Test Purpose

Test that LDAP over UDP is parsed correctly.

## PCAP

PCAP downloaded from cloudshark.
Binary file added tests/ldap-udp/cldap.pcap
View file
Binary file not shown.
29 changes: 29 additions & 0 deletions tests/ldap-udp/test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
requires:
min-version: 8

args:
- -k none

pcap: cldap.pcap

checks:
- filter:
count: 1
match:
event_type: ldap
ldap.request.message_id: 1
ldap.request.operation: search_request
ldap.request.search_request.base_object: ""
ldap.request.search_request.scope: 0
ldap.request.search_request.deref_alias: 0
ldap.request.search_request.size_limit: 0
ldap.request.search_request.time_limit: 0
ldap.request.search_request.types_only: false
ldap.request.search_request.attributes[0]: Netlogon
ldap.responses[0].operation: search_result_entry
ldap.responses[0].search_result_entry.base_object: ""
ldap.responses[0].search_result_entry.attributes[0].type: netlogon
ldap.responses[1].operation: search_result_done
ldap.responses[1].search_result_done.result_code: success
ldap.responses[1].search_result_done.matched_dn: ""
ldap.responses[1].search_result_done.message: ""

0 comments on commit e4f9762

Please sign in to comment.