diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-01-05 13:02:39 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-05 13:02:39 +0100 |
| commit | 40797521af054032908ca43de0878eda6255db77 (patch) | |
| tree | 48b79d6240c740fff9887b28b880cf9eeca42137 | |
| parent | 3d09b256532b13b71dd80de1d1843fe226617ccf (diff) | |
ndpiReader: add breed stats on output used for CI (#2236)
488 files changed, 1161 insertions, 5 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 3fba97bbf..c383ca522 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -3646,7 +3646,9 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us u_int32_t avg_pkt_size = 0; int thread_id; char buf[32]; - long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; + long long unsigned int breed_stats_pkts[NUM_BREEDS] = { 0 }; + long long unsigned int breed_stats_bytes[NUM_BREEDS] = { 0 }; + long long unsigned int breed_stats_flows[NUM_BREEDS] = { 0 }; memset(&cumulative_stats, 0, sizeof(cumulative_stats)); @@ -4024,7 +4026,9 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us ndpi_protocol_breed_t breed = ndpi_get_proto_breed(ndpi_thread_info[0].workflow->ndpi_struct, i); if(cumulative_stats.protocol_counter[i] > 0) { - breed_stats[breed] += (long long unsigned int)cumulative_stats.protocol_counter_bytes[i]; + breed_stats_bytes[breed] += (long long unsigned int)cumulative_stats.protocol_counter_bytes[i]; + breed_stats_pkts[breed] += (long long unsigned int)cumulative_stats.protocol_counter[i]; + breed_stats_flows[breed] += (long long unsigned int)cumulative_stats.protocol_flows[i]; if(results_file) fprintf(results_file, "%s\t%llu\t%llu\t%u\n", @@ -4049,10 +4053,21 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us printf("\n\nProtocol statistics:\n"); for(i=0; i < NUM_BREEDS; i++) { - if(breed_stats[i] > 0) { - printf("\t%-20s %13llu bytes\n", + if(breed_stats_pkts[i] > 0) { + printf("\t%-20s packets: %-13llu bytes: %-13llu " + "flows: %-13llu\n", ndpi_get_proto_breed_name(ndpi_thread_info[0].workflow->ndpi_struct, i), - breed_stats[i]); + breed_stats_pkts[i], breed_stats_bytes[i], breed_stats_flows[i]); + } + } + } + if(results_file) { + fprintf(results_file, "\n"); + for(i=0; i < NUM_BREEDS; i++) { + if(breed_stats_pkts[i] > 0) { + fprintf(results_file, "%-20s %13llu %-13llu %-13llu\n", + ndpi_get_proto_breed_name(ndpi_thread_info[0].workflow->ndpi_struct, i), + breed_stats_pkts[i], breed_stats_bytes[i], breed_stats_flows[i]); } } } diff --git a/tests/cfgs/caches_cfg/result/ookla.pcap.out b/tests/cfgs/caches_cfg/result/ookla.pcap.out index fa711d273..4650de3eb 100644 --- a/tests/cfgs/caches_cfg/result/ookla.pcap.out +++ b/tests/cfgs/caches_cfg/result/ookla.pcap.out @@ -28,6 +28,9 @@ TLS 29 23166 1 HTTP_Proxy 10 2375 1 Ookla 74 12870 4 +Safe 103 36036 5 +Acceptable 10 2375 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 2 diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out index 56a6a1c52..d766cd98c 100644 --- a/tests/cfgs/caches_cfg/result/teams.pcap.out +++ b/tests/cfgs/caches_cfg/result/teams.pcap.out @@ -43,6 +43,11 @@ Microsoft365 136 52120 6 Teams 595 215358 26 Azure 2 294 1 +Safe 1168 564758 49 +Acceptable 325 111699 32 +Fun 1 82 1 +Unrated 4 456 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.6 6 diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index 788add272..2ae143087 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -44,6 +44,12 @@ MpegDash 1 299 1 1kxun 914 1969311 48 Line 30 19034 3 +Safe 124 28754 9 +Acceptable 622 514902 119 +Fun 948 1976493 53 +Dangerous 5 1197 2 +Unrated 24 6428 14 + JA3 Host Stats: IP Address # JA3C 1 192.168.5.16 2 diff --git a/tests/cfgs/default/result/443-chrome.pcap.out b/tests/cfgs/default/result/443-chrome.pcap.out index 73a1ec229..b0abe8f95 100644 --- a/tests/cfgs/default/result/443-chrome.pcap.out +++ b/tests/cfgs/default/result/443-chrome.pcap.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 1 1506 1 +Safe 1 1506 1 + 1 TCP 178.62.197.130:443 -> 192.168.1.13:53059 [proto: 91/TLS][IP: 26/ntop][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/default/result/443-curl.pcap.out b/tests/cfgs/default/result/443-curl.pcap.out index 2775cfc6d..141623187 100644 --- a/tests/cfgs/default/result/443-curl.pcap.out +++ b/tests/cfgs/default/result/443-curl.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 109 73982 1 +Safe 109 73982 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/443-firefox.pcap.out b/tests/cfgs/default/result/443-firefox.pcap.out index 2b24f333b..7ea661d8e 100644 --- a/tests/cfgs/default/result/443-firefox.pcap.out +++ b/tests/cfgs/default/result/443-firefox.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 667 458067 1 +Safe 667 458067 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/443-git.pcap.out b/tests/cfgs/default/result/443-git.pcap.out index 44298176d..42de493bb 100644 --- a/tests/cfgs/default/result/443-git.pcap.out +++ b/tests/cfgs/default/result/443-git.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Github 70 37189 1 +Acceptable 70 37189 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/443-opvn.pcap.out b/tests/cfgs/default/result/443-opvn.pcap.out index 1c8849c3e..91e19cfc1 100644 --- a/tests/cfgs/default/result/443-opvn.pcap.out +++ b/tests/cfgs/default/result/443-opvn.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OpenVPN 46 11573 1 +Acceptable 46 11573 1 + 1 TCP 192.168.1.84:52973 <-> 192.12.192.103:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VPN/2][25 pkts/5636 bytes <-> 21 pkts/5937 bytes][Goodput ratio: 70/77][8.96 sec][bytes ratio: -0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 443/427 3959/4015 926/1024][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 225/283 1506/1506 330/399][PLAIN TEXT (Registro.it)][Plen Bins: 4,41,4,8,0,0,0,0,0,4,4,0,0,0,4,0,0,4,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,8,0,0] diff --git a/tests/cfgs/default/result/443-safari.pcap.out b/tests/cfgs/default/result/443-safari.pcap.out index cc12e1aab..65bd2fcdb 100644 --- a/tests/cfgs/default/result/443-safari.pcap.out +++ b/tests/cfgs/default/result/443-safari.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 41 19929 1 +Safe 41 19929 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/4in4tunnel.pcap.out b/tests/cfgs/default/result/4in4tunnel.pcap.out index a85f40206..0785a2415 100644 --- a/tests/cfgs/default/result/4in4tunnel.pcap.out +++ b/tests/cfgs/default/result/4in4tunnel.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 5 850 1 +Unrated 5 850 1 + Undetected flows: diff --git a/tests/cfgs/default/result/4in6tunnel.pcap.out b/tests/cfgs/default/result/4in6tunnel.pcap.out index f9ddc8827..30f5385e0 100644 --- a/tests/cfgs/default/result/4in6tunnel.pcap.out +++ b/tests/cfgs/default/result/4in6tunnel.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Microsoft 4 2188 1 +Safe 4 2188 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.1 1 diff --git a/tests/cfgs/default/result/6in4tunnel.pcap.out b/tests/cfgs/default/result/6in4tunnel.pcap.out index 80494902d..8bcf004f2 100644 --- a/tests/cfgs/default/result/6in4tunnel.pcap.out +++ b/tests/cfgs/default/result/6in4tunnel.pcap.out @@ -29,6 +29,10 @@ TLS 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 +Safe 32 15913 3 +Acceptable 58 9654 4 +Fun 37 14726 3 + JA3 Host Stats: IP Address # JA3C 1 2001:470:1f17:13f:3e97:eff:fe73:4dec 2 diff --git a/tests/cfgs/default/result/6in6tunnel.pcap.out b/tests/cfgs/default/result/6in6tunnel.pcap.out index b82265671..908db4404 100644 --- a/tests/cfgs/default/result/6in6tunnel.pcap.out +++ b/tests/cfgs/default/result/6in6tunnel.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) Unknown 2 212 1 +Unrated 2 212 1 + Undetected flows: diff --git a/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out b/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out index e494872f8..8a0642003 100644 --- a/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out +++ b/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BGP 14 969 1 +Acceptable 14 969 1 + 1 TCP 100.16.1.2:18324 <-> 100.16.1.1:179 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][7 pkts/388 bytes <-> 7 pkts/581 bytes][Goodput ratio: 20/46][50.10 sec][bytes ratio: -0.199 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10014/9944 50028/49681 20007/19868][Pkt Len c2s/s2c min/avg/max/stddev: 44/44 55/83 101/195 20/49][Plen Bins: 57,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/BGP_redist.pcap.out b/tests/cfgs/default/result/BGP_redist.pcap.out index b30416cf0..ea063ed9f 100644 --- a/tests/cfgs/default/result/BGP_redist.pcap.out +++ b/tests/cfgs/default/result/BGP_redist.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) BGP 2 322 2 +Acceptable 2 322 2 + 1 TCP 2.2.2.2:179 -> 4.4.4.4:63535 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 2.2.2.2:179 -> 5.5.5.5:49433 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/159 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/EAQ.pcap.out b/tests/cfgs/default/result/EAQ.pcap.out index 6af92afbb..af26d8413 100644 --- a/tests/cfgs/default/result/EAQ.pcap.out +++ b/tests/cfgs/default/result/EAQ.pcap.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found) Google 23 11743 2 EAQ 174 10092 29 +Acceptable 197 21835 31 + 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Goodput ratio: 23/97][0.51 sec][Hostname/SNI: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 76/114 400/349 146/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/1666 193/2818 45/1240][URL: www.google.com.br/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg][StatusCode: 200][Content-Type: text/html][Server: gws][User-Agent: test][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Suspicious Log4J][PLAIN TEXT (we50oDAAg HTTP/1.1)][Plen Bins: 0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,60] 2 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Goodput ratio: 26/72][0.20 sec][Hostname/SNI: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 51/50 139/89 54/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78/191 154/602 39/237][URL: www.google.com/][StatusCode: 302][Content-Type: text/html][Server: GFE/2.0][User-Agent: test][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Suspicious Log4J][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][86.62 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 21509/21499 21642/21642 21860/21869 132/138][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index ddaff16c9..fe449e252 100644 --- a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -25,6 +25,8 @@ RTP 1330 182702 1 SIP 92 52851 3 Megaco 130 23570 1 +Acceptable 1552 259123 5 + 1 UDP 10.35.60.100:15580 <-> 10.23.1.52:16756 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][159 pkts/33872 bytes <-> 1171 pkts/148830 bytes][Goodput ratio: 80/66][37.44 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/30 81/286 7/49][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 213/127 214/214 12/32][PLAIN TEXT (UUUUUU)][Plen Bins: 0,0,50,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.35.40.25:5060 <-> 10.35.40.200:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/13254 bytes <-> 24 pkts/13218 bytes][Goodput ratio: 93/92][83.79 sec][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3385/1643 27628/17187 8177/4202][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.35.40.22:2944 <-> 10.23.1.42:2944 [proto: 181/Megaco][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][65 pkts/7788 bytes <-> 65 pkts/15782 bytes][Goodput ratio: 65/83][109.25 sec][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1409/1356 4370/4370 1953/1909][Pkt Len c2s/s2c min/avg/max/stddev: 77/101 120/243 583/561 107/94][PLAIN TEXT (555282713)][Plen Bins: 0,48,0,23,0,1,1,21,0,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/IEC104.pcap.out b/tests/cfgs/default/result/IEC104.pcap.out index a57a673bf..73600b741 100644 --- a/tests/cfgs/default/result/IEC104.pcap.out +++ b/tests/cfgs/default/result/IEC104.