File tree Expand file tree Collapse file tree 1 file changed +9
-0
lines changed
Expand file tree Collapse file tree 1 file changed +9
-0
lines changed Original file line number Diff line number Diff line change @@ -590,6 +590,15 @@ List of fields exported together with basic flow fields on interface by quic plu
590590| :------------------:| :------:| :-------------------------------:|
591591| QUIC_SNI | string | Decrypted server name |
592592
593+ ### SSADetector
594+
595+ List of fields exported together with basic flow fields on interface by ssadetector plugin.
596+ The detector search for the SYN SYN-ACK ACK pattern in packet lengths. Multiple occurrences of this pattern suggest a tunneled connection.
597+
598+ | Output field | Type | Description |
599+ | :------------------:| :------:| :---------------------------------------:|
600+ | SSA_CONF_LEVEL | uint8 | 1 if SSA sequence detected, 0 otherwise |
601+
593602## Simplified function diagram
594603Diagram below shows how ` ipfixprobe ` works.
595604
You can’t perform that action at this time.
0 commit comments