"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/reference/snort_reference.text" between
snort3-3.1.31.0.tar.gz and snort3-3.1.32.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

snort_reference.text  (snort3-3.1.31.0):snort_reference.text  (snort3-3.1.32.0)
--------------------------------------------------------------------- ---------------------------------------------------------------------
Snort 3 Reference Manual Snort 3 Reference Manual
--------------------------------------------------------------------- ---------------------------------------------------------------------
The Snort Team The Snort Team
Revision History Revision History
Revision 3.1.31.0 2022-06-01 13:59:47 EDT TST Revision 3.1.32.0 2022-06-15 10:02:53 EDT TST
--------------------------------------------------------------------- ---------------------------------------------------------------------
Table of Contents Table of Contents
1. Help 1. Help
2. Basic Modules 2. Basic Modules
2.1. active 2.1. active
2.2. alerts 2.2. alerts
skipping to change at line 2710 skipping to change at line 2710
* int dce_smb.smb_max_compound = 3: SMB max compound size { 0:255 } * int dce_smb.smb_max_compound = 3: SMB max compound size { 0:255 }
* multi dce_smb.valid_smb_versions = all: valid SMB versions { v1 | * multi dce_smb.valid_smb_versions = all: valid SMB versions { v1 |
v2 | all } v2 | all }
* enum dce_smb.smb_file_inspection: deprecated (not used): file * enum dce_smb.smb_file_inspection: deprecated (not used): file
inspection controlled by smb_file_depth { off | on | only } inspection controlled by smb_file_depth { off | on | only }
* int dce_smb.smb_file_depth = 16384: SMB file depth for file data * int dce_smb.smb_file_depth = 16384: SMB file depth for file data
(-1 = disabled, 0 = unlimited) { -1:32767 } (-1 = disabled, 0 = unlimited) { -1:32767 }
* string dce_smb.smb_invalid_shares: SMB shares to alert on * string dce_smb.smb_invalid_shares: SMB shares to alert on
* bool dce_smb.smb_legacy_mode = false: inspect only SMBv1 * bool dce_smb.smb_legacy_mode = false: inspect only SMBv1
* int dce_smb.smb_max_credit = 8192: Maximum number of outstanding * int dce_smb.smb_max_credit = 8192: Maximum number of outstanding
request { 1:65536 } request { 1:65535 }
* int dce_smb.memcap = 8388608: Memory utilization limit on smb { * int dce_smb.memcap = 8388608: Memory utilization limit on smb {
512:maxSZ } 512:maxSZ }
Rules: Rules:
* 133:2 (dce_smb) SMB - bad NetBIOS session service session type * 133:2 (dce_smb) SMB - bad NetBIOS session service session type
* 133:3 (dce_smb) SMB - bad SMB message type * 133:3 (dce_smb) SMB - bad SMB message type
* 133:4 (dce_smb) SMB - bad SMB Id (not \xffSMB for SMB1 or not \ * 133:4 (dce_smb) SMB - bad SMB Id (not \xffSMB for SMB1 or not \
xfeSMB for SMB2) xfeSMB for SMB2)
* 133:5 (dce_smb) SMB - bad word count or structure size * 133:5 (dce_smb) SMB - bad word count or structure size
skipping to change at line 4232 skipping to change at line 4232
records that contain an initiator or responder IP from these records that contain an initiator or responder IP from these
networks networks
* bool netflow.rules[].create_host = false: generate a new host * bool netflow.rules[].create_host = false: generate a new host
event event
* bool netflow.rules[].create_service = false: generate a new or * bool netflow.rules[].create_service = false: generate a new or
changed service event changed service event
* int netflow.flow_memcap = 0: maximum memory for flow record cache * int netflow.flow_memcap = 0: maximum memory for flow record cache
