Ejemplo n.º 1
0
LOCAL void mysql_classify(MolochSession_t *session, const unsigned char *data, int len, int which, void *UNUSED(uw))
{
    if (which != 1)
        return;

    if (moloch_session_has_protocol(session, "mysql"))
        return;

    unsigned char *ptr = (unsigned char*)data + 5;
    unsigned char *end = (unsigned char*)data + len;

    while (ptr < end) {
        if (*ptr == 0)
            break;
        if (!isprint(*ptr)) {
            return;
        }
        ptr++;
    }

    if (ptr == end || ptr == data + 5) {
        return;
    }

    Info_t *info = MOLOCH_TYPE_ALLOC0(Info_t);
    info->versionLen = ptr - (data + 5);
    info->version = g_strndup((char*)data + 5, info->versionLen);
    moloch_parsers_register(session, mysql_parser, info, mysql_free);
}
Ejemplo n.º 2
0
void dns_tcp_classify(MolochSession_t *session, const unsigned char *UNUSED(data), int UNUSED(len), int which, void *UNUSED(uw))
{
    if (/*which == 0 &&*/ session->port2 == 53 && !moloch_session_has_protocol(session, "dns")) {
        moloch_session_add_protocol(session, "dns");
        DNSInfo_t  *info= MOLOCH_TYPE_ALLOC0(DNSInfo_t);
        moloch_parsers_register(session, dns_tcp_parser, info, dns_free);
    }
}
Ejemplo n.º 3
0
void ssh_classify(MolochSession_t *session, const unsigned char *UNUSED(data), int UNUSED(len), int UNUSED(which), void *UNUSED(uw))
{
    if (moloch_session_has_protocol(session, "ssh"))
        return;

    moloch_session_add_protocol(session, "ssh");

    SSHInfo_t            *ssh          = MOLOCH_TYPE_ALLOC0(SSHInfo_t);

    moloch_parsers_register(session, ssh_parser, ssh, ssh_free);
}
Ejemplo n.º 4
0
Archivo: tds.c Proyecto: IFGHou/moloch 
LOCAL void tds_classify(MolochSession_t *session, const unsigned char *UNUSED(data), int len, int which, void *UNUSED(uw))
{
    if (which != 0 || len < 512 || moloch_session_has_protocol(session, "tds"))
        return;

    moloch_session_add_protocol(session, "tds");

    TDSInfo_t            *tds          = MOLOCH_TYPE_ALLOC(TDSInfo_t);
    tds->pos[0] = tds->pos[1] = 0;

    moloch_parsers_register(session, tds_parser, tds, tds_free);
}
Ejemplo n.º 5
0
static int MS_has_protocol(lua_State *L)
{
    if (lua_gettop(L) != 2 || !lua_isuserdata(L, 1) || !lua_isstring(L, 2)) {
        return luaL_error(L, "usage: <session> <protocol>");
    }

    MolochSession_t *session = checkMolochSession(L, 1);
    gboolean result = moloch_session_has_protocol(session, lua_tostring(L, 2));

    lua_pushboolean(L, result);
    return 1;
}
Ejemplo n.º 6
0
Archivo: krb5.c Proyecto: paulpc/moloch 
LOCAL void krb5_udp_classify(MolochSession_t *session, const unsigned char *data, int len, int UNUSED(which), void *UNUSED(uw))
{
    if (moloch_session_has_protocol(session, "krb5"))
        return;

    BSB obsb;
    uint32_t opc, otag, olen;

    BSB_INIT(obsb, data, len);
    moloch_parsers_asn_get_tlv(&obsb, &opc, &otag, &olen);
#ifdef KRB5_DEBUG
    LOG("enter %u %u %u", opc, otag, olen);
#endif
    if (opc && (otag == 10 || otag == 12 || otag == 30) && len >= (int)olen) {
        moloch_parsers_register(session, krb5_udp_parser, 0, 0);
    }
}
Ejemplo n.º 7
0
Archivo: irc.c Proyecto: paulpc/moloch 
LOCAL void irc_classify(MolochSession_t *session, const unsigned char *data, int len, int which, void *UNUSED(uw))
{
    if (len < 8)
        return;

    if (data[0] == ':' && !moloch_memstr((char *)data, len, " NOTICE ", 8))
        return;

    //If a USER packet must have NICK or +iw with it so we don't pickup FTP
    if (data[0] == 'U' && !moloch_memstr((char *)data, len, "\nNICK ", 6) && !moloch_memstr((char *)data, len, " +iw ", 5)) {
        return;
    }

    if (moloch_session_has_protocol(session, "irc"))
        return;

    moloch_session_add_protocol(session, "irc");

    IRCInfo_t            *irc          = MOLOCH_TYPE_ALLOC0(IRCInfo_t);

    moloch_parsers_register(session, irc_parser, irc, irc_free);
    irc_parser(session, irc, data, len, which);
}