diff options
| author | Luca Deri <deri@ntop.org> | 2019-06-16 10:08:21 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-06-16 10:08:21 +0200 |
| commit | 5b7a08bac331d3d30f4ed29acb18f5c99c57883d (patch) | |
| tree | 79851e9943dc52cbd297b9d473541b59080de87f | |
| parent | 709a87c8d442c40aa9f32e450d8e7665732dd9c3 (diff) | |
Added SSL cipher print
| -rw-r--r-- | example/ndpiReader.c | 2 | ||||
| -rw-r--r-- | example/ndpi_util.c | 265 | ||||
| -rw-r--r-- | example/ndpi_util.h | 2 |
3 files changed, 269 insertions, 0 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 1a5dbbfd0..508050e12 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -845,6 +845,8 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_ssl.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s%s]", flow->ssh_ssl.ja3_server, print_cipher(flow->ssh_ssl.server_unsafe_cipher)); if(flow->ssh_ssl.server_organization[0] != '\0') fprintf(out, "[organization: %s]", flow->ssh_ssl.server_organization); + if(flow->ssh_ssl.server_cipher != '\0') fprintf(out, "[%s]", print_cipher_id(flow->ssh_ssl.server_cipher));; + if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); fprintf(out, "\n"); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 4b8ffb894..c8d194e75 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -102,6 +102,270 @@ static void *malloc_wrapper(size_t size) { /* ***************************************************** */ +const char* print_cipher_id(u_int32_t cipher) { + switch(cipher) { + case 0x000000: return("TLS_NULL_WITH_NULL_NULL"); + case 0x000001: return("TLS_RSA_WITH_NULL_MD5"); + case 0x000002: return("TLS_RSA_WITH_NULL_SHA"); + case 0x000003: return("TLS_RSA_EXPORT_WITH_RC4_40_MD5"); + case 0x000004: return("TLS_RSA_WITH_RC4_128_MD5"); + case 0x000005: return("TLS_RSA_WITH_RC4_128_SHA"); + case 0x000006: return("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"); + case 0x000007: return("TLS_RSA_WITH_IDEA_CBC_SHA"); + case 0x000008: return("TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"); + case 0x000009: return("TLS_RSA_WITH_DES_CBC_SHA"); + case 0x00000a: return("TLS_RSA_WITH_3DES_EDE_CBC_SHA"); + case 0x00000b: return("TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"); + case 0x00000c: return("TLS_DH_DSS_WITH_DES_CBC_SHA"); + case 0x00000d: return("TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"); + case 0x00000e: return("TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"); + case 0x00000f: return("TLS_DH_RSA_WITH_DES_CBC_SHA"); + case 0x000010: return("TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"); + case 0x000011: return("TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); + case 0x000012: return("TLS_DHE_DSS_WITH_DES_CBC_SHA"); + case 0x000013: return("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"); + case 0x000014: return("TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"); + case 0x000015: return("TLS_DHE_RSA_WITH_DES_CBC_SHA"); + case 0x000016: return("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"); + case 0x000017: return("TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"); + case 0x000018: return("TLS_DH_anon_WITH_RC4_128_MD5"); + case 0x000019: return("TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); + case 0x00001a: return("TLS_DH_anon_WITH_DES_CBC_SHA"); + case 0x00001b: return("TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"); + case 0x00001c: return("SSL_FORTEZZA_KEA_WITH_NULL_SHA"); + case 0x00001d: return("SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"); + /* case 0x00001e: return("SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"); */ + case 0x00001E: return("TLS_KRB5_WITH_DES_CBC_SHA"); + case 0x00001F: return("TLS_KRB5_WITH_3DES_EDE_CBC_SHA"); + case 0x000020: return("TLS_KRB5_WITH_RC4_128_SHA"); + case 0x000021: return("TLS_KRB5_WITH_IDEA_CBC_SHA"); + case 0x000022: return("TLS_KRB5_WITH_DES_CBC_MD5"); + case 0x000023: return("TLS_KRB5_WITH_3DES_EDE_CBC_MD5"); + case 0x000024: return("TLS_KRB5_WITH_RC4_128_MD5"); + case 0x000025: return("TLS_KRB5_WITH_IDEA_CBC_MD5"); + case 0x000026: return("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"); + case 0x000027: return("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"); + case 0x000028: return("TLS_KRB5_EXPORT_WITH_RC4_40_SHA"); + case 0x000029: return("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"); + case 0x00002A: return("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"); + case 0x00002B: return("TLS_KRB5_EXPORT_WITH_RC4_40_MD5"); + case 0x00002C: return("TLS_PSK_WITH_NULL_SHA"); + case 0x00002D: return("TLS_DHE_PSK_WITH_NULL_SHA"); + case 0x00002E: return("TLS_RSA_PSK_WITH_NULL_SHA"); + case 0x00002f: return("TLS_RSA_WITH_AES_128_CBC_SHA"); + case 0x000030: return("TLS_DH_DSS_WITH_AES_128_CBC_SHA"); + case 0x000031: return("TLS_DH_RSA_WITH_AES_128_CBC_SHA"); + case 0x000032: return("TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); + case 0x000033: return("TLS_DHE_RSA_WITH_AES_128_CBC_SHA"); + case 0x000034: return("TLS_DH_anon_WITH_AES_128_CBC_SHA"); + case 0x000035: return("TLS_RSA_WITH_AES_256_CBC_SHA"); + case 0x000036: return("TLS_DH_DSS_WITH_AES_256_CBC_SHA"); + case 