diff options
| -rw-r--r-- | example/ndpiReader.c | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 9 | ||||
| -rw-r--r-- | src/lib/protocols/ssl.c | 6 |
4 files changed, 15 insertions, 3 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8551992bf..2a2f1cbf5 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -843,7 +843,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_ssl.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s%s]", flow->ssh_ssl.ja3_server, print_cipher(flow->ssh_ssl.server_unsafe_cipher)); if(flow->ssh_ssl.server_organization[0] != '\0') fprintf(out, "[organization: %s]", flow->ssh_ssl.server_organization); - if(flow->ssh_ssl.server_cipher != '\0') fprintf(out, "[%s]", ndpi_cipher2str(flow->ssh_ssl.server_cipher));; + if(flow->ssh_ssl.server_cipher != '\0') fprintf(out, "[Cipher: %s]", ndpi_cipher2str(flow->ssh_ssl.server_cipher)); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); if(flow->dhcp_fingerprint[0] != '\0') fprintf(out, "[DHCP Fingerprint: %s]", flow->dhcp_fingerprint); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 61ebc7b5d..4112bc657 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4583,6 +4583,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && flow->packet.tcp && (flow->packet.tcp->syn == 0) + && (flow->guessed_protocol_id == 0) ) { /* This is a TCP flow diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index bcd8e5f48..f48a19393 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -590,7 +590,14 @@ const char* ndpi_cipher2str(u_int32_t cipher) { case 0x060040: return("SSL2_DES_64_CBC_WITH_MD5"); case 0x0700c0: return("SSL2_DES_192_EDE3_CBC_WITH_MD5"); case 0x080080: return("SSL2_RC4_64_WITH_MD5"); - default: return("???"); + case 0x001301: return("TLS_AES_128_GMC_SHA256"); + default: + { + static char buf[8]; + + snprintf(buf, sizeof(buf), "0X%04X", cipher); + return(buf); + } } } diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 947b8371d..f7009a788 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -339,6 +339,10 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) { buffer[i] = '\0', buffer_len = i; } } + + /* Now all lowecase */ + for(i=0; i<buffer_len; i++) + buffer[i] = tolower(buffer[i]); } /* https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967 */ @@ -498,7 +502,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, if(num_found != 2) continue; } - if(server_len+i+3 < packet->payload_packet_len) { + if((server_len+i+3) < packet->payload_packet_len) { char *server_name = (char*)&packet->payload[i+4]; u_int8_t begin = 0, len, j, num_dots; |