in bytes, 0 = unlimited { 0:maxSZ } in bytes, 0 = unlimited { 0:maxSZ }
* int netflow.template_memcap = 0: maximum memory for template * int netflow.template_memcap = 0: maximum memory for template
cache in bytes, 0 = unlimited { 0:maxSZ } cache in bytes, 0 = unlimited { 0:maxSZ }
* string netflow.netflow_service_id_path: path to file containing
service IDs for NetFlow
Peg counts: Peg counts:
* netflow.cache_adds: netflow cache added new entry (sum) * netflow.cache_adds: netflow cache added new entry (sum)
* netflow.cache_hits: netflow cache found existing entry (sum) * netflow.cache_hits: netflow cache found existing entry (sum)
* netflow.cache_misses: netflow cache did not find entry (sum) * netflow.cache_misses: netflow cache did not find entry (sum)
* netflow.cache_replaces: netflow cache found entry and replaced * netflow.cache_replaces: netflow cache found entry and replaced
its value (sum) its value (sum)
* netflow.cache_max: netflow cache’s maximum byte usage (sum) * netflow.cache_max: netflow cache’s maximum byte usage (sum)
* netflow.cache_prunes: netflow cache pruned entry to make space * netflow.cache_prunes: netflow cache pruned entry to make space
skipping to change at line 4810 skipping to change at line 4812
* string rna.rna_conf_path: path to rna configuration * string rna.rna_conf_path: path to rna configuration
* bool rna.enable_logger = true: enable or disable writing * bool rna.enable_logger = true: enable or disable writing
discovery events into logger discovery events into logger
* bool rna.log_when_idle = false: enable host update logging when * bool rna.log_when_idle = false: enable host update logging when
snort is idle snort is idle
* string rna.dump_file: file name to dump RNA mac cache on * string rna.dump_file: file name to dump RNA mac cache on
shutdown; won’t dump by default shutdown; won’t dump by default
* int rna.tcp_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.tcp_fingerprints[].fpid = 0: fingerprint id { 0:max32 }
* int rna.tcp_fingerprints[].type = 0: fingerprint type { 0:max32 } * int rna.tcp_fingerprints[].type = 0: fingerprint type { 0:max32 }
* string rna.tcp_fingerprints[].uuid: fingerprint uuid * string rna.tcp_fingerprints[].uuid: fingerprint uuid
* int rna.tcp_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } * int rna.tcp_fingerprints[].ttl = 0: fingerprint ttl { 0:255 }
* string rna.tcp_fingerprints[].tcp_window: fingerprint tcp window * string rna.tcp_fingerprints[].tcp_window: fingerprint tcp window
* string rna.tcp_fingerprints[].mss = X: fingerprint mss * string rna.tcp_fingerprints[].mss = X: fingerprint mss
* string rna.tcp_fingerprints[].id = X: id * string rna.tcp_fingerprints[].id = X: id
* string rna.tcp_fingerprints[].topts: fingerprint tcp options * string rna.tcp_fingerprints[].topts: fingerprint tcp options
* string rna.tcp_fingerprints[].ws = X: fingerprint window size * string rna.tcp_fingerprints[].ws = X: fingerprint window size
* bool rna.tcp_fingerprints[].df = false: fingerprint don’t * bool rna.tcp_fingerprints[].df = false: fingerprint don’t
fragment flag fragment flag
* enum rna.tcp_fingerprints[].ua_type = os: type of user agent * enum rna.tcp_fingerprints[].ua_type = os: type of user agent
fingerprints { os | device | jail-broken | jail-broken-host } fingerprints { os | device | jail-broken | jail-broken-host }
* string rna.tcp_fingerprints[].user_agent[].substring: a substring * string rna.tcp_fingerprints[].user_agent[].substring: a substring
skipping to change at line 4832 skipping to change at line 4834
* string rna.tcp_fingerprints[].host_name: host name information * string rna.tcp_fingerprints[].host_name: host name information
