Skip to content

Commit

Permalink
Merge pull request #177 from piercema/main
Browse files Browse the repository at this point in the history 
Fix #TODO:  add config for packet count
  • Loading branch information
@john-althouse
john-althouse authored Oct 24, 2024
2 parents a74ec2b + 52c3734 commit d9fb2cc
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions zeek/ja4ssh/main.zeek
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ export {

};

option ja4_ssh_packet_count = 200;

# Logging boilerplate
redef enum Log::ID += { LOG };
global log_fingerprint_ja4ssh: event(rec: Info);
Expand Down Expand Up @@ -122,8 +124,7 @@ event ConnThreshold::packets_threshold_crossed(c: connection, threshold: count,
c$fp$ja4ssh$resp_pack_len += rp$tcp$dl;
}
}
# TODO: add config for packet count
if(|c$fp$ja4ssh$orig_pack_len| + |c$fp$ja4ssh$resp_pack_len| >= 200) {
if(|c$fp$ja4ssh$orig_pack_len| + |c$fp$ja4ssh$resp_pack_len| >= ja4_ssh_packet_count) {
do_ja4ssh(c);
}
}
Expand All @@ -147,4 +148,4 @@ event connection_state_remove(c: connection) {
if(c?$fp && c$fp?$ja4ssh && c$fp$ja4ssh$is_ssh) {
do_ja4ssh(c);
}
}
}

0 comments on commit d9fb2cc

Please sign in to comment.