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) IEC60870 15 1431 2 +Acceptable 15 1431 2 + 1 TCP 10.175.211.1:2404 <-> 10.119.105.26:54768 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: IoT-Scada/31][7 pkts/987 bytes <-> 5 pkts/270 bytes][Goodput ratio: 61/0][2.00 sec][bytes ratio: 0.570 (Upload)][IAT c2s/s2c min/avg/max/stddev: 36/199 360/521 935/935 313/307][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 141/54 306/54 90/0][Plen Bins: 51,0,0,16,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.175.211.3:2404 <-> 10.119.105.26:54769 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: IoT-Scada/31][2 pkts/120 bytes <-> 1 pkts/54 bytes][Goodput ratio: 5/0][0.22 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out index d40c51d9e..8c29af0a3 100644 --- a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out @@ -34,6 +34,10 @@ Facebook 211 51558 11 HTTP_Proxy 26 3926 1 KakaoTalk 55 9990 15 +Safe 37 5258 7 +Acceptable 99 15120 20 +Fun 211 51558 11 + JA3 Host Stats: IP Address # JA3C 1 10.24.82.188 3 diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out index 9be519674..7a0a5498e 100644 --- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out @@ -36,6 +36,10 @@ KakaoTalk 85 20646 2 KakaoTalk_Voice 44 6196 2 AmazonAWS 4 396 1 +Safe 41 5761 8 +Acceptable 3145 428107 10 +Fun 17 1924 2 + JA3 Host Stats: IP Address # JA3C 1 10.24.82.188 2 diff --git a/tests/cfgs/default/result/NTPv2.pcap.out b/tests/cfgs/default/result/NTPv2.pcap.out index 016f10496..295b601da 100644 --- a/tests/cfgs/default/result/NTPv2.pcap.out +++ b/tests/cfgs/default/result/NTPv2.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NTP 1 410 1 +Acceptable 1 410 1 + 1 UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/410 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/NTPv3.pcap.out b/tests/cfgs/default/result/NTPv3.pcap.out index 25d3d1534..06bd8827f 100644 --- a/tests/cfgs/default/result/NTPv3.pcap.out +++ b/tests/cfgs/default/result/NTPv3.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NTP 1 90 1 +Acceptable 1 90 1 + 1 UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/NTPv4.pcap.out b/tests/cfgs/default/result/NTPv4.pcap.out index 378ec1eba..8a5a16ca6 100644 --- a/tests/cfgs/default/result/NTPv4.pcap.out +++ b/tests/cfgs/default/result/NTPv4.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NTP 1 90 1 +Acceptable 1 90 1 + 1 UDP 85.22.62.120:123 -> 78.46.76.11:123 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/Oscar.pcap.out b/tests/cfgs/default/result/Oscar.pcap.out index 67ab91472..a06a31219 100644 --- a/tests/cfgs/default/result/Oscar.pcap.out +++ b/tests/cfgs/default/result/Oscar.pcap.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 71 9386 1 +Safe 71 9386 1 + 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 21][cat: Web/5][38 pkts/3580 bytes <-> 33 pkts/5806 bytes][Goodput ratio: 42/68][72.45 sec][bytes ratio: -0.237 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2392/2607 58175/58215 10382/11142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/176 369/1414 75/257][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 7,58,5,5,0,0,5,2,2,7,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] diff --git a/tests/cfgs/default/result/TivoDVR.pcap.out b/tests/cfgs/default/result/TivoDVR.pcap.out index ab95dfebe..1b11a7381 100644 --- a/tests/cfgs/default/result/TivoDVR.pcap.out +++ b/tests/cfgs/default/result/TivoDVR.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) TiVoConnect 2 422 1 +Fun 2 422 1 + 1 UDP 98.245.242.69:2190 -> 255.255.255.255:2190 [proto: 308/TiVoConnect][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/422 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][0.00 sec][UUID: 4d696e69-444c-164e-9d41-1459c099c04][Machine: R7000P][Platform: pc/minidlna][Services: TiVoMediaServer:8200/http][PLAIN TEXT (TiVoConnect)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/WebattackRCE.pcap.out b/tests/cfgs/default/result/WebattackRCE.pcap.out index f0e230483..da4504459 100644 --- a/tests/cfgs/default/result/WebattackRCE.pcap.out +++ b/tests/cfgs/default/result/WebattackRCE.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 797 191003 797 +Acceptable 797 191003 797 + 1 TCP 127.0.0.1:51184 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/ajax/api/hook/de)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:51182 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7D][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vb/ajax/api/hook/decodeArg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 127.0.0.1:50946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/WebattackSQLinj.pcap.out b/tests/cfgs/default/result/WebattackSQLinj.pcap.out index 53759cf77..1c3844030 100644 --- a/tests/cfgs/default/result/WebattackSQLinj.pcap.out +++ b/tests/cfgs/default/result/WebattackSQLinj.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 94 30008 9 +Acceptable 94 30008 9 + 1 TCP 172.16.0.1:36212 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/1070 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 56/92][5.01 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002/3 5000/10 1999/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/897 666/2767 210/1090][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,33] 2 TCP 172.16.0.1:36202 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/1004 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 60/92][5.09 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/80 1017/40 5004/80 1994/40][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 167/897 666/4215 223/1659][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 3 TCP 172.16.0.1:36204 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/937 bytes <-> 5 pkts/2359 bytes][Goodput ratio: 64/86][5.01 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 1251/1 5000/4 2164/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 187/472 665/2087 239/808][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] diff --git a/tests/cfgs/default/result/WebattackXSS.pcap.out b/tests/cfgs/default/result/WebattackXSS.pcap.out index cfc7d0aba..77e0b11c1 100644 --- a/tests/cfgs/default/result/WebattackXSS.pcap.out +++ b/tests/cfgs/default/result/WebattackXSS.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 9374 4721148 661 +Acceptable 9374 4721148 661 + 1 TCP 172.16.0.1:59042 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][214 pkts/62915 bytes <-> 107 pkts/190654 bytes][Goodput ratio: 78/96][68.07 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 340/680 4821/4822 530/629][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/1782 651/1935 251/393][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,49] 2 TCP 172.16.0.1:56306 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][205 pkts/62321 bytes <-> 115 pkts/191204 bytes][Goodput ratio: 78/96][68.15 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.508 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 354/600 4804/4805 540/628][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1663 651/1936 252/500][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,23,0,5,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,42] 3 TCP 172.16.0.1:58360 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][210 pkts/62853 bytes <-> 105 pkts/190635 bytes][Goodput ratio: 78/96][67.29 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 346/635 3808/3809 494/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 299/1816 651/1936 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS Attack **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] diff --git a/tests/cfgs/default/result/activision.pcap.out b/tests/cfgs/default/result/activision.pcap.out index 3c0fe6452..47220a738 100644 --- a/tests/cfgs/default/result/activision.pcap.out +++ b/tests/cfgs/default/result/activision.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Activision 60 3904 4 +Fun 60 3904 4 + 1 UDP 192.168.2.100:3074 <-> 45.63.112.54:34741 [proto: 258/Activision][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/491 bytes <-> 7 pkts/485 bytes][Goodput ratio: 32/39][0.88 sec][bytes ratio: 0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 79/66 130/134 202/202 51/56][Pkt Len c2s/s2c min/avg/max/stddev: 60/69 61/69 71/71 4/1][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:3074 <-> 108.61.235.31:33441 [proto: 258/Activision][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/491 bytes <-> 7 pkts/485 bytes][Goodput ratio: 32/39][1.58 sec][bytes ratio: 0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 198/198 212/214 274/269 28/28][Pkt Len c2s/s2c min/avg/max/stddev: 60/69 61/69 71/71 4/1][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:3074 <-> 148.72.173.162:34311 [proto: 258/Activision][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/491 bytes <-> 7 pkts/485 bytes][Goodput ratio: 32/39][1.42 sec][bytes ratio: 0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 200/198 203/200 213/202 5/1][Pkt Len c2s/s2c min/avg/max/stddev: 60/69 61/69 71/71 4/1][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/adult_content.pcap.out b/tests/cfgs/default/result/adult_content.pcap.out index 09058b8c6..6a0cabc65 100644 --- a/tests/cfgs/default/result/adult_content.pcap.out +++ b/tests/cfgs/default/result/adult_content.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) AdultContent 25 7972 1 +Acceptable 25 7972 1 + 1 UDP 192.168.1.199:42759 <-> 31.220.27.69:80 [proto: 78.108/STUN.AdultContent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: AdultContent/34][11 pkts/3593 bytes <-> 14 pkts/4379 bytes][Goodput ratio: 87/87][0.22 sec][Hostname/SNI: b-eu14.stripcdn.com][bytes ratio: -0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/14 55/54 17/17][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 327/313 1246/1418 350/353][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (NurOKA)][Plen Bins: 8,8,12,24,8,16,0,0,4,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0] diff --git a/tests/cfgs/default/result/afp.pcap.out b/tests/cfgs/default/result/afp.pcap.out index 5868a9bc4..145d7e564 100644 --- a/tests/cfgs/default/result/afp.pcap.out +++ b/tests/cfgs/default/result/afp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) AFP 16 1218 1 +Acceptable 16 1218 1 + 1 TCP 192.168.27.57:64987 <-> 192.168.27.139:548 [proto: 97/AFP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][12 pkts/836 bytes <-> 4 pkts/382 bytes][Goodput ratio: 5/31][1.09 sec][bytes ratio: 0.373 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 109/0 1086/0 326/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 70/96 88/116 8/21][Plen Bins: 60,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/agora-sd-rtn.pcap.out b/tests/cfgs/default/result/agora-sd-rtn.pcap.out index 052dc16cb..4eb3efd95 100644 --- a/tests/cfgs/default/result/agora-sd-rtn.pcap.out +++ b/tests/cfgs/default/result/agora-sd-rtn.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SD-RTN 403 112365 26 +Acceptable 403 112365 26 + 1 UDP 192.168.2.100:55322 <-> 104.166.161.75:8130 [proto: 171/SD-RTN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][24 pkts/5221 bytes <-> 6 pkts/3204 bytes][Goodput ratio: 81/92][730.23 sec][Hostname/SNI: 104-166-161-75.edge.agora.io][bytes ratio: 0.239 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34770/0 730075/0 155475/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/534 218/534 986/534 191/0][PLAIN TEXT (75.edge.agora.ioPDMD)][Plen Bins: 20,0,0,20,3,0,10,20,0,0,0,0,0,3,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:46798 <-> 23.248.186.179:8130 [proto: 171/SD-RTN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][11 pkts/2008 bytes <-> 4 pkts/5044 bytes][Goodput ratio: 77/97][< 1 sec][Hostname/SNI: 23-248-186-179.edge.agora.io][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 92/0 29/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/1261 183/1261 367/1261 98/0][PLAIN TEXT (179.edge.agora.ioPDMD)][Plen Bins: 20,0,0,13,13,0,0,20,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:47805 -> 199.190.44.135:8130 [proto: 171/SD-RTN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][18 pkts/4968 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][904.29 sec][Hostname/SNI: 199-190-44-135.edge.agora.io][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 58186/0 927866/0 224551/0][Pkt Len c2s/s2c min/avg/max/stddev: 276/0 276/0 276/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (135.edge.agora.ioPDMD)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ah.pcapng.out b/tests/cfgs/default/result/ah.pcapng.out index d116ae5ad..de2972b06 100644 --- a/tests/cfgs/default/result/ah.pcapng.out +++ b/tests/cfgs/default/result/ah.pcapng.