diff options
-rw-r--r-- | src/lib/protocols/tls.c | 2 | ||||
-rw-r--r-- | tests/pcap/dtls_certificate.pcapng | bin | 0 -> 1632 bytes | |||
-rw-r--r-- | tests/result/dtls_certificate.pcapng.out | 12 |
3 files changed, 13 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 1ab3dd85c..8214ede04 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -646,7 +646,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi if(ndpi_struct->tls_cert_cache == NULL) ndpi_struct->tls_cert_cache = ndpi_lru_cache_init(1024); - if(ndpi_struct->tls_cert_cache && packet->iph) { + if(ndpi_struct->tls_cert_cache && packet->iph && packet->tcp) { u_int32_t key = packet->iph->saddr + packet->tcp->source; /* Server */ ndpi_lru_add_to_cache(ndpi_struct->tls_cert_cache, key, proto_id); diff --git a/tests/pcap/dtls_certificate.pcapng b/tests/pcap/dtls_certificate.pcapng Binary files differnew file mode 100644 index 000000000..ddf6f02c9 --- /dev/null +++ b/tests/pcap/dtls_certificate.pcapng diff --git a/tests/result/dtls_certificate.pcapng.out b/tests/result/dtls_certificate.pcapng.out new file mode 100644 index 000000000..be5f414ca --- /dev/null +++ b/tests/result/dtls_certificate.pcapng.out @@ -0,0 +1,12 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 1 (1.00 pkts/flow) +Confidence DPI : 1 (flows) + +WindowsUpdate 1 1486 1 + +JA3 Host Stats: + IP Address # JA3C + + + 1 UDP 191.62.60.190:443 -> 163.205.15.180:38876 [proto: 91.147/TLS.WindowsUpdate][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/1486 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Protocol on Non Standard Port **** TLS Expired Certificate **][Risk Score: 150][JA3S: 953c1507994f72697446de4eff6e300b][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Update Secure Server CA 1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft, OU=DSP, CN=www.update.microsoft.com][Certificate SHA-1: D1:88:0F:51:C1:01:91:72:A1:A4:6E:69:F4:33:7F:FE:3E:C4:F0:39][Validity: 2017-02-27 12:00:00 - 2019-02-27 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (Washington1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] |