-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy patharchitecture.txt
73 lines (61 loc) · 1.56 KB
/
architecture.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# ex: set ff=dos ts=2 et:
# $Id$
input
hint.sql
db.oui
map IEEE802.3 MAC address OUI prefixes to their vendor organizations
db.map
map 'hint' output to the software/systems that generate it
./cap
[libpcap]
parse data
report
[libsqlite3]
rep_addr -> db.addr
rep_hint -> db.hint
rep_traffic -> db.traffic
output
link hints to their maps
hint <-> map
aggregate linked addresses into 'hosts'
db.addr <-> db.addr
[(a,b),(b,c),(d,e)] -> [(a,b,c),(d,e)]
Predefined Data
------------------------------------------------------
QUESTION: is it better (with regards to clarity and updates)
to keep everything in a .csv file and convert explicitly to SQL...
or should we keep the data in SQL?
def-os.csv
def-app.csv
def-hardware.csv
def-vendor.csv
map-app-http-UserAgent.xml
map-os-bootp-VendorClass.sql
map-
allagents.xml map-app-http-UserAgent.csv (<-- allagents.xml)
app_def.csv def-app.csv
bootp_hint_Vendor_Class.csv map-os-bootp-VendorClass.csv
bootp_option_fingerprint.csv
browse_os.csv
cdp_hint_platform.csv
dns_hint_TXT.csv
hardware_def.csv
http_header_def.csv
http_hint_Server.csv
http_hint_User-Agent.csv
http_hint_X-Powered-By.csv
icmp_echo_hint.csv
import-oui
import-oui.c
import-oui.sh
ipv4_def.csv
llc_org_def.csv
mac_vendor_def.csv map-IEEE8023-vendor.sql
os_def.csv def-os.csv
oui.txt
research
samples
smb_fingerprint.csv
ssdp_header_def.csv
ssdp_hint_Server.csv
tcp_hint.csv