mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-04-28 06:59:40 +00:00
50 lines
1.6 KiB
Text
50 lines
1.6 KiB
Text
#Example of configuration if you are interested ONLY in flow (sub)-classification
|
|
#(i.e. no metadata at all and no flow risks)
|
|
|
|
#No flow risks
|
|
--cfg=flow_risk.all,0
|
|
|
|
#General metadata
|
|
--cfg=metadata.tcp_fingerprint,0
|
|
--cfg=metadata.ndpi_fingerprint,0 #Note that you can't use custom rules based on fingerprints!
|
|
--cfg=dpi.compute_entropy,0
|
|
#BITTORRENT
|
|
--cfg=bittorrent,metadata.hash,0
|
|
#SSDP
|
|
--cfg=ssdp,metadata,0
|
|
#TLS (we might need ja4c for subclassification)
|
|
--cfg=tls,metadata.sha1_fingerprint,0
|
|
--cfg=tls,metadata.ja3s_fingerprint,0
|
|
--cfg=tls,metadata.cert_server_names,0
|
|
--cfg=tls,metadata.cert_validity,0
|
|
--cfg=tls,metadata.cert_issuer,0
|
|
--cfg=tls,metadata.cert_subject,0
|
|
--cfg=tls,metadata.alpn_negotiated,0
|
|
--cfg=tls,metadata.versions_supported,0
|
|
--cfg=tls,metadata.cipher,0
|
|
--cfg=tls,metadata.browser,0
|
|
#SIP
|
|
--cfg=sip,metadata.attribute.from,0
|
|
--cfg=sip,metadata.attribute.from_imsi,0
|
|
--cfg=sip,metadata.attribute.to,0
|
|
--cfg=sip,metadata.attribute.to_imsi,0
|
|
#STUN
|
|
--cfg=stun,metadata.attribute.mapped_address,0
|
|
--cfg=stun,metadata.attribute.peer_address,0
|
|
--cfg=stun,metadata.attribute.relayed_address,0
|
|
--cfg=stun,metadata.attribute.response_origin,0
|
|
--cfg=stun,metadata.attribute.other_address,0
|
|
#HTTP
|
|
--cfg=http,metadata.req.content_type,0
|
|
--cfg=http,metadata.req.referer,0
|
|
--cfg=http,metadata.req.host,0
|
|
--cfg=http,metadata.req.username,0
|
|
--cfg=http,metadata.req.password,0
|
|
--cfg=http,metadata.resp.content_type,0
|
|
--cfg=http,metadata.resp.server,0
|
|
|
|
#DNS:we need only the request for sub-classification
|
|
--cfg=dns,process_response,0 #Note that this option has an huge impact on FPC!
|
|
|
|
#RTP
|
|
--cfg=rtp,max_packets_extra_dissection,0
|