* string rna.tcp_fingerprints[].device: device information * string rna.tcp_fingerprints[].device: device information
* string rna.tcp_fingerprints[].dhcp55: dhcp option 55 values * string rna.tcp_fingerprints[].dhcp55: dhcp option 55 values
* string rna.tcp_fingerprints[].dhcp60: dhcp option 60 values * string rna.tcp_fingerprints[].dhcp60: dhcp option 60 values
* int rna.tcp_fingerprints[].major: smb major version { 0:max31 } * int rna.tcp_fingerprints[].major: smb major version { 0:max31 }
* int rna.tcp_fingerprints[].minor: smb minor version { 0:max31 } * int rna.tcp_fingerprints[].minor: smb minor version { 0:max31 }
* int rna.tcp_fingerprints[].flags: smb flags { 0:max32 } * int rna.tcp_fingerprints[].flags: smb flags { 0:max32 }
* int rna.ua_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.ua_fingerprints[].fpid = 0: fingerprint id { 0:max32 }
* int rna.ua_fingerprints[].type = 0: fingerprint type { 0:max32 } * int rna.ua_fingerprints[].type = 0: fingerprint type { 0:max32 }
* string rna.ua_fingerprints[].uuid: fingerprint uuid * string rna.ua_fingerprints[].uuid: fingerprint uuid
* int rna.ua_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } * int rna.ua_fingerprints[].ttl = 0: fingerprint ttl { 0:255 }
* string rna.ua_fingerprints[].tcp_window: fingerprint tcp window * string rna.ua_fingerprints[].tcp_window: fingerprint tcp window
* string rna.ua_fingerprints[].mss = X: fingerprint mss * string rna.ua_fingerprints[].mss = X: fingerprint mss
* string rna.ua_fingerprints[].id = X: id * string rna.ua_fingerprints[].id = X: id
* string rna.ua_fingerprints[].topts: fingerprint tcp options * string rna.ua_fingerprints[].topts: fingerprint tcp options
* string rna.ua_fingerprints[].ws = X: fingerprint window size * string rna.ua_fingerprints[].ws = X: fingerprint window size
* bool rna.ua_fingerprints[].df = false: fingerprint don’t fragment * bool rna.ua_fingerprints[].df = false: fingerprint don’t fragment
flag flag
* enum rna.ua_fingerprints[].ua_type = os: type of user agent * enum rna.ua_fingerprints[].ua_type = os: type of user agent
fingerprints { os | device | jail-broken | jail-broken-host } fingerprints { os | device | jail-broken | jail-broken-host }
* string rna.ua_fingerprints[].user_agent[].substring: a substring * string rna.ua_fingerprints[].user_agent[].substring: a substring
skipping to change at line 4854 skipping to change at line 4856
* string rna.ua_fingerprints[].host_name: host name information * string rna.ua_fingerprints[].host_name: host name information
* string rna.ua_fingerprints[].device: device information * string rna.ua_fingerprints[].device: device information
* string rna.ua_fingerprints[].dhcp55: dhcp option 55 values * string rna.ua_fingerprints[].dhcp55: dhcp option 55 values
* string rna.ua_fingerprints[].dhcp60: dhcp option 60 values * string rna.ua_fingerprints[].dhcp60: dhcp option 60 values
* int rna.ua_fingerprints[].major: smb major version { 0:max31 } * int rna.ua_fingerprints[].major: smb major version { 0:max31 }
* int rna.ua_fingerprints[].minor: smb minor version { 0:max31 } * int rna.ua_fingerprints[].minor: smb minor version { 0:max31 }
* int rna.ua_fingerprints[].flags: smb flags { 0:max32 } * int rna.ua_fingerprints[].flags: smb flags { 0:max32 }
* int rna.udp_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.udp_fingerprints[].fpid = 0: fingerprint id { 0:max32 }
* int rna.udp_fingerprints[].type = 0: fingerprint type { 0:max32 } * int rna.udp_fingerprints[].type = 0: fingerprint type { 0:max32 }
