cisco / mercury

Mercury: network metadata capture and analysis
Other
444 stars 76 forks source link

Inputs into pmercury.protocols.tls.fingerprint() #24

Open GreenWinters opened 1 year ago

GreenWinters commented 1 year ago

Hello,

I'm attempting to use the fingerprint function from pmercury.protocols.tls in a python script. Can more documentation be provided about the data, offset, and data_len parameters of the fingerprint functions, e.g. data type? From what I can tell, offset and data_len are integers and data is a list, but I can't tell what's in this list. Are they strings and integers? If so, how do we map what's parsed from a PCAP into inputs to the fingerprint function? Better yet, map string input fields from sources like Zeek's conn.log, ssl.log, or x509.log? Ideally, I would understand what fields and their formats the fingerprint function is appending to c and context. My goal is to pipeline input into this function, but without more documentation, I can't anticipate what the format of the data input needs to be to ensure the function doesn't output a faulty fingerprint.