Actions
Feature #7566
open
SB
SB
dcerpc: applayer events for anomalous parsing results
Feature #7566:
dcerpc: applayer events for anomalous parsing results
Effort:
Difficulty:
Label:
Description
dcerpc lacks event handling which is important to convey what a possible issue could have led to an unexpected behavior.
Files
VJ Updated by Victor Julien about 1 year ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
AK Updated by Artem Kartunchikov about 1 year ago
- File rough_potato_broken_2.pcap rough_potato_broken_2.pcap added
- File stats.log stats.log added
- File packets_stats.log packets_stats.log added
- File locks_stats.log locks_stats.log added
I again encounter this issue but with other pcap file
VJ Updated by Victor Julien 10 months ago
- Target version changed from 8.0.0-rc1 to 9.0.0-beta1
AK Updated by Artem Kartunchikov 10 months ago
Also, I think it would be great if instead of the parser getting into an error state and shutting down, it would just skip the unknown RPC calls and continue analyzing the stream
PA Updated by Philippe Antoine about 1 month ago
Artem Kartunchikov wrote in #note-4:
Also, I think it would be great if instead of the parser getting into an error state and shutting down, it would just skip the unknown RPC calls and continue analyzing the stream
PA Updated by Philippe Antoine about 1 month ago
- Related to Bug #5133: dcerpc: logs not created after unhandled packet such as auth3 added
PA Updated by Philippe Antoine 19 days ago
- Copied to Feature #8426: rdp: applayer events for anomalous parsing results added
Actions