Closed ikstream closed 7 months ago
4elta
commented
11 months ago this isn't as easy as it might look:
<scheme>://<host>:<port>.<host>:<port> (<transport protocol>), <host>:<port> or just <host>
ikstream
commented
11 months ago besides HTTP could we change all analyzers to include port and transport protocol information in the output?
4elta
commented
11 months ago sure thing. i have already fixed this with the ISAKMP (VPN) analyzer (commit a944d4ad23a8679779ee5d8d24b4ce9c9b9ab9ee). since commit 4e9e055f4e739674dabc57e89cf9e6ab43d637de every analyzer (except HTTP) now identifies assets using the following scheme:
<host>:<port> (<transport protocol>) (transport protocol in lower case letters)
4elta
commented
7 months ago i guess, you are ok with how an "asset" is identified (see my two comments above). otherwise please feel free to reopen this issue.
It would be lovely if the CSV output of the analyzers could be more separated. I would prefer an output where the port Information is separate from the host information. This could help in post processing when tables and similar are created from the csv output. This might allow for better filtering with regular office tools used with in many companies. The protocol could be in a column by itself as well.