* string rna.udp_fingerprints[].uuid: fingerprint uuid * string rna.udp_fingerprints[].uuid: fingerprint uuid
* int rna.udp_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } * int rna.udp_fingerprints[].ttl = 0: fingerprint ttl { 0:255 }
* string rna.udp_fingerprints[].tcp_window: fingerprint tcp window * string rna.udp_fingerprints[].tcp_window: fingerprint tcp window
* string rna.udp_fingerprints[].mss = X: fingerprint mss * string rna.udp_fingerprints[].mss = X: fingerprint mss
* string rna.udp_fingerprints[].id = X: id * string rna.udp_fingerprints[].id = X: id
* string rna.udp_fingerprints[].topts: fingerprint tcp options * string rna.udp_fingerprints[].topts: fingerprint tcp options
* string rna.udp_fingerprints[].ws = X: fingerprint window size * string rna.udp_fingerprints[].ws = X: fingerprint window size
* bool rna.udp_fingerprints[].df = false: fingerprint don’t * bool rna.udp_fingerprints[].df = false: fingerprint don’t
fragment flag fragment flag
* enum rna.udp_fingerprints[].ua_type = os: type of user agent * enum rna.udp_fingerprints[].ua_type = os: type of user agent
fingerprints { os | device | jail-broken | jail-broken-host } fingerprints { os | device | jail-broken | jail-broken-host }
* string rna.udp_fingerprints[].user_agent[].substring: a substring * string rna.udp_fingerprints[].user_agent[].substring: a substring
skipping to change at line 4876 skipping to change at line 4878
* string rna.udp_fingerprints[].host_name: host name information * string rna.udp_fingerprints[].host_name: host name information
* string rna.udp_fingerprints[].device: device information * string rna.udp_fingerprints[].device: device information
* string rna.udp_fingerprints[].dhcp55: dhcp option 55 values * string rna.udp_fingerprints[].dhcp55: dhcp option 55 values
* string rna.udp_fingerprints[].dhcp60: dhcp option 60 values * string rna.udp_fingerprints[].dhcp60: dhcp option 60 values
* int rna.udp_fingerprints[].major: smb major version { 0:max31 } * int rna.udp_fingerprints[].major: smb major version { 0:max31 }
* int rna.udp_fingerprints[].minor: smb minor version { 0:max31 } * int rna.udp_fingerprints[].minor: smb minor version { 0:max31 }
* int rna.udp_fingerprints[].flags: smb flags { 0:max32 } * int rna.udp_fingerprints[].flags: smb flags { 0:max32 }
* int rna.smb_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.smb_fingerprints[].fpid = 0: fingerprint id { 0:max32 }
* int rna.smb_fingerprints[].type = 0: fingerprint type { 0:max32 } * int rna.smb_fingerprints[].type = 0: fingerprint type { 0:max32 }
* string rna.smb_fingerprints[].uuid: fingerprint uuid * string rna.smb_fingerprints[].uuid: fingerprint uuid
* int rna.smb_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } * int rna.smb_fingerprints[].ttl = 0: fingerprint ttl { 0:255 }
* string rna.smb_fingerprints[].tcp_window: fingerprint tcp window * string rna.smb_fingerprints[].tcp_window: fingerprint tcp window
* string rna.smb_fingerprints[].mss = X: fingerprint mss * string rna.smb_fingerprints[].mss = X: fingerprint mss
* string rna.smb_fingerprints[].id = X: id * string rna.smb_fingerprints[].id = X: id
* string rna.smb_fingerprints[].topts: fingerprint tcp options * string rna.smb_fingerprints[].topts: fingerprint tcp options
* string rna.smb_fingerprints[].ws = X: fingerprint window size * string rna.smb_fingerprints[].ws = X: fingerprint window size
* bool rna.smb_fingerprints[].df = false: fingerprint don’t * bool rna.smb_fingerprints[].df = false: fingerprint don’t
fragment flag fragment flag
* enum rna.smb_fingerprints[].ua_type = os: type of user agent * enum rna.smb_fingerprints[].ua_type = os: type of user agent
fingerprints { os | device | jail-broken | jail-broken-host } fingerprints { os | device | jail-broken | jail-broken-host }
* string rna.smb_fingerprints[].user_agent[].substring: a substring * string rna.smb_fingerprints[].user_agent[].substring: a substring
skipping to change at line 8853 skipping to change at line 8855
(-1 = disabled, 0 = unlimited) { -1:32767 } (-1 = disabled, 0 = unlimited) { -1:32767 }
* enum dce_smb.smb_file_inspection: deprecated (not used): file * enum dce_smb.smb_file_inspection: deprecated (not used): file
inspection controlled by smb_file_depth { off | on | only } inspection controlled by smb_file_depth { off | on | only }
* enum dce_smb.smb_fingerprint_policy = none: target based SMB * enum dce_smb.smb_fingerprint_policy = none: target based SMB
policy to use { none | client | server | both } policy to use { none | client | server | both }
* string dce_smb.smb_invalid_shares: SMB shares to alert on * string dce_smb.smb_invalid_shares: SMB shares to alert on
* bool dce_smb.smb_legacy_mode = false: inspect only SMBv1 * bool dce_smb.smb_legacy_mode = false: inspect only SMBv1
* int dce_smb.smb_max_chain = 3: SMB max chain size { 0:255 } * int dce_smb.smb_max_chain = 3: SMB max chain size { 0:255 }
* int dce_smb.smb_max_compound = 3: SMB max compound size { 0:255 } * int dce_smb.smb_max_compound = 3: SMB max compound size { 0:255 }
* int dce_smb.smb_max_credit = 8192: Maximum number of outstanding * int dce_smb.smb_max_credit = 8192: Maximum number of outstanding
request { 1:65536 } request { 1:65535 }
* multi dce_smb.valid_smb_versions = all: valid SMB versions { v1 | * multi dce_smb.valid_smb_versions = all: valid SMB versions { v1 |
v2 | all } v2 | all }
* bool dce_tcp.disable_defrag = false: disable DCE/RPC * bool dce_tcp.disable_defrag = false: disable DCE/RPC
defragmentation defragmentation
* bool dce_tcp.limit_alerts = true: limit DCE alert to at most one * bool dce_tcp.limit_alerts = true: limit DCE alert to at most one
per signature per flow per signature per flow
* int dce_tcp.max_frag_len = 65535: maximum fragment size for * int dce_tcp.max_frag_len = 65535: maximum fragment size for
defragmentation { 1514:65535 } defragmentation { 1514:65535 }
* enum dce_tcp.policy = WinXP: target based policy to use { Win2000 * enum dce_tcp.policy = WinXP: target based policy to use { Win2000
| WinXP | WinVista | Win2003 | Win2008 | Win7 | Samba | | WinXP | WinVista | Win2003 | Win2008 | Win7 | Samba |
skipping to change at line 9499 skipping to change at line 9501
-1:255 } -1:255 }
* enum mpls.payload_type = auto: force encapsulated payload type { * enum mpls.payload_type = auto: force encapsulated payload type {
auto | eth | ip4 | ip6 } auto | eth | ip4 | ip6 }
* string msg.~: message describing rule * string msg.~: message describing rule
* interval mss.~range: check if TCP MSS is in given range { 0:65535 * interval mss.~range: check if TCP MSS is in given range { 0:65535
} }
* string netflow.dump_file: file name to dump netflow cache on * string netflow.dump_file: file name to dump netflow cache on
shutdown; won’t dump by default shutdown; won’t dump by default
* int netflow.flow_memcap = 0: maximum memory for flow record cache * int netflow.flow_memcap = 0: maximum memory for flow record cache
in bytes, 0 = unlimited { 0:maxSZ } in bytes, 0 = unlimited { 0:maxSZ }
* string netflow.netflow_service_id_path: path to file containing
service IDs for NetFlow
* bool netflow.rules[].create_host = false: generate a new host * bool netflow.rules[].create_host = false: generate a new host