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) IPSec 6 1768 2 +Safe 6 1768 2 + 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][2 pkts/770 bytes <-> 2 pkts/722 bytes][Goodput ratio: 89/88][0.02 sec][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 AH 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/138 bytes <-> 1 pkts/138 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ajp.pcap.out b/tests/cfgs/default/result/ajp.pcap.out index 86adfdec4..aba8f41bd 100644 --- a/tests/cfgs/default/result/ajp.pcap.out +++ b/tests/cfgs/default/result/ajp.pcap.out @@ -26,6 +26,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 6 2200 2 AJP 26 4446 2 +Acceptable 26 4446 2 +Unrated 6 2200 2 + 1 TCP 172.29.9.146:38856 <-> 172.29.9.147:8009 [VLAN: 7][proto: 139/AJP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][7 pkts/1554 bytes <-> 6 pkts/669 bytes][Goodput ratio: 68/36][0.17 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 222/112 896/300 286/84][PLAIN TEXT (HTTP/1.1)][Plen Bins: 50,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.29.9.146:38856 <-> 172.29.9.147:8010 [VLAN: 7][proto: 139/AJP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][7 pkts/1554 bytes <-> 6 pkts/669 bytes][Goodput ratio: 68/36][< 1 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 222/112 896/300 286/84][PLAIN TEXT (HTTP/1.1)][Plen Bins: 50,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out index ac090dcf0..964e446ac 100644 --- a/tests/cfgs/default/result/alexa-app.pcapng.out +++ b/tests/cfgs/default/result/alexa-app.pcapng.out @@ -40,6 +40,9 @@ PlayStore 21 8064 2 GoogleServices 19 2784 2 AmazonAWS 383 142290 19 +Safe 138 23305 13 +Acceptable 2936 1146440 147 + JA3 Host Stats: IP Address # JA3C 1 172.16.42.216 8 diff --git a/tests/cfgs/default/result/alicloud.pcap.out b/tests/cfgs/default/result/alicloud.pcap.out index 6fc9ba200..b5fb4f2c0 100644 --- a/tests/cfgs/default/result/alicloud.pcap.out +++ b/tests/cfgs/default/result/alicloud.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AliCloud 225 22986 15 +Acceptable 225 22986 15 + 1 TCP 192.168.2.100:45094 <-> 8.209.76.194:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.49 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/1 17/67 23/322 7/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:51774 <-> 8.209.77.36:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.46 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 14/64 20/318 7/114][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:57322 <-> 8.209.107.122:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.33 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 16/41 24/166 9/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/among_us.pcap.out b/tests/cfgs/default/result/among_us.pcap.out index aa53bfa9b..2c37116c3 100644 --- a/tests/cfgs/default/result/among_us.pcap.out +++ b/tests/cfgs/default/result/among_us.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) AmongUs 1 57 1 +Fun 1 57 1 + 1 UDP 10.0.0.1:64260 -> 172.105.251.170:22023 [proto: 69/AmongUs][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/57 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/amqp.pcap.out b/tests/cfgs/default/result/amqp.pcap.out index 16a4a1112..46e8de806 100644 --- a/tests/cfgs/default/result/amqp.pcap.out +++ b/tests/cfgs/default/result/amqp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AMQP 160 23514 3 +Acceptable 160 23514 3 + 1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][54 pkts/10859 bytes <-> 54 pkts/3564 bytes][Goodput ratio: 67/0][4.12 sec][bytes ratio: 0.506 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 85/85 2001/2001 341/341][Pkt Len c2s/s2c min/avg/max/stddev: 103/66 201/66 395/66 103/0][PLAIN TEXT (celeryev)][Plen Bins: 0,33,0,33,0,0,9,0,9,5,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.1.1:5672 <-> 127.0.0.1:44204 [proto: 192/AMQP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: RPC/16][13 pkts/4327 bytes <-> 9 pkts/699 bytes][Goodput ratio: 80/15][4.12 sec][bytes ratio: 0.722 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/3 407/588 2001/2001 623/729][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 333/78 514/87 211/10][PLAIN TEXT (celeryev)][Plen Bins: 38,0,0,0,0,0,0,0,0,0,0,0,0,38,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][15 pkts/3075 bytes <-> 15 pkts/990 bytes][Goodput ratio: 68/0][1.04 sec][bytes ratio: 0.513 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 87/87 540/540 182/182][Pkt Len c2s/s2c min/avg/max/stddev: 97/66 205/66 312/66 88/0][PLAIN TEXT (default)][Plen Bins: 33,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/android.pcap.out b/tests/cfgs/default/result/android.pcap.out index 36ea86288..52330cbd3 100644 --- a/tests/cfgs/default/result/android.pcap.out +++ b/tests/cfgs/default/result/android.pcap.out @@ -44,6 +44,10 @@ Spotify 3 258 1 PlayStore 59 22749 4 GoogleServices 40 10354 7 +Safe 97 27653 11 +Acceptable 262 77875 38 +Fun 116 26426 14 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.16 8 diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index 2581b0850..bd566061c 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -45,6 +45,10 @@ Apple 2 297 1 CiscoVPN 3 198 1 ApplePush 6 966 3 +Safe 359 93320 15 +Acceptable 207 36239 52 +Unrated 19 1054 2 + JA3 Host Stats: IP Address # JA3C 1 10.0.0.227 5 diff --git a/tests/cfgs/default/result/anydesk.pcapng.out b/tests/cfgs/default/result/anydesk.pcapng.out index 5c4c98c20..2eb5a04a9 100644 --- a/tests/cfgs/default/result/anydesk.pcapng.out +++ b/tests/cfgs/default/result/anydesk.pcapng.out @@ -25,6 +25,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 20 1717 1 AnyDesk 154 44400 6 +Safe 20 1717 1 +Acceptable 154 44400 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 1 diff --git a/tests/cfgs/default/result/avast.pcap.out b/tests/cfgs/default/result/avast.pcap.out index c7bd011dc..2389f2684 100644 --- a/tests/cfgs/default/result/avast.pcap.out +++ b/tests/cfgs/default/result/avast.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AVAST 142 9433 10 +Safe 142 9433 10 + 1 TCP 192.168.2.100:62741 <-> 5.62.53.131:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/543 bytes <-> 7 pkts/512 bytes][Goodput ratio: 18/20][569.69 sec][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63304/75961 189840/189839 89445/92978][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/73 150/140 31/28][Plen Bins: 67,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:64903 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/583 bytes <-> 7 pkts/432 bytes][Goodput ratio: 24/4][1385.80 sec][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171484/205784 356850/356863 172007/168697][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/62 150/70 32/3][Plen Bins: 67,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:49532 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][797.30 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99700/119575 199551/199551 99662/97621][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/avast_securedns.pcapng.out b/tests/cfgs/default/result/avast_securedns.pcapng.out index b18a5d93d..658e443f9 100644 --- a/tests/cfgs/default/result/avast_securedns.pcapng.out +++ b/tests/cfgs/default/result/avast_securedns.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AVASTSecureDNS 77 11443 39 +Safe 77 11443 39 + 1 UDP 192.168.2.100:49152 <-> 181.214.35.149:443 [proto: 263/AVASTSecureDNS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][PLAIN TEXT (sEcUREdNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:49704 <-> 181.214.35.149:443 [proto: 263/AVASTSecureDNS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][PLAIN TEXT (SECurEdnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:49737 <-> 181.214.35.149:443 [proto: 263/AVASTSecureDNS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][PLAIN TEXT (sEcUREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bacnet.pcap.out b/tests/cfgs/default/result/bacnet.pcap.out index c9814540c..57cb2658a 100644 --- a/tests/cfgs/default/result/bacnet.pcap.out +++ b/tests/cfgs/default/result/bacnet.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BACnet 23 1373 10 +Safe 23 1373 10 + 1 UDP 204.172.177.255:47808 -> 204.172.177.159:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][14 pkts/833 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][221.21 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1387/0 17424/0 43334/0 13696/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 60/0 67/0 5/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 64.62.197.26:36992 -> 90.147.69.221:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 64.62.197.166:36664 -> 90.147.69.213:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bad-dns-traffic.pcap.out b/tests/cfgs/default/result/bad-dns-traffic.pcap.out index 352adf728..c8233185b 100644 --- a/tests/cfgs/default/result/bad-dns-traffic.pcap.out +++ b/tests/cfgs/default/result/bad-dns-traffic.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 382 99374 3 +Acceptable 382 99374 3 + 1 UDP 192.168.43.91:56354 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][203 pkts/51588 bytes <-> 146 pkts/43285 bytes][Goodput ratio: 83/86][92.47 sec][Hostname/SNI: c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org][::][bytes ratio: 0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/15 482/284 1046/2080 456/471][Pkt Len c2s/s2c min/avg/max/stddev: 95/95 254/296 290/325 74/65][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 250][Risk Info: 244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error Code][PLAIN TEXT (8244300)][Plen Bins: 0,5,5,0,0,0,0,50,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.43.91:35966 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][10 pkts/1125 bytes <-> 9 pkts/1293 bytes][Goodput ratio: 63/71][7.51 sec][Hostname/SNI: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org][::][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 78/49 782/776 1050/1358 405/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 112/144 194/229 31/33][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 250][Risk Info: 05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error Code][PLAIN TEXT (3620001636f)][Plen Bins: 0,36,47,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.43.91:46961 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][7 pkts/926 bytes <-> 7 pkts/1157 bytes][Goodput ratio: 68/75][3.49 sec][Hostname/SNI: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org][::][bytes ratio: -0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 87/56 668/645 1019/1049 428/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 132/165 290/323 66/66][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 250][Risk Info: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error Code][PLAIN TEXT (da83510001636)][Plen Bins: 0,28,42,14,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/beckhoff_ads.pcapng.out b/tests/cfgs/default/result/beckhoff_ads.pcapng.out index c7a1dec6b..1ca6e4781 100644 --- a/tests/cfgs/default/result/beckhoff_ads.pcapng.out +++ b/tests/cfgs/default/result/beckhoff_ads.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BeckhoffADS 50 6032 1 +Acceptable 50 6032 1 + 1 TCP 192.168.1.99:49201 <-> 192.168.1.8:48898 [proto: 365/BeckhoffADS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][26 pkts/2788 bytes <-> 24 pkts/3244 bytes][Goodput ratio: 49/60][26.29 sec][bytes ratio: -0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1250/1381 25613/25812 5448/5759][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 107/135 150/762 31/139][PLAIN TEXT (Device 5 )][Plen Bins: 0,76,15,4,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bets.pcapng.out b/tests/cfgs/default/result/bets.pcapng.out index 63b867832..6c4b299c4 100644 --- a/tests/cfgs/default/result/bets.pcapng.out +++ b/tests/cfgs/default/result/bets.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 33 9228 1 +Safe 33 9228 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.10.2 1 diff --git a/tests/cfgs/default/result/bitcoin.pcap.out b/tests/cfgs/default/result/bitcoin.pcap.out index 0a1ff4450..c23ff87c2 100644 --- a/tests/cfgs/default/result/bitcoin.pcap.out +++ b/tests/cfgs/default/result/bitcoin.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BITCOIN 637 581074 6 +Acceptable 637 581074 6 + 1 TCP 192.168.1.142:55328 <-> 69.118.54.122:8333 [proto: 343/BITCOIN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][2 pkts/281 bytes <-> 137 pkts/191029 bytes][Goodput ratio: 53/95][330.56 sec][bytes ratio: -0.997 (Download)][IAT c2s/s2c min/avg/max/stddev: 141657/0 141657/2644 141657/76010 0/11325][Pkt Len c2s/s2c min/avg/max/stddev: 110/86 140/1394 171/1514 30/378][PLAIN TEXT (version)][Plen Bins: 0,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,92,0,0] 2 TCP 192.168.1.142:55348 <-> 74.89.181.229:8333 [proto: 343/BITCOIN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][55 pkts/28663 bytes <-> 117 pkts/134830 bytes][Goodput ratio: 87/94][1491.26 sec][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21789/4882 100110/64236 26995/11546][Pkt Len c2s/s2c min/avg/max/stddev: 110/86 521/1152 1514/1514 578/589][PLAIN TEXT (version)][Plen Bins: 0,32,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0] 3 TCP 192.168.1.142:55383 <-> 66.68.83.22:8333 [proto: 343/BITCOIN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][65 pkts/45271 bytes <-> 96 pkts/70339 bytes][Goodput ratio: 91/91][1337.01 sec][bytes ratio: -0.217 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18993/12001 134322/105866 27575/21527][Pkt Len c2s/s2c min/avg/max/stddev: 110/86 696/733 1514/1514 637/653][PLAIN TEXT (version)][Plen Bins: 0,47,0,4,0,0,0,0,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] diff --git a/tests/cfgs/default/result/bittorrent.pcap.out b/tests/cfgs/default/result/bittorrent.pcap.out index f53459299..680936c92 100644 --- a/tests/cfgs/default/result/bittorrent.pcap.out +++ b/tests/cfgs/default/result/bittorrent.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 299 305728 24 +Acceptable 299 305728 24 + 1 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][Goodput ratio: 59/95][5.77 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 12/0 319/30 779/919 241/95][Pkt Len c2s/s2c min/avg/max/stddev: 83/80 161/1463 242/1506 58/218][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 2,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0] 2 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/583 bytes <-> 4 pkts/975 bytes][Goodput ratio: 55/73][4.11 sec][bytes ratio: -0.252 (Download)][IAT c2s/s2c min/avg/max/stddev: 132/72 959/2027 1966/3982 760/1955][Pkt Len c2s/s2c min/avg/max/stddev: 80/73 146/244 198/648 44/235][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,12,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][Goodput ratio: 59/78][3.54 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 489/661 1178/883 1943/1105 596/222][Pkt Len c2s/s2c min/avg/max/stddev: 75/113 160/303 241/650 62/246][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 14,14,28,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out b/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out index d44896325..1894c7500 100644 --- a/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out +++ b/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 100 96898 1 +Acceptable 100 96898 1 + 1 TCP 192.168.122.34:48987 <-> 178.71.206.1:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: Download/7][33 pkts/2895 bytes <-> 67 pkts/94003 bytes][Goodput ratio: 38/96][0.31 sec][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/4 33/64 11/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 88/1403 525/1494 98/324][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][BT Hash: 0f6b9cd2b7da4de9b6c846203920e3da49cdb795][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,4,1,0,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0] diff --git a/tests/cfgs/default/result/bittorrent_utp.pcap.out b/tests/cfgs/default/result/bittorrent_utp.pcap.out index 271a520a3..729216256 100644 --- a/tests/cfgs/default/result/bittorrent_utp.pcap.out +++ b/tests/cfgs/default/result/bittorrent_utp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 86 41489 1 +Acceptable 86 41489 1 + 1 UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][47 pkts/36653 bytes <-> 39 pkts/4836 bytes][Goodput ratio: 95/66][19.22 sec][bytes ratio: 0.767 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 223/425 4392/4641 701/934][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 780/124 1514/519 609/123][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (hash20)][Plen Bins: 52,1,2,4,0,1,1,1,0,0,5,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,6,0,0,0,6,0,0,0,8,0] diff --git a/tests/cfgs/default/result/bjnp.pcap.out b/tests/cfgs/default/result/bjnp.pcap.out index 4fb1f93e5..66e6c8f75 100644 --- a/tests/cfgs/default/result/bjnp.pcap.out +++ b/tests/cfgs/default/result/bjnp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BJNP 10 460 10 +Acceptable 10 460 10 + 1 UDP 192.168.185.141:50087 -> 192.168.1.17:8612 [proto: 204/BJNP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.185.141:50089 -> 192.168.1.1:8612 [proto: 204/BJNP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.185.141:50089 -> 192.168.1.2:8612 [proto: 204/BJNP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bot.pcap.out b/tests/cfgs/default/result/bot.pcap.out index 87878602a..808706e8c 100644 --- a/tests/cfgs/default/result/bot.pcap.out +++ b/tests/cfgs/default/result/bot.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 402 431124 1 +Acceptable 402 431124 1 + 1 TCP 40.77.167.36:64768 <-> 89.31.72.220:80 [VLAN: 77][proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][115 pkts/7672 bytes <-> 287 pkts/423452 bytes][Goodput ratio: 4/96][5.66 sec][Hostname/SNI: atlanteditorino.it][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/3 4532/106 489/16][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 67/1475 374/1498 29/171][URL: atlanteditorino.it/quartieri/img/S.Donato_M.Vittoria1930_B.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)][Risk: ** Crawler/Bot **][Risk Score: 10][Risk Info: UA Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/b][PLAIN TEXT (GET /quartieri/im)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/default/result/bt-dns.pcap.out b/tests/cfgs/default/result/bt-dns.pcap.out index 2c53745ca..5ddb293de 100644 --- a/tests/cfgs/default/result/bt-dns.pcap.out +++ b/tests/cfgs/default/result/bt-dns.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 2 160 1 +Acceptable 2 160 1 + 1 UDP 10.0.2.15:59751 <-> 10.0.2.3:53 [proto: 5.37/DNS.BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.00 sec][Hostname/SNI: utorrent.com][98.143.146.7][PLAIN TEXT (utorrent)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bt-http.pcapng.out b/tests/cfgs/default/result/bt-http.pcapng.out index b47d1356d..5407751c0 100644 --- a/tests/cfgs/default/result/bt-http.pcapng.out +++ b/tests/cfgs/default/result/bt-http.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 14 1492 1 +Acceptable 14 1492 1 + 1 TCP 192.168.1.128:46882 <-> 176.31.225.118:80 [proto: 7.37/HTTP.BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Download/7][12 pkts/1038 bytes <-> 2 pkts/454 bytes][Goodput ratio: 36/75][57.56 sec][Hostname/SNI: tracker.trackerfix.com][bytes ratio: 0.391 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5384/0 28927/0 8989/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/227 424/394 102/167][URL: tracker.trackerfix.com/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started][User-Agent: Transmission/2.94][PLAIN TEXT (GET /announce)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bt_search.pcap.out b/tests/cfgs/default/result/bt_search.pcap.out index cb1328980..c1072ecc6 100644 --- a/tests/cfgs/default/result/bt_search.pcap.out +++ b/tests/cfgs/default/result/bt_search.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 2 322 1 +Acceptable 2 322 1 + 1 UDP 192.168.0.102:6771 -> 239.192.152.143:6771 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/322 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][300.03 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/cachefly.pcapng.out b/tests/cfgs/default/result/cachefly.pcapng.out index e43f0abb3..c897e2f60 100644 --- a/tests/cfgs/default/result/cachefly.pcapng.out +++ b/tests/cfgs/default/result/cachefly.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Cachefly 6 6163 1 +Acceptable 6 6163 1 + JA3 Host Stats: IP Address # JA3C 1 10.10.10.1 1 diff --git a/tests/cfgs/default/result/can.pcap.out b/tests/cfgs/default/result/can.pcap.out index 9f6e3ec50..26496d70e 100644 --- a/tests/cfgs/default/result/can.pcap.out +++ b/tests/cfgs/default/result/can.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Controller_Area_Network 8 696 8 +Safe 8 696 8 + 1 UDP 55.97.32.36:56551 -> 61.40.63.42:25353 [proto: 352/Controller_Area_Network][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 103.183.191.240:46565 -> 73.121.85.123:63575 [proto: 352/Controller_Area_Network][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 128.244.36.46:34952 -> 196.77.109.252:11898 [proto: 352/Controller_Area_Network][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/capwap.pcap.out b/tests/cfgs/default/result/capwap.pcap.out index 90be3ab2a..daf942bbb 100644 --- a/tests/cfgs/default/result/capwap.pcap.out +++ b/tests/cfgs/default/result/capwap.pcap.out @@ -28,6 +28,8 @@ IGMP 1 122 1 ICMPV6 5 790 3 CAPWAP 379 94439 4 +Acceptable 392 97607 10 + 1 UDP 192.168.10.9:5246 <-> 192.168.10.10:12380 [proto: 247/CAPWAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][106 pkts/26144 bytes <-> 111 pkts/37530 bytes][Goodput ratio: 83/88][169.10 sec][bytes ratio: -0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1421/1619 21349/21721 3881/4475][Pkt Len c2s/s2c min/avg/max/stddev: 106/115 247/338 1499/1499 292/381][PLAIN TEXT (Cisco Systems)][Plen Bins: 0,0,30,47,2,6,0,0,2,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,0,0] 2 UDP 192.168.10.10:12380 <-> 192.168.10.9:5247 [proto: 247/CAPWAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][156 pkts/29830 bytes <-> 1 pkts/168 bytes][Goodput ratio: 78/75][157.99 sec][bytes ratio: 0.989 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 1036/0 4999/0 902/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/168 191/168 470/168 70/0][Plen Bins: 0,0,21,27,11,19,5,9,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: CAPWAP:18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/2090 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][59.44 sec][Hostname/SNI: kawai-ipad3][DHCP Fingerprint: 1,3,6,15,119,252][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/capwap_data.pcapng.out b/tests/cfgs/default/result/capwap_data.pcapng.out index 47baf31cd..8de01565c 100644 --- a/tests/cfgs/default/result/capwap_data.pcapng.out +++ b/tests/cfgs/default/result/capwap_data.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleServices 14 2624 3 +Acceptable 14 2624 3 + JA3 Host Stats: IP Address # JA3C 1 10.1.3.68 1 diff --git a/tests/cfgs/default/result/cassandra.pcap.out b/tests/cfgs/default/result/cassandra.pcap.out index 22eeb16e1..08abe1da5 100644 --- a/tests/cfgs/default/result/cassandra.pcap.out +++ b/tests/cfgs/default/result/cassandra.