diff options
| author | Luca Deri <deri@ntop.org> | 2023-10-13 00:01:55 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2023-10-13 00:01:55 +0200 |
| commit | b6179467ebdf8c0ee1667cbe9390b3b76e82578f (patch) | |
| tree | 83decb11ad267154c1c1104fa91ede7a95a1ec11 /wireshark | |
| parent | 30fc89e556e5c09bf62b9548862cc3d924b9ec81 (diff) | |
Added NDPI_MALWARE_HOST_CONTACTED flow risk
Diffstat (limited to 'wireshark')
| -rw-r--r-- | wireshark/ndpi.lua | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index b3151b6e9..e3d3bdb53 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -91,6 +91,7 @@ flow_risks[49] = ProtoField.bool("ndpi.flow_risk.minor_issues", "Minor flow issu flow_risks[50] = ProtoField.bool("ndpi.flow_risk.tcp_issues", "TCP connection issues", num_bits_flow_risks, nil, bit(18), "nDPI Flow Risk: TCP connection issues") flow_risks[51] = ProtoField.bool("ndpi.flow_risk.fully_encrypted", "Fully encrypted connection", num_bits_flow_risks, nil, bit(19), "nDPI Flow Risk: Fully encrypted connection") flow_risks[52] = ProtoField.bool("ndpi.flow_risk.tls_alpn_sni_mismatch", "ALPN/SNI Mismatch", num_bits_flow_risks, nil, bit(20), "nDPI Flow Risk: ALPN/SNI Mismatch") +flow_risks[53] = ProtoField.bool("ndpi.flow_risk.malware_contact", "Contact with a malware host", num_bits_flow_risks, nil, bit(21), "nDPI Flow Risk: Malware host contacted") -- Last one: keep in sync the bitmask when adding new risks!! flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(20)) |