event event
* bool netflow.rules[].create_service = false: generate a new or * bool netflow.rules[].create_service = false: generate a new or
changed service event changed service event
* addr netflow.rules[].device_ip: restrict the NetFlow devices from * addr netflow.rules[].device_ip: restrict the NetFlow devices from
which Snort will analyze packets which Snort will analyze packets
* bool netflow.rules[].exclude = false: exclude the NetFlow records * bool netflow.rules[].exclude = false: exclude the NetFlow records
that match this rule that match this rule
* string netflow.rules[].networks: generate events for NetFlow * string netflow.rules[].networks: generate events for NetFlow
records that contain an initiator or responder IP from these records that contain an initiator or responder IP from these
skipping to change at line 9881 skipping to change at line 9885
* string rna.smb_fingerprints[].dhcp60: dhcp option 60 values * string rna.smb_fingerprints[].dhcp60: dhcp option 60 values
* int rna.smb_fingerprints[].flags: smb flags { 0:max32 } * int rna.smb_fingerprints[].flags: smb flags { 0:max32 }
* int rna.smb_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.smb_fingerprints[].fpid = 0: fingerprint id { 0:max32 }
* string rna.smb_fingerprints[].host_name: host name information * string rna.smb_fingerprints[].host_name: host name information
* string rna.smb_fingerprints[].id = X: id * string rna.smb_fingerprints[].id = X: id
* int rna.smb_fingerprints[].major: smb major version { 0:max31 } * int rna.smb_fingerprints[].major: smb major version { 0:max31 }
* int rna.smb_fingerprints[].minor: smb minor version { 0:max31 } * int rna.smb_fingerprints[].minor: smb minor version { 0:max31 }
* string rna.smb_fingerprints[].mss = X: fingerprint mss * string rna.smb_fingerprints[].mss = X: fingerprint mss
* string rna.smb_fingerprints[].tcp_window: fingerprint tcp window * string rna.smb_fingerprints[].tcp_window: fingerprint tcp window
* string rna.smb_fingerprints[].topts: fingerprint tcp options * string rna.smb_fingerprints[].topts: fingerprint tcp options
* int rna.smb_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } * int rna.smb_fingerprints[].ttl = 0: fingerprint ttl { 0:255 }
* int rna.smb_fingerprints[].type = 0: fingerprint type { 0:max32 } * int rna.smb_fingerprints[].type = 0: fingerprint type { 0:max32 }
* enum rna.smb_fingerprints[].ua_type = os: type of user agent * enum rna.smb_fingerprints[].ua_type = os: type of user agent
fingerprints { os | device | jail-broken | jail-broken-host } fingerprints { os | device | jail-broken | jail-broken-host }
* string rna.smb_fingerprints[].user_agent[].substring: a substring * string rna.smb_fingerprints[].user_agent[].substring: a substring
of user agent string of user agent string
* string rna.smb_fingerprints[].uuid: fingerprint uuid * string rna.smb_fingerprints[].uuid: fingerprint uuid
* string rna.smb_fingerprints[].ws = X: fingerprint window size * string rna.smb_fingerprints[].ws = X: fingerprint window size
* string rna.tcp_fingerprints[].device: device information * string rna.tcp_fingerprints[].device: device information
* bool rna.tcp_fingerprints[].df = false: fingerprint don’t * bool rna.tcp_fingerprints[].df = false: fingerprint don’t
fragment flag fragment flag
skipping to change at line 9903 skipping to change at line 9907
* string rna.tcp_fingerprints[].dhcp60: dhcp option 60 values * string rna.tcp_fingerprints[].dhcp60: dhcp option 60 values
* int rna.tcp_fingerprints[].flags: smb flags { 0:max32 } * int rna.tcp_fingerprints[].flags: smb flags { 0:max32 }