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) Cassandra 286 126016 2 +Acceptable 286 126016 2 + 1 TCP 127.0.0.1:46536 <-> 127.0.0.1:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Database/11][75 pkts/9730 bytes <-> 69 pkts/78014 bytes][Goodput ratio: 49/94][200.04 sec][bytes ratio: -0.778 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3063/2427 32715/30000 8555/7658][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/1131 462/25214 82/4102][PLAIN TEXT (COMPRESSION)][Plen Bins: 8,16,44,9,5,0,6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2] 2 TCP 127.0.0.1:46537 <-> 127.0.0.1:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Database/11][74 pkts/9855 bytes <-> 68 pkts/28417 bytes][Goodput ratio: 50/84][200.00 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2835/2737 33012/33012 6521/6804][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/418 399/11512 80/1399][PLAIN TEXT (COMPRESSION)][Plen Bins: 13,13,32,12,5,2,1,6,0,1,1,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,3,0,0,0,1,0,0,0,0,0,1] diff --git a/tests/cfgs/default/result/ceph.pcap.out b/tests/cfgs/default/result/ceph.pcap.out index 3eb7e2bc1..865cef8fd 100644 --- a/tests/cfgs/default/result/ceph.pcap.out +++ b/tests/cfgs/default/result/ceph.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Ceph 39 13379 1 +Acceptable 39 13379 1 + 1 TCP 10.0.3.249:35556 <-> 10.0.3.67:6789 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][20 pkts/2479 bytes <-> 19 pkts/10900 bytes][Goodput ratio: 46/88][0.10 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 59/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/574 345/3533 77/1032][PLAIN TEXT (machine2)][Plen Bins: 20,8,12,12,16,0,0,0,8,4,0,0,0,0,4,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8] diff --git a/tests/cfgs/default/result/check_mk_new.pcap.out b/tests/cfgs/default/result/check_mk_new.pcap.out index 260937660..74e8612a6 100644 --- a/tests/cfgs/default/result/check_mk_new.pcap.out +++ b/tests/cfgs/default/result/check_mk_new.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) CHECKMK 98 20242 1 +Acceptable 98 20242 1 + 1 TCP 192.168.100.22:58998 <-> 192.168.100.50:6556 [proto: 138/CHECKMK][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][49 pkts/3242 bytes <-> 49 pkts/17000 bytes][Goodput ratio: 0/81][0.04 sec][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 4/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/347 74/4162 1/758][PLAIN TEXT (k@Version)][Plen Bins: 73,0,4,0,0,4,0,2,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,6] diff --git a/tests/cfgs/default/result/chrome.pcap.out b/tests/cfgs/default/result/chrome.pcap.out index e9f05398b..ba6a78919 100644 --- a/tests/cfgs/default/result/chrome.pcap.out +++ b/tests/cfgs/default/result/chrome.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 127 68131 6 +Safe 127 68131 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/citrix.pcap.out b/tests/cfgs/default/result/citrix.pcap.out index dec291ff0..c4220b89e 100644 --- a/tests/cfgs/default/result/citrix.pcap.out +++ b/tests/cfgs/default/result/citrix.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Citrix 100 11332 1 +Acceptable 100 11332 1 + 1 TCP 21.0.0.8:45225 <-> 22.0.0.7:1494 [proto: 132/Citrix][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Network/14][75 pkts/8236 bytes <-> 25 pkts/3096 bytes][Goodput ratio: 47/52][1.60 sec][bytes ratio: 0.454 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/58 108/222 22/81][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 110/124 913/595 117/118][PLAIN TEXT (32.EXE)][Plen Bins: 64,22,3,2,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/cloudflare-warp.pcap.out b/tests/cfgs/default/result/cloudflare-warp.pcap.out index 7fbc5e8a5..61a990902 100644 --- a/tests/cfgs/default/result/cloudflare-warp.pcap.out +++ b/tests/cfgs/default/result/cloudflare-warp.pcap.out @@ -32,6 +32,9 @@ Messenger 17 2369 1 GoogleServices 5 492 1 CloudflareWarp 22 7762 2 +Safe 5 294 2 +Acceptable 58 11695 6 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 3 diff --git a/tests/cfgs/default/result/coap_mqtt.pcap.out b/tests/cfgs/default/result/coap_mqtt.pcap.out index 357ec5be4..b68a63c61 100644 --- a/tests/cfgs/default/result/coap_mqtt.pcap.out +++ b/tests/cfgs/default/result/coap_mqtt.pcap.out @@ -26,6 +26,9 @@ COAP 19 1614 8 Dropbox 800 80676 4 MQTT 261 20211 4 +Safe 19 1614 8 +Acceptable 1061 100887 8 + 1 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes][Goodput ratio: 70/33][11.19 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 113/112 150/151 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 140/63 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,13,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes][Goodput ratio: 70/33][11.09 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 111/111 154/150 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,11,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes][Goodput ratio: 70/32][10.92 sec][bytes ratio: 0.382 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 110/110 172/164 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,15,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/collectd.pcap.out b/tests/cfgs/default/result/collectd.pcap.out index f00f56b4e..f5fc89da4 100644 --- a/tests/cfgs/default/result/collectd.pcap.out +++ b/tests/cfgs/default/result/collectd.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) collectd 81 109386 8 +Acceptable 81 109386 8 + 1 UDP 127.0.0.1:35988 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][49 pkts/66012 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][406.49 sec][Hostname/SNI: devlap.fritz.box][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8783/0 10000/0 3188/0][Pkt Len c2s/s2c min/avg/max/stddev: 193/0 1347/0 1388/0 167/0][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,83,10,0,0,0,0,0] 2 UDP 127.0.0.1:36832 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][17 pkts/22755 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][134.67 sec][Hostname/SNI: devlap.fritz.box][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8311/0 10000/0 3518/0][Pkt Len c2s/s2c min/avg/max/stddev: 924/0 1339/0 1384/0 104/0][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,89,0,0,0,0,0,0] 3 UDP 192.168.178.35:39576 -> 239.192.74.66:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 6][cat: System/18][6 pkts/8363 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][708570048.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 907/0 141714014208/0 708570000000/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 1274/0 1394/0 1434/0 54/0][PLAIN TEXT (RmBJSP)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,33,50,0,0,0,0] diff --git a/tests/cfgs/default/result/corba.pcap.out b/tests/cfgs/default/result/corba.pcap.out index c25e0f122..e9ee3ea7f 100644 --- a/tests/cfgs/default/result/corba.pcap.out +++ b/tests/cfgs/default/result/corba.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) Corba 28 26656 2 +Acceptable 28 26656 2 + 1 TCP 127.0.1.1:42717 <-> 127.0.1.1:56899 [proto: 168/Corba][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][11 pkts/19044 bytes <-> 7 pkts/4592 bytes][Goodput ratio: 96/90][2.27 sec][bytes ratio: 0.611 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/30 247/444 1024/1047 412/491][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1731/656 4162/4095 1891/1404][PLAIN TEXT (pIGIOP)][Plen Bins: 0,0,22,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66] 2 UDP 10.95.28.46:34477 -> 10.95.28.46:15984 [proto: 168/Corba][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][10 pkts/3020 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.06 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 49/0 15/0][Pkt Len c2s/s2c min/avg/max/stddev: 302/0 302/0 302/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.95.28.46)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/cpha.pcap.out b/tests/cfgs/default/result/cpha.pcap.out index 4225046b8..dac7fd234 100644 --- a/tests/cfgs/default/result/cpha.pcap.out +++ b/tests/cfgs/default/result/cpha.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) CPHA 1 96 1 +Fun 1 96 1 + 1 UDP 0.0.0.0:8116 -> 172.21.3.0:8116 [VLAN: 21][proto: 53/CPHA][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/crawler_false_positive.pcapng.out b/tests/cfgs/default/result/crawler_false_positive.pcapng.out index a2c298386..823da364c 100644 --- a/tests/cfgs/default/result/crawler_false_positive.pcapng.out +++ b/tests/cfgs/default/result/crawler_false_positive.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OCSP 12 1842 1 +Safe 12 1842 1 + 1 TCP 192.168.12.156:38291 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/705 bytes <-> 5 pkts/1137 bytes][Goodput ratio: 33/70][0.04 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.235 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 8/10 4/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/227 284/865 75/319][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CF7)][User-Agent: zbtls http][PLAIN TEXT (ConnectionTP/1.1)][Plen Bins: 33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/crynet.pcap.out b/tests/cfgs/default/result/crynet.pcap.out index dd7c2449e..97a623726 100644 --- a/tests/cfgs/default/result/crynet.pcap.out +++ b/tests/cfgs/default/result/crynet.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) CryNetwork 105 14077 7 +Fun 105 14077 7 + 1 UDP 192.168.2.100:55460 <-> 78.159.118.143:21931 [proto: 314/CryNetwork][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][12 pkts/1562 bytes <-> 3 pkts/525 bytes][Goodput ratio: 68/76][0.94 sec][bytes ratio: 0.497 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 88/48 266/48 102/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/175 130/175 267/175 62/0][Plen Bins: 0,33,33,0,20,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:56970 <-> 84.16.230.222:28665 [proto: 314/CryNetwork][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/1901 bytes <-> 1 pkts/175 bytes][Goodput ratio: 69/76][0.77 sec][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 61/0 262/0 85/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/175 136/175 267/175 69/0][Plen Bins: 0,40,33,0,6,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:55645 <-> 78.159.98.94:28375 [proto: 314/CryNetwork][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/1881 bytes <-> 1 pkts/175 bytes][Goodput ratio: 69/76][0.49 sec][bytes ratio: 0.830 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/0 201/0 51/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/175 134/175 267/175 70/0][Plen Bins: 0,46,26,0,6,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_categories.pcapng.out b/tests/cfgs/default/result/custom_categories.pcapng.out index ff8f4c91b..7aae3564e 100644 --- a/tests/cfgs/default/result/custom_categories.pcapng.out +++ b/tests/cfgs/default/result/custom_categories.pcapng.out @@ -25,6 +25,9 @@ Patricia protocols IPv6: 4/0 (search/found) IPSec 1 346 1 SSH 84 14188 2 +Safe 1 346 1 +Acceptable 84 14188 2 + 1 TCP [2001:db8:1::1]:64720 <-> [2001:db8:200::1]:20868 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 16][cat: Malware/100][32 pkts/3639 bytes <-> 30 pkts/6335 bytes][Goodput ratio: 24/59][5.34 sec][Hostname/SNI: SSH-1.5-1.2.26][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 13/74 184/193 1212/1436 234/283][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 114/211 250/1294 47/257][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Server: SSH-1.5-1.2.26][Plen Bins: 69,6,0,0,11,2,0,0,2,0,0,0,0,0,2,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.26.219.44:58639 <-> 172.30.69.103:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 10][cat: Malware/100][11 pkts/2011 bytes <-> 11 pkts/2203 bytes][Goodput ratio: 63/67][0.11 sec][Hostname/SNI: SSH-1.99-OpenSSH_4.3][bytes ratio: -0.046 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 39/41 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/200 1026/770 270/223][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **** Client contacted a malware host **][Risk Score: 300][Risk Info: Client contacted malware host / Found cipher arcfour128 / Found cipher arcfour128][HASSH-C: D6593B3202A30B2AA9793A00F8647A0A][Server: SSH-2.0-OpenSSH_6.1][HASSH-S: 500033A73A293E7C36743693D0D4596B][Plen Bins: 31,15,15,0,15,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 ESP [2a01:e34:ef6f:4340:94be:5dac:c20a:d2a0]:0 -> [2001:1670:8:40a6:a08e:332b:aa69:18dc]:0 [VLAN: 121][proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Malware/100][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Client contacted a malware host **][Risk Score: 160][Risk Info: No server to client traffic / Client contacted malware host][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_risk_mask.pcapng.out b/tests/cfgs/default/result/custom_risk_mask.pcapng.out index 1bfc07184..461f82571 100644 --- a/tests/cfgs/default/result/custom_risk_mask.pcapng.out +++ b/tests/cfgs/default/result/custom_risk_mask.