From 14b076a58b08e6a5f355619493d4bc8a8d27c924 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 20 Oct 2024 22:25:55 +0200 Subject: Improved TCP fingerprint --- wireshark/ndpi.lua | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'wireshark') diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index cc2bad9fd..66f0a7b98 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -299,15 +299,20 @@ local ndpi_proto_meet = "GoogleMeet" -- NDPI_PROTOCOL_GOOGLE_MEET -- ############################################## local tcp_fingeprint_db = { - [ '2_64_65535_8bf9e292397e'] = "FreeBSD", - [ '2_64_64800_83b2f9a5576c'] = "Linux", - [ '2_64_64240_2e3cee914fc1'] = "Linux", - [ '2_64_29200_2e3cee914fc1'] = "Linux", - [ '2_64_65535_d876f498b09e'] = "Android", - [ '2_128_64240_6bb88f5575fd'] = "Windows", - [ '194_64_65535_15db81ff8b0d'] = "iOS/iPad OS", - [ '194_64_65535_d29295416479'] = "macOS", - [ '2_64_65535_d29295416479'] = "macOS", + ['2_64_65535_8bf9e292397e'] = "FreeBSD", + ['2_64_64800_83b2f9a5576c'] = "Linux", + ['2_64_64240_2e3cee914fc1'] = "Linux", + ['2_64_29200_2e3cee914fc1'] = "Linux", + ['2_64_29200_d853e95bd80f'] = "Linux", + ['2_64_65535_d876f498b09e'] = "Android", + ['2_64_65535_685ad951a756'] = "Android", + ['2_64_65535_41a9d5af7dd3'] = "Android", + ['2_128_64240_6bb88f5575fd'] = "Windows", + ['194_64_65535_15db81ff8b0d'] = "iOS/iPad OS", + ['2_64_65535_41a9d5af7dd3'] = "iOS/iPad OS", + ['194_64_65535_dd5737e4fedb'] = "iOS/iPad OS", + ['194_64_65535_d29295416479'] = "macOS", + ['2_64_65535_d29295416479'] = "macOS", } -- ############################################## @@ -1309,7 +1314,7 @@ function tcp_fingerprint(tvb, pinfo, tree, ip_version) local tcp_flags = getval(f_tcp_flags()) if((tcp_flags == "0x0002")-- SYN - or (tcp_flags == "0x00c2") -- SYN / ECE/ CWR + or (tcp_flags == "0x00c2") -- SYN / ECE / CWR ) then local tcp_options = f_tcp_options() -- cgit v1.2.3