* int rna.tcp_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.tcp_fingerprints[].fpid = 0: fingerprint id { 0:max32 }
* string rna.tcp_fingerprints[].host_name: host name information * string rna.tcp_fingerprints[].host_name: host name information
* string rna.tcp_fingerprints[].id = X: id * string rna.tcp_fingerprints[].id = X: id
* int rna.tcp_fingerprints[].major: smb major version { 0:max31 } * int rna.tcp_fingerprints[].major: smb major version { 0:max31 }
* int rna.tcp_fingerprints[].minor: smb minor version { 0:max31 } * int rna.tcp_fingerprints[].minor: smb minor version { 0:max31 }
* string rna.tcp_fingerprints[].mss = X: fingerprint mss * string rna.tcp_fingerprints[].mss = X: fingerprint mss
* string rna.tcp_fingerprints[].tcp_window: fingerprint tcp window * string rna.tcp_fingerprints[].tcp_window: fingerprint tcp window
* string rna.tcp_fingerprints[].topts: fingerprint tcp options * string rna.tcp_fingerprints[].topts: fingerprint tcp options
* int rna.tcp_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } * int rna.tcp_fingerprints[].ttl = 0: fingerprint ttl { 0:255 }
* int rna.tcp_fingerprints[].type = 0: fingerprint type { 0:max32 } * int rna.tcp_fingerprints[].type = 0: fingerprint type { 0:max32 }
* enum rna.tcp_fingerprints[].ua_type = os: type of user agent * enum rna.tcp_fingerprints[].ua_type = os: type of user agent
fingerprints { os | device | jail-broken | jail-broken-host } fingerprints { os | device | jail-broken | jail-broken-host }
* string rna.tcp_fingerprints[].user_agent[].substring: a substring * string rna.tcp_fingerprints[].user_agent[].substring: a substring
of user agent string of user agent string
* string rna.tcp_fingerprints[].uuid: fingerprint uuid * string rna.tcp_fingerprints[].uuid: fingerprint uuid
* string rna.tcp_fingerprints[].ws = X: fingerprint window size * string rna.tcp_fingerprints[].ws = X: fingerprint window size
* string rna.ua_fingerprints[].device: device information * string rna.ua_fingerprints[].device: device information
* bool rna.ua_fingerprints[].df = false: fingerprint don’t fragment * bool rna.ua_fingerprints[].df = false: fingerprint don’t fragment
flag flag
skipping to change at line 9925 skipping to change at line 9929
* string rna.ua_fingerprints[].dhcp60: dhcp option 60 values * string rna.ua_fingerprints[].dhcp60: dhcp option 60 values
* int rna.ua_fingerprints[].flags: smb flags { 0:max32 } * int rna.ua_fingerprints[].flags: smb flags { 0:max32 }
* int rna.ua_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.ua_fingerprints[].fpid = 0: fingerprint id { 0:max32 }
* string rna.ua_fingerprints[].host_name: host name information * string rna.ua_fingerprints[].host_name: host name information
* string rna.ua_fingerprints[].id = X: id * string rna.ua_fingerprints[].id = X: id
* int rna.ua_fingerprints[].major: smb major version { 0:max31 } * int rna.ua_fingerprints[].major: smb major version { 0:max31 }
* int rna.ua_fingerprints[].minor: smb minor version { 0:max31 } * int rna.ua_fingerprints[].minor: smb minor version { 0:max31 }
* string rna.ua_fingerprints[].mss = X: fingerprint mss * string rna.ua_fingerprints[].mss = X: fingerprint mss
* string rna.ua_fingerprints[].tcp_window: fingerprint tcp window * string rna.ua_fingerprints[].tcp_window: fingerprint tcp window
* string rna.ua_fingerprints[].topts: fingerprint tcp options * string rna.ua_fingerprints[].topts: fingerprint tcp options
* int rna.ua_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } * int rna.ua_fingerprints[].ttl = 0: fingerprint ttl { 0:255 }