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 4/0 (search/found) LLMNR 2 184 2 +Acceptable 2 184 2 + 1 UDP [fe80::356b:e047:3695:f741]:16765 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: ????????????][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP [fe80::7c0:e74e:87c3:5d93]:6741 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: ????????????][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out index 1ead1c007..ff5e07f7b 100644 --- a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out @@ -27,6 +27,8 @@ CustomProtocolF 1 1287 1 CustomProtocolG 1 318 1 CustomProtocolH 1 318 1 +Acceptable 6 3810 5 + 1 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 392/CustomProtocolE][IP: 392/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 2 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 393/CustomProtocolF][IP: 393/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 3 UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 391/CustomProtocolD][IP: 391/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out index 6ad025458..141a00e41 100644 --- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out @@ -25,6 +25,9 @@ CustomProtocolA 3 222 1 CustomProtocolB 2 148 1 Unknown 3 222 1 +Acceptable 5 370 2 +Unrated 3 222 1 + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.388/TLS.CustomProtocolA][IP: 388/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 390/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 389/CustomProtocolB][IP: 389/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dazn.pcapng.out b/tests/cfgs/default/result/dazn.pcapng.out index 4efa29d9a..aed5dff34 100644 --- a/tests/cfgs/default/result/dazn.pcapng.out +++ b/tests/cfgs/default/result/dazn.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Dazn 12 6675 3 +Fun 12 6675 3 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/dcerpc.pcap.out b/tests/cfgs/default/result/dcerpc.pcap.out index bc8d37cd8..387a2af84 100644 --- a/tests/cfgs/default/result/dcerpc.pcap.out +++ b/tests/cfgs/default/result/dcerpc.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) PROFINET_IO 16 6866 4 +Acceptable 16 6866 4 + 1 UDP 192.168.1.11:49155 -> 192.168.1.20:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/3706 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/0 32/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 618/0 995/0 338/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (mrpdomain)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.20:49161 -> 192.168.1.11:49155 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/2464 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 37/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 411/0 846/0 308/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.11:49154 -> 192.168.1.20:49162 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out index d2b417a7e..63c176898 100644 --- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out +++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) DHCP 1 342 1 +Acceptable 1 342 1 + 1 UDP 192.168.155.104:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][PLAIN TEXT (MK03862)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/diameter.pcap.out b/tests/cfgs/default/result/diameter.pcap.out index 2137d2a48..2111b556e 100644 --- a/tests/cfgs/default/result/diameter.pcap.out +++ b/tests/cfgs/default/result/diameter.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Diameter 6 1980 1 +Acceptable 6 1980 1 + 1 TCP 10.201.9.245:50957 <-> 10.201.9.11:3868 [proto: 237/Diameter][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/1174 bytes <-> 3 pkts/806 bytes][Goodput ratio: 86/80][0.09 sec][bytes ratio: 0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13/12 39/32 65/51 26/20][Pkt Len c2s/s2c min/avg/max/stddev: 362/226 391/269 414/290 22/30][PLAIN TEXT (1263278878147)][Plen Bins: 0,0,0,0,0,16,0,34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out index cf3dd4665..2c45fd440 100644 --- a/tests/cfgs/default/result/discord.pcap.out +++ b/tests/cfgs/default/result/discord.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Discord 411 98410 34 +Fun 411 98410 34 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/discord_mid_flow.pcap.out b/tests/cfgs/default/result/discord_mid_flow.pcap.out index 598d41941..4498f0f3d 100644 --- a/tests/cfgs/default/result/discord_mid_flow.pcap.out +++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Discord 40 4040 1 +Fun 40 4040 1 + 1 UDP 66.22.242.132:50001 <-> 5.36.141.228:54935 [VLAN: 1][proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][DPI packets: 3][cat: Collaborative/15][30 pkts/3110 bytes <-> 10 pkts/930 bytes][Goodput ratio: 43/37][24.00 sec][bytes ratio: 0.540 (Upload)][IAT c2s/s2c min/avg/max/stddev: 42/77 846/1740 1000/4217 343/1555][Pkt Len c2s/s2c min/avg/max/stddev: 72/68 104/93 110/118 14/25][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dlms.pcap.out b/tests/cfgs/default/result/dlms.pcap.out index 5c1c08755..170054ca6 100644 --- a/tests/cfgs/default/result/dlms.pcap.out +++ b/tests/cfgs/default/result/dlms.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) IEC62056 27 4247 2 +Acceptable 27 4247 2 + 1 TCP 192.168.137.20:60797 <-> 192.168.137.189:4060 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][10 pkts/2942 bytes <-> 8 pkts/520 bytes][Goodput ratio: 77/6][0.03 sec][bytes ratio: 0.700 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 13/5 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 294/65 1514/98 458/14][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] 2 UDP 10.1.1.1:0 -> 10.2.2.2:4059 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][9 pkts/785 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][< 1 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 87/0 181/0 37/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (01234567)][Plen Bins: 55,22,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dlt_ppp.pcap.out b/tests/cfgs/default/result/dlt_ppp.pcap.out index 53dac9981..0cea13e1d 100644 --- a/tests/cfgs/default/result/dlt_ppp.pcap.out +++ b/tests/cfgs/default/result/dlt_ppp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 1 1230 1 +Acceptable 1 1230 1 + JA3 Host Stats: IP Address # JA3C 1 193.167.0.252 1 diff --git a/tests/cfgs/default/result/dnp3.pcap.out b/tests/cfgs/default/result/dnp3.pcap.out index 48bdfc366..a98633f55 100644 --- a/tests/cfgs/default/result/dnp3.pcap.out +++ b/tests/cfgs/default/result/dnp3.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNP3 543 38754 8 +Acceptable 543 38754 8 + 1 TCP 10.0.0.8:2828 <-> 10.0.0.3:20000 [proto: 244/DNP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: IoT-Scada/31][60 pkts/4041 bytes <-> 78 pkts/7164 bytes][Goodput ratio: 17/38][121.83 sec][bytes ratio: -0.279 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 421/302 13044/8439 1926/1115][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 67/92 79/145 5/37][Plen Bins: 64,3,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.0.0.9:1080 <-> 10.0.0.3:20000 [proto: 244/DNP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: IoT-Scada/31][72 pkts/4659 bytes <-> 63 pkts/4692 bytes][Goodput ratio: 10/27][384.60 sec][bytes ratio: -0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4732/3049 75028/40127 13787/9968][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 65/74 81/147 7/16][Plen Bins: 96,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.0.0.8:1086 <-> 10.0.0.3:20000 [proto: 244/DNP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: IoT-Scada/31][57 pkts/3891 bytes <-> 36 pkts/2760 bytes][Goodput ratio: 17/28][70.37 sec][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1467/2686 45001/45233 7093/9611][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 68/77 81/147 8/22][Plen Bins: 95,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-exf.pcap.out b/tests/cfgs/default/result/dns-exf.pcap.out index 6b0946332..f2de61f11 100644 --- a/tests/cfgs/default/result/dns-exf.pcap.out +++ b/tests/cfgs/default/result/dns-exf.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 2 342 1 +Acceptable 2 342 1 + 1 UDP 192.168.2.225:45290 <-> 192.168.2.134:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/163 bytes <-> 1 pkts/179 bytes][Goodput ratio: 74/76][0.00 sec][Hostname/SNI: 4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt][::][Risk: ** Susp DNS Traffic **** Non-Printable/Invalid Chars Detected **** Minor Issues **][Risk Score: 210][Risk Info: DNS Record with zero TTL][PLAIN TEXT (sICN03)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-google-nsid.pcapng.out b/tests/cfgs/default/result/dns-google-nsid.pcapng.out index 70c5e4fee..0e30ed9a7 100644 --- a/tests/cfgs/default/result/dns-google-nsid.pcapng.out +++ b/tests/cfgs/default/result/dns-google-nsid.pcapng.out @@ -25,6 +25,9 @@ DNS 6 952 3 ntop 4 514 2 Wikipedia 4 704 2 +Safe 8 1218 4 +Acceptable 6 952 3 + 1 UDP [2001:b07:a3d:c112:b332:20d:89ab:105e]:41624 <-> [2001:4860:4860::8844]:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/106 bytes <-> 1 pkts/314 bytes][Goodput ratio: 41/80][0.01 sec][::][GeoLocation: mil][PLAIN TEXT (servers)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP [2a03:b0c0:2:d0::360:4001]:44924 <-> [2001:4860:4860::8888]:53 [proto: 5.176/DNS.Wikipedia][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/123 bytes <-> 1 pkts/256 bytes][Goodput ratio: 49/75][0.20 sec][Hostname/SNI: www.wikipedia.it][18.67.39.58][GeoLocation: ams][PLAIN TEXT (wikipedia)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.29:62500 <-> 8.8.4.4:53 [proto: 5.176/DNS.Wikipedia][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/234 bytes][Goodput ratio: 53/82][0.27 sec][Hostname/SNI: www.wikipedia.it][108.157.194.28][PLAIN TEXT (wikipedia)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-invalid-chars.pcap.out b/tests/cfgs/default/result/dns-invalid-chars.pcap.out index 663bc9a12..296fb68f6 100644 --- a/tests/cfgs/default/result/dns-invalid-chars.pcap.out +++ b/tests/cfgs/default/result/dns-invalid-chars.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 2 196 1 +Acceptable 2 196 1 + 1 UDP 127.0.0.1:35980 <-> 127.0.0.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.00 sec][Hostname/SNI: www.allyourbasesare???ongto.cn][19.185.141.241][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][PLAIN TEXT (allyourba)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out b/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out index c7b7bd677..2463c5230 100644 --- a/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out +++ b/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 434 70252 1 +Acceptable 434 70252 1 + 1 UDP 10.0.2.30:44639 <-> 10.0.2.20:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][222 pkts/26136 bytes <-> 212 pkts/44116 bytes][Goodput ratio: 64/80][24.49 sec][Hostname/SNI: vaaaakardli.pirate.sea][::][bytes ratio: -0.256 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/88 4005/4005 543/524][Pkt Len c2s/s2c min/avg/max/stddev: 82/93 118/208 323/1512 67/175][Risk: ** Susp DNS Traffic **** Minor Issues **][Risk Score: 110][Risk Info: DNS Record with zero TTL / Obsolete DNS record type][PLAIN TEXT (vaaaakardli)][Plen Bins: 0,40,1,15,29,3,0,1,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out index 128fa336e..5cb17d4cf 100644 --- a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out +++ b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 50 8960 1 +Safe 50 8960 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.20.211 1 diff --git a/tests/cfgs/default/result/dns_ambiguous_names.pcap.out b/tests/cfgs/default/result/dns_ambiguous_names.pcap.out index afabfe15b..4fbfdd460 100644 --- a/tests/cfgs/default/result/dns_ambiguous_names.pcap.out +++ b/tests/cfgs/default/result/dns_ambiguous_names.pcap.out @@ -30,6 +30,10 @@ GoogleServices 2 235 1 Teams 6 790 3 AppleSiri 2 234 1 +Safe 8 1264 4 +Acceptable 8 1091 4 +Fun 4 432 2 + 1 UDP 10.200.2.11:57632 <-> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/377 bytes][Goodput ratio: 56/89][0.03 sec][Hostname/SNI: android.clients.google.com][108.177.14.101][PLAIN TEXT (android)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.200.2.11:48375 <-> 8.8.8.8:53 [proto: 5.238/DNS.ApplePush][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/318 bytes][Goodput ratio: 56/87][0.04 sec][Hostname/SNI: 41-courier.push.apple.com][17.57.146.139][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.200.2.11:57051 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/221 bytes][Goodput ratio: 53/81][0.03 sec][Hostname/SNI: api.teams.skype.com][52.113.194.131][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns_doh.pcap.out b/tests/cfgs/default/result/dns_doh.pcap.out index c02b47385..2e2deb0ef 100644 --- a/tests/cfgs/default/result/dns_doh.pcap.out +++ b/tests/cfgs/default/result/dns_doh.