diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index a6bcbac8c0e..5f5531d0876 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -34,6 +34,7 @@ end local ndpi_proto = Proto("ndpi", "nDPI Protocol Interpreter") local tcp_fprint = Proto("ndpi.tcp_fingerprint", "TCP Fingerprint") +local dhcp_fprint = Proto("ndpi.dhcp_fingerprint", "DHCP Fingerprint") ndpi_proto.fields = {} @@ -44,6 +45,7 @@ ndpi_fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.pr ndpi_fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT16, nil, base.DEC) ndpi_fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) ndpi_fds.flags = ProtoField.new("nDPI Flags", "ndpi.flags", ftypes.UINT8, nil, base.HEX) + local dir_types = { [0] = "Unknown Direction", [1] = "Client to Server Direction", @@ -160,6 +162,7 @@ ntop_fds.client_nw_rtt = ProtoField.new("TCP client network RTT (msec)", "nt ntop_fds.server_nw_rtt = ProtoField.new("TCP server network RTT (msec)", "ntop.latency.server_rtt", ftypes.FLOAT, nil, base.NONE) ntop_fds.appl_latency_rtt = ProtoField.new("Application Latency RTT (msec)", "ntop.latency.appl_rtt", ftypes.FLOAT, nil, base.NONE) ntop_fds.tcp_fingerprint = ProtoField.new("TCP Fingerprint", "ntop.tcp_fingerprint", ftypes.STRING, nil, base.NONE) +ntop_fds.dhcp_fingerprint = ProtoField.new("DHCP Fingerprint", "ntop.dhcp_fingerprint", ftypes.STRING, nil, base.NONE) local f_eth_source = Field.new("eth.src") local f_eth_trailer = Field.new("eth.trailer") @@ -1232,6 +1235,11 @@ function dhcp_dissector(tvb, pinfo, tree) end dhcp_fingerprints[srckey] = fingerprint + + if(pinfo.visited == true) then + local dhcp_f_entry = tree:add(ntop_proto, tvb()) + dhcp_f_entry:add(ntop_fds.dhcp_fingerprint, fingerprint) + end end end @@ -1424,7 +1432,6 @@ function tcp_fingerprint(tvb, pinfo, tree, ip_version) f_print = string.upper(num_tcp_flags.."_"..ip_ttl .."_".. tcp_win .."_".. fingerprint) end - if(tcp_opt_debug) then tprint("Fingerprint: " .. f_print) end local tcp_f_entry = tree:add(ntop_proto, tvb()) @@ -1781,18 +1788,20 @@ function stun_dissector(tvb, pinfo, tree) stun_flows_table = stun_develop_table(stun_flows_table,key,key2,protocol) end - local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol") - if(protocol ~= ndpi_proto_unknown) then + local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol") ndpi_subtree:add(ndpi_fds.name, protocol) stun_old_id_packet = id_packet elseif(protocol == ndpi_proto_unknown) then if stun_flows_table[key] ~= nil then + local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol") ndpi_subtree:add(ndpi_fds.name,stun_flows_table[key]) elseif stun_flows_table[key2] ~= nil then + local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol") ndpi_subtree:add(ndpi_fds.name,stun_flows_table[key2]) elseif stun_old_id_packet > id_packet then protocol = stun_processed_packets[key] ~= nil and stun_processed_packets[key] or stun_processed_packets[key2] ~= nil and stun_processed_packets[key2] or ndpi_proto_unknown + local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol") ndpi_subtree:add(ndpi_fds.name,protocol) end @@ -1851,7 +1860,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree) local ndpikey, srckey, dstkey, flowkey, flow_risk local flow_risk_tree, flow_risk_info_len, metadata_list_tree, metadata_tree, metadata_list_len local name - local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol") + local ndpi_subtree = tree:add(ndpi_proto, trailer_tvb, "nDPI Protocol") local application_protocol, mlen local offset = 0