Bug #3856: dcerpc: last response packet not logged - Suricata - Open Information Security Foundation

Actions

Bug #3856

closed

SB VJ

dcerpc: last response packet not logged

Bug #3856: dcerpc: last response packet not logged

Added by Shivani Bhardwaj over 5 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

For the pcap https://github.com/OISF/suricata-verify/blob/master/tests/dcerpc-dce-iface-01/20171220_smb_psexec_mimikatz_ticket_dump-s2.pcap, last response was never logged. I tried looking up what I did wrong but the response handler is never called for the last response (call ID: 20), I also cannot see the C code for response handling called for this packet.

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#1

Status changed from New to Assigned
Assignee set to Shivani Bhardwaj
Target version set to 7.0.0-beta1
Label Needs backport to 6.0 added

Shivani can you create a SV test for this? Then I'll have a look, or you can first take another stab at the issue if you want.

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#3

Assignee changed from Shivani Bhardwaj to Victor Julien

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#4

Target version changed from 7.0.0-beta1 to 6.0.1

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#5

Affected Versions 6.0.0 added
Label deleted (~~Needs backport to 6.0~~)

SB Updated by Shivani Bhardwaj over 5 years ago Actions
Copy link
#6

Status changed from Assigned to Closed

Closed by: https://github.com/OISF/suricata/commit/9f9c29a14a91f86c1bda92285e876e026dc9e3a4

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#7

Subject changed from DCERPC last response packet not logged to dcerpc: last response packet not logged

Actions

Also available in: PDF Atom