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 142 20362 1 +Acceptable 142 20362 1 + JA3 Host Stats: IP Address # JA3C 1 172.20.10.4 1 diff --git a/tests/cfgs/default/result/dns_dot.pcap.out b/tests/cfgs/default/result/dns_dot.pcap.out index b6c9e5f5f..14d0b6e08 100644 --- a/tests/cfgs/default/result/dns_dot.pcap.out +++ b/tests/cfgs/default/result/dns_dot.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 24 5869 1 +Acceptable 24 5869 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.185 1 diff --git a/tests/cfgs/default/result/dns_exfiltration.pcap.out b/tests/cfgs/default/result/dns_exfiltration.pcap.out index fa102bddf..5a152d9e9 100644 --- a/tests/cfgs/default/result/dns_exfiltration.pcap.out +++ b/tests/cfgs/default/result/dns_exfiltration.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 300 73545 1 +Acceptable 300 73545 1 + 1 UDP 192.168.220.56:56373 <-> 192.168.203.167:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][150 pkts/32419 bytes <-> 150 pkts/41126 bytes][Goodput ratio: 81/85][59.99 sec][Hostname/SNI: e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02][::][bytes ratio: -0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 398/397 1035/1015 491/489][Pkt Len c2s/s2c min/avg/max/stddev: 101/148 216/274 300/386 97/97][Risk: ** Susp DGA Domain name **** Risky Domain Name **][Risk Score: 150][Risk Info: e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02 / DGA Name Query with no Error Code][PLAIN TEXT (dnscat)][Plen Bins: 0,24,0,23,0,0,0,0,26,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns_fragmented.pcap.out b/tests/cfgs/default/result/dns_fragmented.pcap.out index 9e3ca92fc..0d9146465 100644 --- a/tests/cfgs/default/result/dns_fragmented.pcap.out +++ b/tests/cfgs/default/result/dns_fragmented.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 28/8 (search/found) DNS 59 21695 21 +Acceptable 59 21695 21 + 1 TCP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:57089 <-> [2001:470:1f0b:16b0::a26:53]:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/578 bytes <-> 4 pkts/2084 bytes][Goodput ratio: 9/83][0.00 sec][Hostname/SNI: weberlab.de][::][bytes ratio: -0.566 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 96/521 140/1818 20/749][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 2 TCP 194.247.5.6:39005 <-> 194.247.5.14:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/458 bytes <-> 4 pkts/2004 bytes][Goodput ratio: 12/86][0.00 sec][Hostname/SNI: weberlab.de][::][bytes ratio: -0.628 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/501 120/1798 20/749][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 3 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:55729 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/228 bytes <-> 1 pkts/1494 bytes][Goodput ratio: 45/95][5.01 sec][Hostname/SNI: weberlab.de][::][Risk: ** Large DNS Packet (512+ bytes) **** Fragmented DNS Message **][Risk Score: 100][Risk Info: 1424 Bytes DNS Packet][PLAIN TEXT (weberlab)][Plen Bins: 0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0] diff --git a/tests/cfgs/default/result/dns_invert_query.pcapng.out b/tests/cfgs/default/result/dns_invert_query.pcapng.out index b531c931f..514efb7ae 100644 --- a/tests/cfgs/default/result/dns_invert_query.pcapng.out +++ b/tests/cfgs/default/result/dns_invert_query.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 2 134 1 +Acceptable 2 134 1 + 1 UDP 173.147.108.174:18427 <-> 244.187.95.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/56 bytes][Goodput ratio: 46/21][0.00 sec][Hostname/SNI: 216.58.202.4][::][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns_long_domainname.pcap.out b/tests/cfgs/default/result/dns_long_domainname.pcap.out index 36b4cc4a7..a51004215 100644 --- a/tests/cfgs/default/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/default/result/dns_long_domainname.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 2 262 1 +Acceptable 2 262 1 + 1 UDP 192.168.1.168:65311 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/159 bytes][Goodput ratio: 59/73][0.02 sec][Hostname/SNI: gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (fhkfhsdkfhsk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out index 1c63e6eb9..0b1e52a6a 100644 --- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNScrypt 488 309562 245 +Acceptable 488 309562 245 + 1 UDP 10.0.0.1:35228 <-> 149.56.228.45:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 2 UDP 10.0.0.1:35495 <-> 149.56.228.45:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 3 UDP 10.0.0.1:45722 <-> 149.56.228.45:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] diff --git a/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out b/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out index c0890733b..234b84943 100644 --- a/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 577 216583 34 +Acceptable 577 216583 34 + JA3 Host Stats: IP Address # JA3C 1 10.0.0.1 1 diff --git a/tests/cfgs/default/result/dnscrypt-v2.pcap.out b/tests/cfgs/default/result/dnscrypt-v2.pcap.out index 99f6193f3..28e2556e7 100644 --- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNScrypt 6 4300 3 +Acceptable 6 4300 3 + 1 UDP 127.0.0.1:50893 <-> 127.0.0.2:5353 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1130 bytes <-> 1 pkts/410 bytes][Goodput ratio: 96/90][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 127.0.0.1:38650 <-> 127.0.0.2:5353 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1130 bytes <-> 1 pkts/282 bytes][Goodput ratio: 96/85][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 127.0.0.1:42883 <-> 127.0.0.2:5353 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1130 bytes <-> 1 pkts/218 bytes][Goodput ratio: 96/80][0.01 sec][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out index 09d61dd09..04a877676 100644 --- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNScrypt 6 2380 1 +Acceptable 6 2380 1 + 1 UDP 192.168.2.100:46858 <-> 212.47.228.136:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Network/14][3 pkts/1662 bytes <-> 3 pkts/718 bytes][Goodput ratio: 92/82][5137.13 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 300005/300005 2568548/2568547 4837091/4837089 2268543/2268542][Pkt Len c2s/s2c min/avg/max/stddev: 554/154 554/239 554/282 0/60][PLAIN TEXT (OYy Tp)][Plen Bins: 0,0,0,16,0,0,0,33,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/doh.pcapng.out b/tests/cfgs/default/result/doh.pcapng.out index 3eaefa520..2e4f74efe 100644 --- a/tests/cfgs/default/result/doh.pcapng.out +++ b/tests/cfgs/default/result/doh.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 120 14592 1 +Safe 120 14592 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.253 1 diff --git a/tests/cfgs/default/result/doq.pcapng.out b/tests/cfgs/default/result/doq.pcapng.out index d262a20fc..e5fe6f49d 100644 --- a/tests/cfgs/default/result/doq.pcapng.out +++ b/tests/cfgs/default/result/doq.pcapng.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 4/0 (search/found) ICMPV6 6 1170 1 DoH_DoT 14 4788 1 +Acceptable 20 5958 2 + JA3 Host Stats: IP Address # JA3C 1 ::1 1 diff --git a/tests/cfgs/default/result/doq_adguard.pcapng.out b/tests/cfgs/default/result/doq_adguard.pcapng.out index a30ecec46..ab3666fd0 100644 --- a/tests/cfgs/default/result/doq_adguard.pcapng.out +++ b/tests/cfgs/default/result/doq_adguard.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 296 44445 1 +Acceptable 296 44445 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.12.169 1 diff --git a/tests/cfgs/default/result/dos_win98_smb_netbeui.pcap.out b/tests/cfgs/default/result/dos_win98_smb_netbeui.pcap.out index 7a6f57788..2ba46c240 100644 --- a/tests/cfgs/default/result/dos_win98_smb_netbeui.pcap.out +++ b/tests/cfgs/default/result/dos_win98_smb_netbeui.pcap.out @@ -26,6 +26,9 @@ NetBIOS 46 5060 2 SMBv1 15 3447 1 ICMP 1 60 1 +Acceptable 47 5120 3 +Dangerous 15 3447 1 + 1 UDP 192.168.239.129:137 -> 192.168.239.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][32 pkts/3520 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][131.29 sec][Hostname/SNI: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1218/0 22000/0 4015/0][Pkt Len c2s/s2c min/avg/max/stddev: 110/0 110/0 110/0 0/0][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.239.129:138 -> 192.168.239.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][15 pkts/3447 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][115.76 sec][Hostname/SNI: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8826/0 43984/0 11228/0][Pkt Len c2s/s2c min/avg/max/stddev: 219/0 230/0 249/0 10/0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,0,0,0,73,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.239.129:137 -> 192.168.239.2:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][14 pkts/1540 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][130.51 sec][Hostname/SNI: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10750/0 98690/0 27314/0][Pkt Len c2s/s2c min/avg/max/stddev: 110/0 110/0 110/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/drda_db2.pcap.out b/tests/cfgs/default/result/drda_db2.pcap.out index c4e2a027a..7e955588e 100644 --- a/tests/cfgs/default/result/drda_db2.pcap.out +++ b/tests/cfgs/default/result/drda_db2.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DRDA 38 6691 1 +Acceptable 38 6691 1 + 1 TCP 192.168.106.1:4847 <-> 192.168.106.128:50000 [proto: 227/DRDA][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][20 pkts/3169 bytes <-> 18 pkts/3522 bytes][Goodput ratio: 66/72][38.46 sec][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2371/2905 17828/17986 5833/6422][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 158/196 717/684 169/193][PLAIN TEXT (@@@@@@@@@@@)][Plen Bins: 25,20,4,4,0,4,0,8,8,0,4,0,8,0,4,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dropbox.pcap.out b/tests/cfgs/default/result/dropbox.pcap.out index 6e9861b0a..033cde4d4 100644 --- a/tests/cfgs/default/result/dropbox.pcap.out +++ b/tests/cfgs/default/result/dropbox.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Dropbox 848 90532 15 +Acceptable 848 90532 15 + 1 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes][Goodput ratio: 70/33][11.19 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 113/112 150/151 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 140/63 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,13,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes][Goodput ratio: 70/33][11.09 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 111/111 154/150 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,11,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes][Goodput ratio: 70/32][10.92 sec][bytes ratio: 0.382 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 110/110 172/164 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,15,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls.pcap.out b/tests/cfgs/default/result/dtls.pcap.out index 3c1b43c51..86afcd6f3 100644 --- a/tests/cfgs/default/result/dtls.pcap.out +++ b/tests/cfgs/default/result/dtls.