Differences

This shows you the differences between two versions of the page.

--- script:x509_ext_c2 [2018/02/08 18:31]
veera [Trisul vs Bro approaches to the same problem]
+++ script:x509_ext_c2 [2018/02/08 18:31] (current)
veera [Analysing the sample PCAP in Trisul]
@@ Line 24: / Line 24: @@
-Next you have to write a small LUA script that plugs into the FTS SSL Certs Stream. Your script will then get a chance to peek at each certificate //out of the fast packet path//.  By moving this out of the //Fast Packet Path// (For more on Fast Path and Slow Path in Trisul LUA API see [[https://www.trisul.org/docs/lua/basics.html#stream_processing|"Stream Processing"]])) Trisul gives your scripts a large time budget a few seconds to process without incurring packet loss.  The Trisul LUA API provides the [[https://www.trisul.org/docs/lua/fts_monitor.html|FTS Monitor script]] for exactly this purpose.
+Next you have to write a small LUA script that plugs into the FTS SSL Certs Stream. Your script will then get a chance to peek at each certificate //out of the fast packet path//.  By moving this out of the //Fast Packet Path// ((For more on Fast Path and Slow Path in Trisul LUA API see [[https://www.trisul.org/docs/lua/basics.html#stream_processing|"Stream Processing"]])) Trisul gives your scripts a large time budget a few seconds to process without incurring packet loss.  The Trisul LUA API provides the [[https://www.trisul.org/docs/lua/fts_monitor.html|FTS Monitor script]] for exactly this purpose.
 I just put together a quick [[https://github.com/trisulnsm/trisul-scripts/blob/master/lua/backend_scripts/fts/c2-x509-fts.lua|FTS Monitor LUA script on GitHub]] that demonstrates how you can pick apart the cert using a simple regex. The snippet is shown below

Trisul Network Analytics Developer Zone

User Tools

Site Tools

Differences

Page Tools

Trisul Network Analytics
Developer Zone