vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Improved ICMP entropy report

Browse source
This commit is contained in:
Luca Deri 2022-12-18 14:06:35 +01:00
parent 980f065935
commit 2864694cc1
2 changed files with 11 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

23
scripts/lua/get_flows_data.lua
View file

@ -81,8 +81,16 @@ for key, value in ipairs(flows_stats) do
info = flows_info["info"]
italic = false
elseif(not isEmptyString(flows_info["icmp"])) then
local icmp = flows_info["icmp"]
info = icmp_utils.get_icmp_label(icmp["type"], icmp["code"])
flows_info["info"] = icmp_utils.get_icmp_type(value.icmp.type, true)
if(value.icmp.entropy ~= nil) then
local e = value.icmp.entropy
local diff = e.max - e.min
if(icmp_utils.is_suspicious_entropy(e.min, e.max)) then
flows_info["info"] = flows_info["info"] .. " <span class=\"badge bg-warning\">".. i18n("suspicious_payload") .."</span>"
end
end
elseif(flows_info["proto.ndpi"] == "SIP") then
info = getSIPInfo(flows_info)
elseif(starts(flows_info["proto.ndpi"], "RTP")) then
@ -355,17 +363,6 @@ end
local info = value["info"]
if((info == "") and (value.icmp.entropy ~= nil)) then
local e = value.icmp.entropy
local diff = e.max - e.min
info = icmp_utils.get_icmp_type(value.icmp.type, true)
if(icmp_utils.is_suspicious_entropy(e.min, e.max)) then
info = info .. " <span class=\"badge bg-warning\">".. i18n("suspicious_payload") .."</span>"
end
end
if isScoreEnabled() then
record["column_score"] = format_utils.formatValue(value.score.flow_score)
end