Skip to content

Fix zeek ja4ssh add tests#293

Merged
john-althouse merged 6 commits into
FoxIO-LLC:mainfrom
J0eJ0h:fix-zeek-ja4ssh-add-tests
Apr 7, 2026
Merged

Fix zeek ja4ssh add tests#293
john-althouse merged 6 commits into
FoxIO-LLC:mainfrom
J0eJ0h:fix-zeek-ja4ssh-add-tests

Conversation

@J0eJ0h

@J0eJ0h J0eJ0h commented Apr 3, 2026

Copy link
Copy Markdown
Collaborator

This adds basic github actions tests for the zeek code and fixes issues found with the ja4ssh implementation found during test creation

@J0eJ0h J0eJ0h force-pushed the fix-zeek-ja4ssh-add-tests branch from d0f8f5b to 4e3be1b Compare April 6, 2026 19:21
google-labs-jules Bot and others added 6 commits April 6, 2026 12:25
This commit introduces a testing framework for the JA4+ Zeek packages using `btest`.
- Configures `btest.cfg` and environment to test against existing sample PCAPs.
- Adds test scripts for JA4, JA4S, JA4H, JA4SSH, and JA4D.
- Generates baseline logs (`ssl.log`, `http.log`, `conn.log`, `ja4ssh.log`, `ja4d.log`) from sample data.
- Creates a GitHub Actions workflow (`zeek-test.yml`) to run the tests in the `zeek/zeek:8.0.0` container on push/PR.

Co-authored-by: J0eJ0h <16658048+J0eJ0h@users.noreply.github.com>
…n and close comments

Co-authored-by: J0eJ0h <16658048+J0eJ0h@users.noreply.github.com>
…n and close comments

Co-authored-by: J0eJ0h <16658048+J0eJ0h@users.noreply.github.com>
…ode.js 24

Co-authored-by: J0eJ0h <16658048+J0eJ0h@users.noreply.github.com>
…ating mode

Co-authored-by: J0eJ0h <16658048+J0eJ0h@users.noreply.github.com>
* Fix raw syn/ack counting

* Update test expectations

* Fix new wrongly counted packet
@J0eJ0h J0eJ0h force-pushed the fix-zeek-ja4ssh-add-tests branch from 4e3be1b to f7f4691 Compare April 6, 2026 19:26
@J0eJ0h

J0eJ0h commented Apr 6, 2026

Copy link
Copy Markdown
Collaborator Author

Force pushes cleaned up bad merge of base branch.

@john-althouse john-althouse merged commit e2f4922 into FoxIO-LLC:main Apr 7, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants