Actions
Feature #7566
opendcerpc: applayer events for anomalous parsing results
Effort:
Difficulty:
Label:
Description
dcerpc lacks event handling which is important to convey what a possible issue could have led to an unexpected behavior.
Files
Updated by Victor Julien about 1 year ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
#2
Updated by Artem Kartunchikov 12 months ago
- File rough_potato_broken_2.pcap rough_potato_broken_2.pcap added
- File stats.log stats.log added
- File packets_stats.log packets_stats.log added
- File locks_stats.log locks_stats.log added
I again encounter this issue but with other pcap file
Updated by Victor Julien 10 months ago
- Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Updated by Artem Kartunchikov 9 months ago
Also, I think it would be great if instead of the parser getting into an error state and shutting down, it would just skip the unknown RPC calls and continue analyzing the stream
Updated by Philippe Antoine 10 days ago
Artem Kartunchikov wrote in #note-4:
Also, I think it would be great if instead of the parser getting into an error state and shutting down, it would just skip the unknown RPC calls and continue analyzing the stream
Updated by Philippe Antoine 10 days ago
- Related to Bug #5133: dcerpc: logs not created after unhandled packet such as auth3 added
Actions