mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
3bce313b12
This commit switches UID hashing from md5 to a highway hash. It also moves the salt value out of the file plugin - and makes it installation-specific instead - it is moved to the global namespace. There now are digest hash functions to make "static" installation-specific hashes that are stable over workers available to everyone; hashes can be 64, 128 or 256 bits in size. Due to the fact that we switch the file hashing algorithm, all file hashes change. The underlyigng algorithm that is used for hashing is highwayhash-128, which is significantly faster than md5.
11 lines
831 B
Text
11 lines
831 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path rdp
|
|
#open 2020-04-30-00-47-26
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol client_channels keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method
|
|
#types time string addr port addr port string string string vector[string] string string string string count count string string count bool string string
|
|
1297551041.284715 CHhAvVGS1DHFjwGM9 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - - 0 - - -
|
|
1297551078.958821 ClEkJM2Vm5giqnMf4h 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - - 0 - - -
|
|
#close 2020-04-30-00-47-27
|