Added STUN check to avoid false positives

Added fingerprint comments in SSH/TLS Added netflow test pcap
author: Luca Deri <deri@ntop.org> 2019-09-11 17:13:49 +0200
committer: Luca Deri <deri@ntop.org> 2019-09-11 17:13:49 +0200
commit: 6966e0d19b389f78c97f55ab3b2318a5cda41e08 (patch)
tree: 09993e68a08bb8cbf7e9c69899af86c9a3de4167 /src/lib/protocols/ssh.c
parent: 16fe2574b1d962fa8ca25b1a243f56ee489d0c33 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c
index de3b93bc2..5dd6fb0e5 100644
--- a/src/lib/protocols/ssh.c
+++ b/src/lib/protocols/ssh.c
@@ -39,14 +39,19 @@
   seastc = packet.ssh.encryption_algorithms_server_to_client
   smastc = packet.ssh.mac_algorithms_server_to_client
   scastc = packet.ssh.compression_algorithms_server_to_client
-  hasshs_str = ';'.join([skex, seastc, smastc, scastc])
+  hasshs_str = ';'.join([skex, seastc, smastc, scastc]) 
 
   [client]
   ckex = packet.ssh.kex_algorithms
   ceacts = packet.ssh.encryption_algorithms_client_to_server
   cmacts = packet.ssh.mac_algorithms_client_to_server
   ccacts = packet.ssh.compression_algorithms_client_to_server
-  hassh_str = ';'.join([ckex, ceacts, cmacts, ccacts])
+  hassh_str = ';'.join([ckex, ceacts, cmacts, ccacts]) 
+
+  NOTE
+  THe ECDSA key fingerprint is SHA256 -> ssh.kex.h_sig (wireshark)
+  is in the Message Code: Diffie-Hellman Key Exchange Reply (31) 
+  that usually is packet 14
 */
 
 /* #define SSH_DEBUG 1 */
author	Luca Deri <deri@ntop.org>	2019-09-11 17:13:49 +0200
committer	Luca Deri <deri@ntop.org>	2019-09-11 17:13:49 +0200
commit	6966e0d19b389f78c97f55ab3b2318a5cda41e08 (patch)
tree	09993e68a08bb8cbf7e9c69899af86c9a3de4167 /src/lib/protocols/ssh.c
parent	16fe2574b1d962fa8ca25b1a243f56ee489d0c33 (diff)