public override bool Equals(object obj)
{
TlsHandshake that = obj as TlsHandshake;
return((((((((that != null) &&
object.Equals(this.Timestamp, that.Timestamp)) &&
object.Equals(this.IpSrc, that.IpSrc)) &&
object.Equals(this.IpDst, that.IpDst)) &&
object.Equals(this.TcpSrcport, that.TcpSrcport)) &&
object.Equals(this.TcpDstport, that.TcpDstport)) &&
object.Equals(this.ClientHello, that.ClientHello)) &&
object.Equals(this.ServerHello, that.ServerHello));
}
public override void Define()
{
TlsHandshake handshake = null;
DnsQueryResponse dnsQueryResponse = null;
When()
.Match <TlsHandshake>(() => handshake)
.Match <DnsQueryResponse>(() => dnsQueryResponse,
d => d.Query.IpSrc == handshake.IpSrc,
d => d.Response.DnsA.Contains(handshake.IpDst)
);
Then()
.Do(ctx => ctx.TryInsert(new ContextFlow <DnsQueryResponse, TlsHandshake> {
Timestamp = handshake.Timestamp,
Flow = handshake,
Context = dnsQueryResponse,
Protocol = System.Net.Sockets.ProtocolType.Tcp,
IpSrc = handshake.IpSrc,
IpDst = handshake.IpDst,
TcpSrcport = handshake.TcpSrcport,
TcpDstport = handshake.TcpDstport
}));
}
