📄 spp_dce2.c
字号:
PREPROC_PROFILE_END(dce2_pstat_main);}/****************************************************************** * Function: DCE2_PrintStats() * * Purpose: Print statistics being kept by the preprocessor. * * Arguments: * int - whether Snort is exiting or not * * Returns: None * ******************************************************************/ static void DCE2_PrintStats(int exiting){ if (dce2_stats.sessions > 0) { _dpd.logMsg("dcerpc2 Preprocessor Statistics\n"); _dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.sessions); if (dce2_stats.missed_bytes > 0) _dpd.logMsg(" Missed bytes: "STDu64"\n", dce2_stats.missed_bytes); if (dce2_stats.overlapped_bytes > 0) _dpd.logMsg(" Overlapped bytes: "STDu64"\n", dce2_stats.overlapped_bytes); if (dce2_stats.sessions_autodetected > 0) _dpd.logMsg(" Total sessions autodetected: "STDu64"\n", dce2_stats.sessions_autodetected); if (dce2_stats.bad_autodetects > 0) _dpd.logMsg(" Bad autodetects: "STDu64"\n", dce2_stats.bad_autodetects);#ifdef DEBUG { unsigned int port; int first = 1; for (port = 0; port < (sizeof(dce2_stats.autoports) / sizeof(dce2_stats.autoports[0])); port++) { DCE2_TransType ttype; for (ttype = DCE2_TRANS_TYPE__NONE; ttype < DCE2_TRANS_TYPE__MAX; ttype++) { if ((dce2_stats.autoports[port][ttype] > 0) && (dce2_trans_strs[ttype] != NULL)) { if (first) { _dpd.logMsg("\n"); _dpd.logMsg(" Autodetected ports:\n"); _dpd.logMsg(" %7s%15s%15s\n", "Port", "Transport", "Total"); first = 0; } _dpd.logMsg(" %7u%15s"FMTu64("15")"\n", port, dce2_trans_strs[ttype], dce2_stats.autoports[port][ttype]); } } } }#endif _dpd.logMsg("\n"); _dpd.logMsg(" Transports\n"); if (dce2_stats.smb_sessions > 0) { _dpd.logMsg(" SMB\n"); _dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.smb_sessions); _dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.smb_pkts); if (dce2_stats.smb_ignored_bytes > 0) _dpd.logMsg(" Ignored bytes: "STDu64"\n", dce2_stats.smb_ignored_bytes); if (dce2_stats.smb_non_ipc_packets > 0) _dpd.logMsg(" Not IPC packets (after tree connect): "STDu64"\n", dce2_stats.smb_non_ipc_packets); if (dce2_stats.smb_nbss_not_message > 0) _dpd.logMsg(" Not NBSS Session Message: "STDu64"\n", dce2_stats.smb_nbss_not_message); if ((dce2_stats.smb_ssx_req > 0) || (dce2_stats.smb_ssx_resp > 0)) { _dpd.logMsg(" Session Setup AndX requests: "STDu64"\n", dce2_stats.smb_ssx_req); if (dce2_stats.smb_ssx_chained > 0) { _dpd.logMsg(" Session Setup AndX chained requests\n"); if (dce2_stats.smb_ssx_req_chained_loffx > 0) _dpd.logMsg(" Logoff AndX: "STDu64"\n", dce2_stats.smb_ssx_req_chained_loffx); if (dce2_stats.smb_ssx_req_chained_tc > 0) _dpd.logMsg(" Tree Connect: "STDu64"\n", dce2_stats.smb_ssx_req_chained_tc); if (dce2_stats.smb_ssx_req_chained_tcx > 0) _dpd.logMsg(" Tree Connect AndX: "STDu64"\n", dce2_stats.smb_ssx_req_chained_tcx); if (dce2_stats.smb_ssx_req_chained_tdis > 0) _dpd.logMsg(" Tree Disconnect: "STDu64"\n", dce2_stats.smb_ssx_req_chained_tdis); if (dce2_stats.smb_ssx_req_chained_open > 0) _dpd.logMsg(" Open: "STDu64"\n", dce2_stats.smb_ssx_req_chained_open); if (dce2_stats.smb_ssx_req_chained_openx > 0) _dpd.logMsg(" Open AndX: "STDu64"\n", dce2_stats.smb_ssx_req_chained_openx); if (dce2_stats.smb_ssx_req_chained_ntcx > 0) _dpd.logMsg(" Nt Create AndX: "STDu64"\n", dce2_stats.smb_ssx_req_chained_ntcx); if (dce2_stats.smb_ssx_req_chained_close > 0) _dpd.logMsg(" Close: "STDu64"\n", dce2_stats.smb_ssx_req_chained_close); if (dce2_stats.smb_ssx_req_chained_trans > 0) _dpd.logMsg(" Transact: "STDu64"\n", dce2_stats.smb_ssx_req_chained_trans); if (dce2_stats.smb_ssx_req_chained_write > 0) _dpd.logMsg(" Write: "STDu64"\n", dce2_stats.smb_ssx_req_chained_write); if (dce2_stats.smb_ssx_req_chained_readx > 0) _dpd.logMsg(" Read AndX: "STDu64"\n", dce2_stats.smb_ssx_req_chained_readx); if (dce2_stats.smb_ssx_req_chained_other > 0) _dpd.logMsg(" Other: "STDu64"\n", dce2_stats.smb_ssx_req_chained_other); } _dpd.logMsg(" Session Setup AndX responses: "STDu64"\n", dce2_stats.smb_ssx_resp); if (dce2_stats.smb_ssx_chained > 0) { _dpd.logMsg(" Session Setup AndX chained responses\n"); if (dce2_stats.smb_ssx_resp_chained_loffx > 0) _dpd.logMsg(" Logoff AndX: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_loffx); if (dce2_stats.smb_ssx_resp_chained_tc > 0) _dpd.logMsg(" Tree Connect: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_tc); if (dce2_stats.smb_ssx_resp_chained_tcx > 0) _dpd.logMsg(" Tree Connect AndX: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_tcx); if (dce2_stats.smb_ssx_resp_chained_tdis > 0) _dpd.logMsg(" Tree Disconnect: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_tdis); if (dce2_stats.smb_ssx_resp_chained_open > 0) _dpd.logMsg(" Open: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_open); if (dce2_stats.smb_ssx_resp_chained_openx > 0) _dpd.logMsg(" Open AndX: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_openx); if (dce2_stats.smb_ssx_resp_chained_ntcx > 0) _dpd.logMsg(" Nt Create AndX: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_ntcx); if (dce2_stats.smb_ssx_resp_chained_close > 0) _dpd.logMsg(" Close: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_close); if (dce2_stats.smb_ssx_resp_chained_trans > 0) _dpd.logMsg(" Transact: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_trans); if (dce2_stats.smb_ssx_resp_chained_write > 0) _dpd.logMsg(" Write: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_write); if (dce2_stats.smb_ssx_resp_chained_readx > 0) _dpd.logMsg(" Read AndX: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_readx); if (dce2_stats.smb_ssx_resp_chained_other > 0) _dpd.logMsg(" Other: "STDu64"\n", dce2_stats.smb_ssx_resp_chained_other); } } if ((dce2_stats.smb_loffx_req > 0) || (dce2_stats.smb_loffx_resp > 0)) { _dpd.logMsg(" Logoff AndX requests: "STDu64"\n", dce2_stats.smb_loffx_req); if (dce2_stats.smb_loffx_chained > 0) { _dpd.logMsg(" Logoff AndX chained requests\n"); if (dce2_stats.smb_loffx_req_chained_ssx > 0) _dpd.logMsg(" Session Setup AndX: "STDu64"\n", dce2_stats.smb_loffx_req_chained_ssx); if (dce2_stats.smb_loffx_req_chained_tcx > 0) _dpd.logMsg(" Tree Connect AndX: "STDu64"\n", dce2_stats.smb_loffx_req_chained_tcx); if (dce2_stats.smb_loffx_req_chained_tdis > 0) _dpd.logMsg(" Tree Disconnect: "STDu64"\n", dce2_stats.smb_loffx_req_chained_tdis); if (dce2_stats.smb_loffx_req_chained_other > 0) _dpd.logMsg(" Other: "STDu64"\n", dce2_stats.smb_loffx_req_chained_other); } _dpd.logMsg(" Logoff AndX responses: "STDu64"\n", dce2_stats.smb_loffx_resp); if (dce2_stats.smb_loffx_chained > 0) { _dpd.logMsg(" Logoff AndX chained responses\n"); if (dce2_stats.smb_loffx_resp_chained_ssx > 0) _dpd.logMsg(" Session Setup AndX: "STDu64"\n", dce2_stats.smb_loffx_resp_chained_ssx); if (dce2_stats.smb_loffx_resp_chained_tcx > 0) _dpd.logMsg(" Tree Connect AndX: "STDu64"\n", dce2_stats.smb_loffx_resp_chained_tcx); if (dce2_stats.smb_loffx_resp_chained_tdis > 0) _dpd.logMsg(" Tree Disconnect: "STDu64"\n", dce2_stats.smb_loffx_resp_chained_tdis); if (dce2_stats.smb_loffx_resp_chained_other > 0) _dpd.logMsg(" Other: "STDu64"\n", dce2_stats.smb_loffx_resp_chained_other); } } if ((dce2_stats.smb_tc_req > 0) || (dce2_stats.smb_tc_resp > 0)) { _dpd.logMsg(" Tree Connect requests: "STDu64"\n", dce2_stats.smb_tc_req); _dpd.logMsg(" Tree Connect responses: "STDu64"\n", dce2_stats.smb_tc_resp); } if ((dce2_stats.smb_tcx_req > 0) || (dce2_stats.smb_tcx_resp > 0)) { _dpd.logMsg(" Tree Connect AndX requests: "STDu64"\n", dce2_stats.smb_tcx_req); if (dce2_stats.smb_tcx_chained > 0) { _dpd.logMsg(" Tree Connect AndX chained requests\n"); if (dce2_stats.smb_tcx_resp_chained_ssx > 0) _dpd.logMsg(" Session Setup AndX: "STDu64"\n", dce2_stats.smb_tcx_req_chained_ssx); if (dce2_stats.smb_tcx_resp_chained_loffx > 0) _dpd.logMsg(" Logoff AndX: "STDu64"\n", dce2_stats.smb_tcx_req_chained_loffx); if (dce2_stats.smb_tcx_resp_chained_tdis > 0) _dpd.logMsg(" Tree Disconnect: "STDu64"\n", dce2_stats.smb_tcx_req_chained_tdis); if (dce2_stats.smb_tcx_resp_chained_open > 0) _dpd.logMsg(" Open: "STDu64"\n", dce2_stats.smb_tcx_req_chained_open); if (dce2_stats.smb_tcx_resp_chained_openx > 0) _dpd.logMsg(" Open AndX: "STDu64"\n", dce2_stats.smb_tcx_req_chained_openx); if (dce2_stats.smb_tcx_resp_chained_ntcx > 0) _dpd.logMsg(" Nt Create AndX: "STDu64"\n", dce2_stats.smb_tcx_req_chained_ntcx); if (dce2_stats.smb_tcx_resp_chained_close > 0) _dpd.logMsg(" Close: "STDu64"\n", dce2_stats.smb_tcx_req_chained_close); if (dce2_stats.smb_tcx_resp_chained_trans > 0) _dpd.logMsg(" Transact: "STDu64"\n", dce2_stats.smb_tcx_req_chained_trans); if (dce2_stats.smb_tcx_resp_chained_write > 0) _dpd.logMsg(" Write: "STDu64"\n", dce2_stats.smb_tcx_req_chained_write); if (dce2_stats.smb_tcx_resp_chained_readx > 0) _dpd.logMsg(" Read AndX: "STDu64"\n", dce2_stats.smb_tcx_req_chained_readx); if (dce2_stats.smb_tcx_resp_chained_other > 0) _dpd.logMsg(" Other: "STDu64"\n", dce2_stats.smb_tcx_req_chained_other); } _dpd.logMsg(" Tree Connect AndX responses: "STDu64"\n", dce2_stats.smb_tcx_resp); if (dce2_stats.smb_tcx_chained > 0) { _dpd.logMsg(" Tree Connect AndX chained responses\n"); if (dce2_stats.smb_tcx_resp_chained_ssx > 0) _dpd.logMsg(" Session Setup AndX: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_ssx); if (dce2_stats.smb_tcx_resp_chained_loffx > 0) _dpd.logMsg(" Logoff AndX: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_loffx); if (dce2_stats.smb_tcx_resp_chained_tdis > 0) _dpd.logMsg(" Tree Disconnect: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_tdis); if (dce2_stats.smb_tcx_resp_chained_open > 0) _dpd.logMsg(" Open: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_open); if (dce2_stats.smb_tcx_resp_chained_openx > 0) _dpd.logMsg(" Open AndX: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_openx); if (dce2_stats.smb_tcx_resp_chained_ntcx > 0) _dpd.logMsg(" Nt Create AndX: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_ntcx); if (dce2_stats.smb_tcx_resp_chained_close > 0) _dpd.logMsg(" Close: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_close); if (dce2_stats.smb_tcx_resp_chained_trans > 0) _dpd.logMsg(" Transact: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_trans); if (dce2_stats.smb_tcx_resp_chained_write > 0) _dpd.logMsg(" Write: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_write); if (dce2_stats.smb_tcx_resp_chained_readx > 0) _dpd.logMsg(" Read AndX: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_readx); if (dce2_stats.smb_tcx_resp_chained_other > 0) _dpd.logMsg(" Other: "STDu64"\n", dce2_stats.smb_tcx_resp_chained_other); } } if ((dce2_stats.smb_tdis_req > 0) || (dce2_stats.smb_tdis_resp > 0)) { _dpd.logMsg(" Tree Disconnect requests: "STDu64"\n", dce2_stats.smb_tdis_req); _dpd.logMsg(" Tree Disconnect responses: "STDu64"\n", dce2_stats.smb_tdis_resp); } if ((dce2_stats.smb_open_req > 0) || (dce2_stats.smb_open_resp > 0)) { _dpd.logMsg(" Open requests: "STDu64"\n", dce2_stats.smb_open_req); _dpd.logMsg(" Open responses: "STDu64"\n", dce2_stats.smb_open_resp); } if ((dce2_stats.smb_openx_req > 0) || (dce2_stats.smb_openx_resp > 0)) { _dpd.logMsg(" Open AndX requests: "STDu64"\n", dce2_stats.smb_openx_req); if (dce2_stats.smb_openx_chained > 0) { _dpd.logMsg(" Open AndX chained requests\n"); if (dce2_stats.smb_openx_req_chained_ssx > 0) _dpd.logMsg(" Session Setup AndX: "STDu64"\n", dce2_stats.smb_openx_req_chained_ssx); if (dce2_stats.smb_openx_req_chained_loffx > 0) _dpd.logMsg(" Logoff AndX: "STDu64"\n", dce2_stats.smb_openx_req_chained_loffx); if (dce2_stats.smb_openx_req_chained_tc > 0) _dpd.logMsg(" Tree Connect: "STDu64"\n", dce2_stats.smb_openx_req_chained_tc); if (dce2_stats.smb_openx_req_chained_tcx > 0) _dpd.logMsg(" Tree Connect AndX: "STDu64"\n", dce2_stats.smb_openx_req_chained_tcx); if (dce2_stats.smb_openx_req_chained_tdis > 0) _dpd.logMsg(" Tree Disconnect: "STDu64"\n", dce2_stats.smb_openx_req_chained_tdis); if (dce2_stats.smb_openx_req_chained_open > 0) _dpd.logMsg(" Open: "STDu64"\n", dce2_stats.smb_openx_req_chained_open); if (dce2_stats.smb_openx_req_chained_openx > 0) _dpd.logMsg(" Open AndX: "STDu64"\n", dce2_stats.smb_openx_req_chained_openx); if (dce2_stats.smb_openx_req_chained_ntcx > 0) _dpd.logMsg(" Nt Create AndX: "STDu64"\n", dce2_stats.smb_openx_req_chained_ntcx); if (dce2_stats.smb_openx_req_chained_close > 0) _dpd.logMsg(" Close: "STDu64"\n", dce2_stats.smb_openx_req_chained_close); if (dce2_stats.smb_openx_req_chained_write > 0) _dpd.logMsg(" Write: "STDu64"\n", dce2_stats.smb_openx_req_chained_write); if (dce2_stats.smb_openx_req_chained_readx > 0) _dpd.logMsg(" Read AndX: "STDu64"\n", dce2_stats.smb_openx_req_chained_readx); if (dce2_stats.smb_openx_req_chained_other > 0)⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -