diff options
| author | Luca Deri <deri@ntop.org> | 2023-12-22 20:39:44 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2023-12-22 20:40:42 +0100 |
| commit | 8285fffdaeda5d2405360719a57f817b4772e6d1 (patch) | |
| tree | 293b33f5c1264f9038988aae9b33e1f0ac7a388c /example/ndpiReader.c | |
| parent | b90c18e9069cd5b3cfcda718263b910e949d8b57 (diff) | |
Implements JA4 Support (#2191)
Diffstat (limited to 'example/ndpiReader.c')
| -rw-r--r-- | example/ndpiReader.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 919a7963d..e3070a47f 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1881,6 +1881,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_tls.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_tls.ja3_client, print_cipher(flow->ssh_tls.client_unsafe_cipher)); + if(flow->ssh_tls.ja4_client[0] != '\0') fprintf(out, "[JA4: %s%s]", flow->ssh_tls.ja4_client, + print_cipher(flow->ssh_tls.client_unsafe_cipher)); + if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[Server: %s]", flow->ssh_tls.server_info); if(flow->ssh_tls.server_names) fprintf(out, "[ServerNames: %s]", flow->ssh_tls.server_names); @@ -2989,7 +2992,7 @@ static void printFlowsStats() { ndpi_ja3_info *info_of_element = NULL; ndpi_host_ja3_fingerprints *tmp = NULL; ndpi_ja3_info *tmp2 = NULL; - unsigned int num_ja3_client; + unsigned int num_ja3_ja4_client; unsigned int num_ja3_server; fprintf(out, "\n"); @@ -3155,14 +3158,14 @@ static void printFlowsStats() { for(ja3ByHost_element = ja3ByHostsHashT; ja3ByHost_element != NULL; ja3ByHost_element = ja3ByHost_element->hh.next) { - num_ja3_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); + num_ja3_ja4_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); num_ja3_server = HASH_COUNT(ja3ByHost_element->host_server_info_hasht); - if(num_ja3_client > 0) { + if(num_ja3_ja4_client > 0) { fprintf(out, "\t%d\t %-24s \t %-7u\n", i, ja3ByHost_element->ip_string, - num_ja3_client + num_ja3_ja4_client ); i++; } @@ -3187,10 +3190,10 @@ static void printFlowsStats() { //ja3ByHost_element: element of ja3ByHostsHashT //info_of_element: element of the inner hash table of ja3ByHost_element HASH_ITER(hh, ja3ByHostsHashT, ja3ByHost_element, tmp) { - num_ja3_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); + num_ja3_ja4_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); num_ja3_server = HASH_COUNT(ja3ByHost_element->host_server_info_hasht); againstRepeat = 0; - if(num_ja3_client > 0) { + if(num_ja3_ja4_client > 0) { HASH_ITER(hh, ja3ByHost_element->host_client_info_hasht, info_of_element, tmp2) { fprintf(out, "\t%-7d %-24s %s %s\n", i, |