diff options
| author | Luca Deri <deri@ntop.org> | 2022-02-17 17:20:52 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2022-02-17 17:20:52 +0100 |
| commit | a2878af1eed26db8380bf8c29e5bb64a0181f935 (patch) | |
| tree | a341c52e76f170f799a24bca3f7a3bc57071ca5d /wireshark | |
| parent | 8a2a47e62a0d7b1bc8815dc4f09c35b73393454e (diff) | |
Added newflow risk NDPI_HTTP_CRAWLER_BOT
Diffstat (limited to 'wireshark')
| -rw-r--r-- | wireshark/ndpi.lua | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 68b71e9b4..28a1c6506 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -82,6 +82,7 @@ flow_risks[40] = ProtoField.bool("ndpi.flow_risk.possible_exploit", "Possible Ex flow_risks[41] = ProtoField.bool("ndpi.flow_risk.cert_about_to_expire", "TLS cert about to expire", num_bits_flow_risks, nil, bit(9), "nDPI Flow Risk: TLS certificate about to expire") flow_risks[42] = ProtoField.bool("ndpi.flow_risk.punycode_idn", "IDN Domain Name", num_bits_flow_risks, nil, bit(10), "nDPI Flow Risk: IDN Domain Name") flow_risks[43] = ProtoField.bool("ndpi.flow_risk.error_code_detected", "Error Code Detected", num_bits_flow_risks, nil, bit(11), "nDPI Flow Risk: Error Code Detected") +flow_risks[44] = ProtoField.bool("ndpi.flow_risk.crawler_bot", "Crawler/Bot Detected", num_bits_flow_risks, nil, bit(12), "nDPI Flow Risk: Crawler/Bot Detected") -- Last one: keep in sync the bitmask when adding new risks!! flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(10)) |