evan/ewconfig
1
Fork 0
Code

add ssh ignore option

Browse Source
This commit is contained in:
Evan Pratten 2023-12-20 14:51:18 -05:00
parent ee0180e618
commit 9dfadb8eaa
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/ifpi
View File

@ -60,7 +60,7 @@ def classify_traffic(
for pattern in patterns: for pattern in patterns:
if pattern.match(str(hostname)): if pattern.match(str(hostname)):
return service return service
# Fallbacks in case we can't figure anything else out # Fallbacks in case we can't figure anything else out
if packet_proto == "TCP" and destination_port == 443: if packet_proto == "TCP" and destination_port == 443:
return f"HTTPS ({hostname})" return f"HTTPS ({hostname})"
@ -82,6 +82,11 @@ def main() -> int:
help="Subnet(s) to consider local", help="Subnet(s) to consider local",
action="append", action="append",
) )
ap.add_argument(
"--ignore-ssh",
help="Ignore SSH traffic",
action="store_true",
)
ap.add_argument( ap.add_argument(
"-v", "--verbose", help="Enable verbose logging", action="store_true" "-v", "--verbose", help="Enable verbose logging", action="store_true"
) )
@ -153,6 +158,10 @@ def main() -> int:
classification = classify_traffic( classification = classify_traffic(
destination, int(destination_port), metadata.lstrip().split(" ")[0] destination, int(destination_port), metadata.lstrip().split(" ")[0]
) )
# Handle ignoring SSH traffic
if args.ignore_ssh and classification == "SSH":
continue
print(f"{source}\t{classification}") print(f"{source}\t{classification}")