Update method for computing sha256 of packets

This commit changes how packet hashes are computed. First, uses the packet metadata timestamp as a salt. Second, it uses the entire packet rahter than the UDP payload.
chazlever · Apr 9, 2021 · 6ae42b3 · 6ae42b3
1 parent aa2dbe8
commit 6ae42b3
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/parser/parse.go b/parser/parse.go
@@ -177,7 +177,13 @@ PACKETLOOP:
 			schema.SourcePort = uint16(udp.SrcPort)
 			schema.DestinationPort = uint16(udp.DstPort)
 			schema.Udp = true
-			schema.Sha256 = fmt.Sprintf("%x", sha256.Sum256(udp.Payload))
+
+			// Hash and salt packet for grouping related records
+			tsSalt, err := packet.Metadata().Timestamp.MarshalBinary()
+			if err != nil {
+				log.Errorf("Could not marshal timestamp: #{err}\n")
+			}
+			schema.Sha256 = fmt.Sprintf("%x", sha256.Sum256(append(tsSalt, packet.Data()...)))
 		}
 
 		// This means we did not attempt to parse a DNS payload and