0x000037: return("TLS_DH_RSA_WITH_AES_256_CBC_SHA"); + case 0x000038: return("TLS_DHE_DSS_WITH_AES_256_CBC_SHA"); + case 0x000039: return("TLS_DHE_RSA_WITH_AES_256_CBC_SHA"); + case 0x00003A: return("TLS_DH_anon_WITH_AES_256_CBC_SHA"); + case 0x00003B: return("TLS_RSA_WITH_NULL_SHA256"); + case 0x00003C: return("TLS_RSA_WITH_AES_128_CBC_SHA256"); + case 0x00003D: return("TLS_RSA_WITH_AES_256_CBC_SHA256"); + case 0x00003E: return("TLS_DH_DSS_WITH_AES_128_CBC_SHA256"); + case 0x00003F: return("TLS_DH_RSA_WITH_AES_128_CBC_SHA256"); + case 0x000040: return("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"); + case 0x000041: return("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"); + case 0x000042: return("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"); + case 0x000043: return("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"); + case 0x000044: return("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"); + case 0x000045: return("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"); + case 0x000046: return("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"); + case 0x000047: return("TLS_ECDH_ECDSA_WITH_NULL_SHA"); + case 0x000048: return("TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); + case 0x000049: return("TLS_ECDH_ECDSA_WITH_DES_CBC_SHA"); + case 0x00004A: return("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); + case 0x00004B: return("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); + case 0x00004C: return("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + case 0x000060: return("TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"); + case 0x000061: return("TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"); + case 0x000062: return("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"); + case 0x000063: return("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"); + case 0x000064: return("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"); + case 0x000065: return("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"); + case 0x000066: return("TLS_DHE_DSS_WITH_RC4_128_SHA"); + case 0x000067: return("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"); + case 0x000068: return("TLS_DH_DSS_WITH_AES_256_CBC_SHA256"); + case 0x000069: return("TLS_DH_RSA_WITH_AES_256_CBC_SHA256"); + case 0x00006A: return("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"); + case 0x00006B: return("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"); + case 0x00006C: return("TLS_DH_anon_WITH_AES_128_CBC_SHA256"); + case 0x00006D: return("TLS_DH_anon_WITH_AES_256_CBC_SHA256"); + case 0x000084: return("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"); + case 0x000085: return("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"); + case 0x000086: return("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"); + case 0x000087: return("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"); + case 0x000088: return("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"); + case 0x000089: return("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"); + case 0x00008A: return("TLS_PSK_WITH_RC4_128_SHA"); + case 0x00008B: return("TLS_PSK_WITH_3DES_EDE_CBC_SHA"); + case 0x00008C: return("TLS_PSK_WITH_AES_128_CBC_SHA"); + case 0x00008D: return("TLS_PSK_WITH_AES_256_CBC_SHA"); + case 0x00008E: return("TLS_DHE_PSK_WITH_RC4_128_SHA"); + case 0x00008F: return("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"); + case 0x000090: return("TLS_DHE_PSK_WITH_AES_128_CBC_SHA"); + case 0x000091: return("TLS_DHE_PSK_WITH_AES_256_CBC_SHA"); + case 0x000092: return("TLS_RSA_PSK_WITH_RC4_128_SHA"); + case 0x000093: return("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"); + case 0x000094: return("TLS_RSA_PSK_WITH_AES_128_CBC_SHA"); + case 0x000095: return("TLS_RSA_PSK_WITH_AES_256_CBC_SHA"); + case 0x000096: return("TLS_RSA_WITH_SEED_CBC_SHA"); + case 0x000097: return("TLS_DH_DSS_WITH_SEED_CBC_SHA"); + case 0x000098: return("TLS_DH_RSA_WITH_SEED_CBC_SHA"); + case 0x000099: return("TLS_DHE_DSS_WITH_SEED_CBC_SHA"); + case 0x00009A: return("TLS_DHE_RSA_WITH_SEED_CBC_SHA"); + case 0x00009B: return("TLS_DH_anon_WITH_SEED_CBC_SHA"); + case 0x00009C: return("TLS_RSA_WITH_AES_128_GCM_SHA256"); + case 0x00009D: return("TLS_RSA_WITH_AES_256_GCM_SHA384"); + case 0x00009E: return("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"); + case 0x00009F: return("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"); + case 0x0000A0: return("TLS_DH_RSA_WITH_AES_128_GCM_SHA256"); + case 0x0000A1: return("TLS_DH_RSA_WITH_AES_256_GCM_SHA384"); + case 0x0000A2: return("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"); + case 0x0000A3: return("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"); + case 0x0000A4: return("TLS_DH_DSS_WITH_AES_128_GCM_SHA256"); + case 0x0000A5: return("TLS_DH_DSS_WITH_AES_256_GCM_SHA384"); + case 0x0000A6: return("TLS_DH_anon_WITH_AES_128_GCM_SHA256"); + case 0x0000A7: return("TLS_DH_anon_WITH_AES_256_GCM_SHA384"); + case 0x0000A8: return("TLS_PSK_WITH_AES_128_GCM_SHA256"); + case 0x0000A9: return("TLS_PSK_WITH_AES_256_GCM_SHA384"); + case 0x0000AA: