Skip to content

new: [muonfp] Added object#517

Open
vladiliushin wants to merge 1 commit intoMISP:mainfrom
vladiliushin:add-muonfp-object
Open

new: [muonfp] Added object#517
vladiliushin wants to merge 1 commit intoMISP:mainfrom
vladiliushin:add-muonfp-object

Conversation

@vladiliushin
Copy link
Copy Markdown

@vladiliushin vladiliushin commented May 4, 2026
edited
Loading

Adds a new muonfp MISP object template for the MuonFP open-source TCP fingerprinting standard.

  • MuonFP fingerprints are derived from TCP attributes observed during the SYN/SYN-ACK handshake and expressed as TCPWindowSize:TCPOptions:TCPMSS:TCPWindowScale (e.g 26847:2-4-8-1-3:1460:8).
  • The template captures the full fingerprint plus its individual components, source/destination IPs, first/last seen timestamps, a free-text description and a reference link, mirroring the conventions used by the existing ja3, ja4-plus and jarm objects.

Attributes

  • muonfp-fingerprint (required) - full MuonFP fingerprint string
  • tcp-window-size, tcp-options, tcp-mss, tcp-window-scale - individual fingerprint components
  • ip-src, ip-dst - observed endpoints (multiple)
  • first-seen, last-seen - observation window
  • description, reference - free-text context and source link

Sanity checks

  • unique_uuid.py reports no UUID collisions
  • jq_all_the_things.sh passes

new: [muonfp] Added object
602969e 
MuonFP is an open-source TCP fingerprinting standard derived from
TCP SYN/SYN-ACK packet attributes (TCP Window Size, ordered TCP
Options KIND list, TCP MSS and TCP Window Scale), expressed as
'TCPWindowSize:TCPOptions:TCPMSS:TCPWindowScale'.

Reference: https://github.com/sundruid/muonfp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vladiliushin