* int rna.ua_fingerprints[].type = 0: fingerprint type { 0:max32 } * int rna.ua_fingerprints[].type = 0: fingerprint type { 0:max32 }
* enum rna.ua_fingerprints[].ua_type = os: type of user agent * enum rna.ua_fingerprints[].ua_type = os: type of user agent
fingerprints { os | device | jail-broken | jail-broken-host } fingerprints { os | device | jail-broken | jail-broken-host }
* string rna.ua_fingerprints[].user_agent[].substring: a substring * string rna.ua_fingerprints[].user_agent[].substring: a substring
of user agent string of user agent string
* string rna.ua_fingerprints[].uuid: fingerprint uuid * string rna.ua_fingerprints[].uuid: fingerprint uuid
* string rna.ua_fingerprints[].ws = X: fingerprint window size * string rna.ua_fingerprints[].ws = X: fingerprint window size
* string rna.udp_fingerprints[].device: device information * string rna.udp_fingerprints[].device: device information
* bool rna.udp_fingerprints[].df = false: fingerprint don’t * bool rna.udp_fingerprints[].df = false: fingerprint don’t
fragment flag fragment flag
skipping to change at line 9947 skipping to change at line 9951
* string rna.udp_fingerprints[].dhcp60: dhcp option 60 values * string rna.udp_fingerprints[].dhcp60: dhcp option 60 values
* int rna.udp_fingerprints[].flags: smb flags { 0:max32 } * int rna.udp_fingerprints[].flags: smb flags { 0:max32 }
* int rna.udp_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.udp_fingerprints[].fpid = 0: fingerprint id { 0:max32 }
* string rna.udp_fingerprints[].host_name: host name information * string rna.udp_fingerprints[].host_name: host name information
* string rna.udp_fingerprints[].id = X: id * string rna.udp_fingerprints[].id = X: id
* int rna.udp_fingerprints[].major: smb major version { 0:max31 } * int rna.udp_fingerprints[].major: smb major version { 0:max31 }
* int rna.udp_fingerprints[].minor: smb minor version { 0:max31 } * int rna.udp_fingerprints[].minor: smb minor version { 0:max31 }
* string rna.udp_fingerprints[].mss = X: fingerprint mss * string rna.udp_fingerprints[].mss = X: fingerprint mss
* string rna.udp_fingerprints[].tcp_window: fingerprint tcp window * string rna.udp_fingerprints[].tcp_window: fingerprint tcp window
* string rna.udp_fingerprints[].topts: fingerprint tcp options * string rna.udp_fingerprints[].topts: fingerprint tcp options
* int rna.udp_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } * int rna.udp_fingerprints[].ttl = 0: fingerprint ttl { 0:255 }
* int rna.udp_fingerprints[].type = 0: fingerprint type { 0:max32 } * int rna.udp_fingerprints[].type = 0: fingerprint type { 0:max32 }
* enum rna.udp_fingerprints[].ua_type = os: type of user agent * enum rna.udp_fingerprints[].ua_type = os: type of user agent
fingerprints { os | device | jail-broken | jail-broken-host } fingerprints { os | device | jail-broken | jail-broken-host }
* string rna.udp_fingerprints[].user_agent[].substring: a substring * string rna.udp_fingerprints[].user_agent[].substring: a substring
of user agent string of user agent string
* string rna.udp_fingerprints[].uuid: fingerprint uuid * string rna.udp_fingerprints[].uuid: fingerprint uuid
* string rna.udp_fingerprints[].ws = X: fingerprint window size * string rna.udp_fingerprints[].ws = X: fingerprint window size
* int rpc.~app: application number { 0:max32 } * int rpc.~app: application number { 0:max32 }
* string rpc.~proc: procedure number or * for any * string rpc.~proc: procedure number or * for any
* string rpc.~ver: version number or * for any * string rpc.~ver: version number or * for any
 End of changes. 13 change blocks. 
11 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)