return("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"); + case 0x0000AB: return("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"); + case 0x0000AC: return("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"); + case 0x0000AD: return("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"); + case 0x0000AE: return("TLS_PSK_WITH_AES_128_CBC_SHA256"); + case 0x0000AF: return("TLS_PSK_WITH_AES_256_CBC_SHA384"); + case 0x0000B0: return("TLS_PSK_WITH_NULL_SHA256"); + case 0x0000B1: return("TLS_PSK_WITH_NULL_SHA384"); + case 0x0000B2: return("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"); + case 0x0000B3: return("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"); + case 0x0000B4: return("TLS_DHE_PSK_WITH_NULL_SHA256"); + case 0x0000B5: return("TLS_DHE_PSK_WITH_NULL_SHA384"); + case 0x0000B6: return("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"); + case 0x0000B7: return("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"); + case 0x0000B8: return("TLS_RSA_PSK_WITH_NULL_SHA256"); + case 0x0000B9: return("TLS_RSA_PSK_WITH_NULL_SHA384"); + case 0x0000BA: return("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"); + case 0x0000BB: return("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"); + case 0x0000BC: return("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"); + case 0x0000BD: return("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"); + case 0x0000BE: return("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"); + case 0x0000BF: return("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"); + case 0x0000C0: return("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"); + case 0x0000C1: return("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"); + case 0x0000C2: return("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"); + case 0x0000C3: return("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"); + case 0x0000C4: return("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"); + case 0x0000C5: return("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"); + case 0x0000FF: return("TLS_EMPTY_RENEGOTIATION_INFO_SCSV"); + case 0x00c001: return("TLS_ECDH_ECDSA_WITH_NULL_SHA"); + case 0x00c002: return("TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); + case 0x00c003: return("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); + case 0x00c004: return("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); + case 0x00c005: return("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + case 0x00c006: return("TLS_ECDHE_ECDSA_WITH_NULL_SHA"); + case 0x00c007: return("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"); + case 0x00c008: return("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); + case 0x00c009: return("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); + case 0x00c00a: return("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); + case 0x00c00b: return("TLS_ECDH_RSA_WITH_NULL_SHA"); + case 0x00c00c: return("TLS_ECDH_RSA_WITH_RC4_128_SHA"); + case 0x00c00d: return("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); + case 0x00c00e: return("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); + case 0x00c00f: return("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); + case 0x00c010: return("TLS_ECDHE_RSA_WITH_NULL_SHA"); + case 0x00c011: return("TLS_ECDHE_RSA_WITH_RC4_128_SHA"); + case 0x00c012: return("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); + case 0x00c013: return("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); + case 0x00c014: return("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); + case 0x00c015: return("TLS_ECDH_anon_WITH_NULL_SHA"); + case 0x00c016: return("TLS_ECDH_anon_WITH_RC4_128_SHA"); + case 0x00c017: return("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); + case 0x00c018: return("TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); + case 0x00c019: return("TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); + case 0x00C01A: return("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"); + case 0x00C01B: return("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"); + case 0x00C01C: return("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"); + case 0x00C01D: return("TLS_SRP_SHA_WITH_AES_128_CBC_SHA"); + case 0x00C01E: return("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"); + case 0x00C01F: return("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"); + case 0x00C020: return("TLS_SRP_SHA_WITH_AES_256_CBC_SHA"); + case 0x00C021: return("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"); + case 0x00C022: return("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"); + case 0x00C023: return("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); + case 0x00C024: return("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); + case 0x00C025: return("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); + case 0x00C026: return("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); + case 0x00C027: return("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); + case 0x00C028: return("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); + case 0x00C029: return("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); + case 0x00C02A: return("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); + case 0x00C02B: return("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); + case 0x00C02C: return("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); + case 0x00C02D: return("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); + case 0x00C02E: return("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"); + case 0x00C02F: return("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); + case 0x00C030: return("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); + case 0x00C031: return("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); + case 0x00C032: return("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"); + case 0x00C033: return("TLS_ECDHE_PSK_WITH_RC4_128_SHA"); + case 0x00C034: return("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"); + case 0x00C035: return("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"); + case 0x00C036: return("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"); + case 0x00C037: return("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"); + case 0x00C038: return("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"); + case 0x00C039: return("TLS_ECDHE_PSK_WITH_NULL_SHA"); + case 0x00C03A: return("TLS_ECDHE_PSK_WITH_NULL_SHA256"); + case 0x00C03B: return("TLS_ECDHE_PSK_WITH_NULL_SHA384"); + case 0x00CC13: return("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00CC14: return("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00CC15: return("TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00CCA8: return("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00CCA9: return("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00CCAA: return("TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00CCAB: return("TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00CCAC: return("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00CCAD: return("TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00CCAE: return("TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"); + case 0x00E410: return("TLS_RSA_WITH_ESTREAM_SALSA20_SHA1"); + case 0x00E411: return("TLS_RSA_WITH_SALSA20_SHA1"); + case 0x00E412: return("TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1"); + case 0x00E413: return("TLS_ECDHE_RSA_WITH_SALSA20_SHA1"); + case 0x00E414: return("TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1"); + case 0x00E415: return("TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1"); + case 0x00E416: return("TLS_PSK_WITH_ESTREAM_SALSA20_SHA1"); + case 0x00E417: return("TLS_PSK_WITH_SALSA20_SHA1"); + case 0x00E418: return("TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1"); + case 0x00E419: return("TLS_ECDHE_PSK_WITH_SALSA20_SHA1"); + case 0x00E41A: return("TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1"); + case 0x00E41B: return("TLS_RSA_PSK_WITH_SALSA20_SHA1"); + case 0x00E41C: return("TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1"); + case 0x00E41D: return("TLS_DHE_PSK_WITH_SALSA20_SHA1"); + case 0x00E41E: return("TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1"); + case 0x00E41F: return("TLS_DHE_RSA_WITH_SALSA20_SHA1"); + case 0x00fefe: return("SSL_RSA_FIPS_WITH_DES_CBC_SHA"); + case 0x00feff: return("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"); + case 0x00ffe0: return("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"); + case 0x00ffe1: return("SSL_RSA_FIPS_WITH_DES_CBC_SHA"); + case 0x010080: return("SSL2_RC4_128_WITH_MD5"); + case 0x020080: return("SSL2_RC4_128_EXPORT40_WITH_MD5"); + case 0x030080: return("SSL2_RC2_128_CBC_WITH_MD5"); + case 0x040080: return("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5"); + case 0x050080: return("SSL2_IDEA_128_CBC_WITH_MD5"); + case 0x060040: return("SSL2_DES_64_CBC_WITH_MD5"); + case 0x0700c0: return("SSL2_DES_192_EDE3_CBC_WITH_MD5"); + case 0x080080: return("SSL2_RC4_64_WITH_MD5"); + default: return("???"); + } +} + +/* ***************************************************** */ + /** * @brief free wrapper function */ @@ -574,6 +838,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl snprintf(flow->ssh_ssl.ja3_server, sizeof(flow->ssh_ssl.ja3_server), "%s", flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server); flow->ssh_ssl.server_unsafe_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_unsafe_cipher; + flow->ssh_ssl.server_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_cipher; } } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 538753834..301647b1c 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -100,6 +100,7 @@ typedef struct ndpi_flow_info { u_int16_t ssl_version; char client_info[64], server_info[64], server_organization[64], ja3_client[33], ja3_server[33]; + u_int16_t server_cipher; ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; } ssh_ssl; @@ -200,6 +201,7 @@ int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); u_int32_t ethernet_crc32(const void* data, size_t n_bytes); void ndpi_flow_info_freer(void *node); +const char* print_cipher_id(u_int32_t cipher); extern int nDPI_LogLevel; |