aboutsummaryrefslogtreecommitdiff
path: root/example/ndpiReader.c
diff options
context:
space:
mode:
Diffstat (limited to 'example/ndpiReader.c')
-rw-r--r--example/ndpiReader.c55
1 files changed, 53 insertions, 2 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 0b0fa889b..1a5dbbfd0 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1,7 +1,7 @@
/*
* ndpiReader.c
*
- * Copyright (C) 2011-18 - ntop.org
+ * Copyright (C) 2011-19 - ntop.org
*
* nDPI is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
@@ -749,6 +749,40 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) {
/* ********************************** */
+static char* print_cipher(ndpi_cipher_weakness c) {
+ switch(c) {
+ case ndpi_cipher_insecure:
+ return(" (INSECURE)");
+ break;
+
+ case ndpi_cipher_weak:
+ return(" (WEAK)");
+ break;
+
+ default:
+ return("");
+ }
+}
+
+/* ********************************** */
+
+static char* ssl_version2str(u_int16_t version) {
+ static char v[8];
+
+ switch(version) {
+ case 0x300: return("SSLv3");
+ case 0x301: return("TLSv1");
+ case 0x302: return("TLSv1.1");
+ case 0x303: return("TLSv1.2");
+ case 0x304: return("TLSv1.3");
+ }
+
+ snprintf(v, sizeof(v), "%04X", version);
+ return(v);
+}
+
+/* ********************************** */
+
/**
* @brief Print the flow
*/
@@ -800,10 +834,16 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
flow->dst2src_packets, (long long unsigned int) flow->dst2src_bytes);
if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name);
+
if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info);
- if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info);
+ if(flow->ssh_ssl.ssl_version != 0) fprintf(out, "[%s]", ssl_version2str(flow->ssh_ssl.ssl_version));
+ if(flow->ssh_ssl.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_ssl.ja3_client,
+ print_cipher(flow->ssh_ssl.client_unsafe_cipher));
if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info);
+
+ if(flow->ssh_ssl.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s%s]", flow->ssh_ssl.ja3_server,
+ print_cipher(flow->ssh_ssl.server_unsafe_cipher));
if(flow->ssh_ssl.server_organization[0] != '\0') fprintf(out, "[organization: %s]", flow->ssh_ssl.server_organization);
if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash);
@@ -850,6 +890,15 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
if((flow->ssh_ssl.client_info[0] != '\0') || (flow->ssh_ssl.server_info[0] != '\0')) {
json_object *sjObj = json_object_new_object();
+ if(flow->ssh_ssl.ja3_server[0] != '\0')
+ json_object_object_add(jObj,"ja3s",json_object_new_string(flow->ssh_ssl.ja3_server));
+
+ if(flow->ssh_ssl.ja3_client[0] != '\0')
+ json_object_object_add(jObj,"ja3c",json_object_new_string(flow->ssh_ssl.ja3_client));
+
+ if(flow->ja3_server[0] != '\0')
+ json_object_object_add(jObj,"host.server.ja3",json_object_new_string(flow->ja3_server));
+
if(flow->ssh_ssl.client_info[0] != '\0')
json_object_object_add(sjObj, "client", json_object_new_string(flow->ssh_ssl.client_info));
@@ -1521,6 +1570,8 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
ndpi_enable_loaded_categories(ndpi_thread_info[thread_id].workflow->ndpi_struct);
} else
printf("ERROR: Unable to read file %s\n", _customCategoryFilePath);
+
+ fclose(fd);
}
}