New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fingerprint is not recognized #534
Comments
I am also getting this issue after a recent update. Out of all my of SSID's and Fingerprints 2 are throwing alerts even though I have the correct info in nyzme.conf file. |
Did you add the fingerprint after the alert was triggered? Alerts do not "clean up" after a configuration change. |
I'm not sure in what direction your answer goes. I'm using the above configuration and enable it with "sudo systemctl restart nzyme" and after that the alerts triggers. And i think that must not happen because the fingerprint is correct defined. |
That's weird. I appears like you are doing everything right. I'll look into it. |
Not sure, if this helps but I switched to "systemctl stop nzyme" and "systemctl start nzyme" to get new fingerprints in. A "restart" did not do update for me at least once. |
I gave it a try, but it makes no sense. The command "systemctl restart nzyme" start and stops the service. I check it on the process list. After the command the "nzyme-Process" has a new PID. At least i don't get any message with the fingerprint already defined till now, but I don't think the problem is gone. Because of that problem #510 it is very hard to track it down. I have 80 Alerts in two days, that i must check. Sorry, nzyme is not usable for me at the moment. I have read in the forum that you want to modify the calculation of the fingerprint - possible that solves the problem for me. I am also geting a lot of messages in the log with "Malformed 802.11 tagged parameters" When it gaves a possibilty to see what parms are used für the fingerprint in log - i can checkout more. |
I have the same issue with growing fingerprints on my Fritz AP + repeater network. I deactivated the fingerprint and crypto_change alerts for now but as I also see unexpected SSIDs beacons with random single character names ("j", "^", "L",...) I am assuming there might be just incomplete frames or noise involved as I have ~16 wifi networks channel hopping around me here. EDIT: just noticed, that also all new fingerprints are 1 Frame events as well. |
This will be improved with the new v2.0.0 architecture. |
Hello,
i'm getting the following alert;
The nzyme.conf looks like that:
The fingerprint "278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff" on myipng with fc:ec:da:4f:81:01 is correct (?) defined.
See somebody the problem or is something wrong with the parsing from the nzyme.conf.
Something that i see also - wenn i click on the Link from the BSSID in Alerts , i see only 1 or 2 fingerprints and not all 14?!
Thanks
The text was updated successfully, but these errors were encountered: