Add json_file output format (uses json-c)#10
Add json_file output format (uses json-c)#10zakird merged 7 commits intozmap:masterfrom hdm:feature/add-json-output
Conversation
|
Merged with master to pick up the UDP probe module and included some output examples below. Currently this decodes both success and failure replies. For the sake of space, it may make sense to expose a configuration parameter that disables failed response output. It seems like the right way to do this is output-module-args, but it would mean defining a format for setting this. Any preference for how output-module-args should be defined or parsed? Header (first JSON line): { "type": "header", "log_level": 3, "target_port": 137, "source_port_first": 32768, "source_port_last": 61000, "max_targets": -1, "max_runtime": 0, "max_results": 0, "iface": "bond0", "rate": 1000, "bandwidth": 0, "cooldown_secs": 8, "senders": 1, "use_seed": 0, "seed": 0, "generator": 0, "packet_streams": 1, "probe_module": "udp", "output_module": "json_file", "probe_args": "file:../examples/udp-probes/netbios_137.pkt", "gw_mac": "00:54:f5:f1:f4:34", "source_ip_first": "192.168.0.4", "source_ip_last": "192.168.0.4", "output_filename": "-", "dryrun": 0, "summary": 0, "quiet": 0, "recv_ready": 0 } ICMP Unreachable: UDP Reply: |
* fist pass at a debian workflow * Refactored debian workflow into a common bsd/linux yml. Edited Dockerfile * attempt #2 * attempt #3 * attempt #4 * attempt #5 * attempt #6 * attempt #7 * attempt #8 * attempt #9 * attempt #10, at least we're getting into the debian dockerfile * Looks like its working, causing a compile error in get_gateway_linux to see if check fails * Confirmed, debian workflow is working! * Removed debugging ls in .yml * testing arch build * Added fedora test * testing Gentoo test * phillip/773: refactored all the github compile actions to be in a single .yml file * phillip/773: added arch and gentoo Install instructions * phillip/773: removed extra space in arch.Dockerfile * phillip/773: apparently the free-bsd vm is picky about having the run being on the same line
Example output for syn-scan:
{ "type": "result", "response-type": "rst", "saddr": "10.222.49.19", "daddr": "192.168.0.4", "proto": "tcp", "sport": 80, "dport": 59284, "seq": 0, "ack": 3135547661, "in_cooldown": 0, "is_repeat": 0, "t": "2013-08-17 14:01:08", "ts": 1376766068, "tm": 472 }