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 2 394 1 +Safe 2 394 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.13.203 1 diff --git a/tests/cfgs/default/result/dtls2.pcap.out b/tests/cfgs/default/result/dtls2.pcap.out index 26834b732..72d4db96f 100644 --- a/tests/cfgs/default/result/dtls2.pcap.out +++ b/tests/cfgs/default/result/dtls2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 30 4991 1 +Safe 30 4991 1 + JA3 Host Stats: IP Address # JA3C 1 61.68.110.153 1 diff --git a/tests/cfgs/default/result/dtls_certificate.pcapng.out b/tests/cfgs/default/result/dtls_certificate.pcapng.out index d48829622..3d39b7892 100644 --- a/tests/cfgs/default/result/dtls_certificate.pcapng.out +++ b/tests/cfgs/default/result/dtls_certificate.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) WindowsUpdate 1 1486 1 +Safe 1 1486 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out index c177affae..df1441695 100644 --- a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out +++ b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 20 5978 1 Discord 6 4215 1 +Safe 20 5978 1 +Fun 6 4215 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.26 1 diff --git a/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out b/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out index 6afb761fa..12295944a 100644 --- a/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out +++ b/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 91 37868 4 +Safe 91 37868 4 + 1 UDP 170.151.105.215:443 <-> 121.152.255.238:8460 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][17 pkts/16320 bytes <-> 13 pkts/2086 bytes][Goodput ratio: 96/74][0.55 sec][bytes ratio: 0.773 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/24 152/154 51/46][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 960/160 1495/352 623/62][Plen Bins: 0,0,44,6,3,0,3,0,3,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,30,0,0] 2 UDP 170.151.105.215:443 <-> 72.102.179.218:62811 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][13 pkts/6283 bytes <-> 17 pkts/3803 bytes][Goodput ratio: 91/81][3.28 sec][bytes ratio: 0.246 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 240/212 1725/941 499/287][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 483/224 1495/833 556/172][Plen Bins: 0,0,34,20,13,0,6,3,3,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] 3 UDP 135.215.56.198:443 -> 124.73.140.89:61189 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][30 pkts/9241 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.27 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/0 28/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 308/0 1381/0 280/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (q/SCmS.)][Plen Bins: 0,0,20,3,13,0,41,0,3,0,3,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls_old_version.pcapng.out b/tests/cfgs/default/result/dtls_old_version.pcapng.out index b63b33fbd..d08f3cf0c 100644 --- a/tests/cfgs/default/result/dtls_old_version.pcapng.out +++ b/tests/cfgs/default/result/dtls_old_version.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 7 994 1 +Safe 7 994 1 + JA3 Host Stats: IP Address # JA3C 1 37.188.4.115 1 diff --git a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out index 0fbeb98f5..b5e08e925 100644 --- a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out +++ b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 4 604 1 +Safe 4 604 1 + JA3 Host Stats: IP Address # JA3C 1 185.196.113.239 1 diff --git a/tests/cfgs/default/result/edonkey.pcap.out b/tests/cfgs/default/result/edonkey.pcap.out index ba2e51cf5..bc8257434 100644 --- a/tests/cfgs/default/result/edonkey.pcap.out +++ b/tests/cfgs/default/result/edonkey.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) eDonkey 17 2016 1 +Unsafe 17 2016 1 + 1 TCP 201.15.177.227:1754 <-> 135.192.214.240:7551 [proto: 36/eDonkey][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][6 pkts/598 bytes <-> 11 pkts/1418 bytes][Goodput ratio: 41/56][57.40 sec][bytes ratio: -0.407 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/91 5347/4749 12107/12106 5400/4962][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 100/129 178/186 55/63][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (VeryCD)][Plen Bins: 0,0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/elasticsearch.pcap.out b/tests/cfgs/default/result/elasticsearch.pcap.out index bf0d29f0e..0840d65ec 100644 --- a/tests/cfgs/default/result/elasticsearch.pcap.out +++ b/tests/cfgs/default/result/elasticsearch.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Elasticsearch 47 12739 7 +Acceptable 47 12739 7 + 1 TCP 172.16.16.107:33288 <-> 172.16.17.102:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][13 pkts/3821 bytes <-> 2 pkts/140 bytes][Goodput ratio: 77/0][16.06 sec][bytes ratio: 0.929 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/16030 1460/16030 16003/16030 4599/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/70 335/74 95/4][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.17.102:48038 <-> 172.16.16.106:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/2596 bytes <-> 7 pkts/1323 bytes][Goodput ratio: 79/64][760.45 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 26/1 126431/145462 725343/725412 268113/289976][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/189 930/441 348/155][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,16,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.16.16.107:9300 -> 172.16.17.102:40342 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/1824 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] diff --git a/tests/cfgs/default/result/emotet.pcap.out b/tests/cfgs/default/result/emotet.pcap.out index f7e7cfa5f..60c238e39 100644 --- a/tests/cfgs/default/result/emotet.pcap.out +++ b/tests/cfgs/default/result/emotet.pcap.out @@ -25,6 +25,9 @@ SMTP 626 438465 1 HTTP 1601 1581542 3 TLS 153 107018 2 +Safe 153 107018 2 +Acceptable 2227 2020007 4 + JA3 Host Stats: IP Address # JA3C 1 10.4.25.101 1 diff --git a/tests/cfgs/default/result/encrypted_sni.pcap.out b/tests/cfgs/default/result/encrypted_sni.pcap.out index bffad37a5..d0a13e32f 100644 --- a/tests/cfgs/default/result/encrypted_sni.pcap.out +++ b/tests/cfgs/default/result/encrypted_sni.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 3 2310 3 +Safe 3 2310 3 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.12 1 diff --git a/tests/cfgs/default/result/epicgames.pcapng.out b/tests/cfgs/default/result/epicgames.pcapng.out index 65eb486fa..ab2594386 100644 --- a/tests/cfgs/default/result/epicgames.pcapng.out +++ b/tests/cfgs/default/result/epicgames.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) EpicGames 81 11186 4 +Fun 81 11186 4 + 1 UDP 192.168.12.156:39322 <-> 18.157.15.184:9011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Game/8][10 pkts/4805 bytes <-> 9 pkts/772 bytes][Goodput ratio: 91/51][0.62 sec][bytes ratio: 0.723 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 43/76 163/199 53/74][Pkt Len c2s/s2c min/avg/max/stddev: 81/55 480/86 994/119 424/18][Plen Bins: 10,53,10,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:37989 <-> 18.157.15.184:15011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Game/8][11 pkts/1143 bytes <-> 13 pkts/1296 bytes][Goodput ratio: 60/58][1.01 sec][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/0 116/76 455/433 133/121][Pkt Len c2s/s2c min/avg/max/stddev: 81/55 104/100 146/192 25/40][Plen Bins: 8,63,12,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:47446 <-> 18.157.15.184:15011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Game/8][11 pkts/911 bytes <-> 8 pkts/680 bytes][Goodput ratio: 49/51][4.23 sec][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 384/285 1029/741 372/304][Pkt Len c2s/s2c min/avg/max/stddev: 54/55 83/85 135/98 25/17][Plen Bins: 31,63,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/esp.pcapng.out b/tests/cfgs/default/result/esp.pcapng.out index dd56c30dd..7af3380bb 100644 --- a/tests/cfgs/default/result/esp.pcapng.out +++ b/tests/cfgs/default/result/esp.pcapng.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) IPSec 6 1856 2 +Safe 6 1856 2 + 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][2 pkts/786 bytes <-> 2 pkts/738 bytes][Goodput ratio: 89/88][0.02 sec][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 ESP 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/166 bytes <-> 1 pkts/166 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ethereum.pcap.out b/tests/cfgs/default/result/ethereum.pcap.out index cdcd3b5a7..12fca092e 100644 --- a/tests/cfgs/default/result/ethereum.pcap.out +++ b/tests/cfgs/default/result/ethereum.pcap.out @@ -27,6 +27,8 @@ Patricia protocols IPv6: 0/0 (search/found) ETHEREUM 2000 216111 74 +Acceptable 2000 216111 74 + 1 TCP 192.168.1.184:56626 <-> 178.128.195.220:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][32 pkts/3294 bytes <-> 37 pkts/3156 bytes][Goodput ratio: 36/21][0.16 sec][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/4 42/62 8/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/85 612/470 105/69][Plen Bins: 62,21,0,3,3,0,0,0,3,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.184:56638 <-> 209.250.240.205:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][34 pkts/3347 bytes <-> 28 pkts/2774 bytes][Goodput ratio: 34/32][0.15 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/3 43/41 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/99 481/560 79/95][Plen Bins: 43,29,0,14,3,3,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.184:56660 <-> 51.161.23.12:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][36 pkts/3241 bytes <-> 29 pkts/2723 bytes][Goodput ratio: 29/31][0.57 sec][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 147/141 36/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/94 639/487 96/81][Plen Bins: 63,21,3,3,3,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ethernetIP.pcap.out b/tests/cfgs/default/result/ethernetIP.pcap.out index 51364d745..f7e2f2e7f 100644 --- a/tests/cfgs/default/result/ethernetIP.pcap.out +++ b/tests/cfgs/default/result/ethernetIP.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) EthernetIP 100 17384 4 +Acceptable 100 17384 4 + 1 TCP 141.81.0.10:50275 <-> 141.81.0.83:44818 [proto: 278/EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][12 pkts/2716 bytes <-> 16 pkts/2580 bytes][Goodput ratio: 76/66][0.70 sec][bytes ratio: 0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/38 231/232 96/75][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 226/161 1258/406 330/99][PLAIN TEXT (99999999359)][Plen Bins: 0,20,45,0,10,0,0,5,0,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0] 2 TCP 141.81.0.63:44818 <-> 141.81.0.10:52593 [proto: 278/EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][16 pkts/2150 bytes <-> 13 pkts/2566 bytes][Goodput ratio: 58/73][0.78 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 30/60 190/197 55/74][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 134/197 406/528 92/158][PLAIN TEXT (99999999356)][Plen Bins: 0,15,43,0,5,0,10,5,0,0,5,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 141.81.0.10:52594 <-> 141.81.0.43:44818 [proto: 278/EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][9 pkts/1978 bytes <-> 12 pkts/1784 bytes][Goodput ratio: 75/62][0.66 sec][bytes ratio: 0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 61/33 196/185 73/56][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 220/149 528/406 163/113][PLAIN TEXT (rWKIm.)][Plen Bins: 0,14,35,0,7,0,14,0,0,7,0,7,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ethersbus.pcap.out b/tests/cfgs/default/result/ethersbus.pcap.out index 42c17b6f9..83b2a572c 100644 --- a/tests/cfgs/default/result/ethersbus.pcap.out +++ b/tests/cfgs/default/result/ethersbus.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Ether-S-Bus 20 1260 1 +Acceptable 20 1260 1 + 1 UDP 172.16.1.120:2467 <-> 172.16.1.135:5050 [proto: 368/Ether-S-Bus][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][10 pkts/582 bytes <-> 10 pkts/678 bytes][Goodput ratio: 28/34][0.10 sec][bytes ratio: -0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/8 10/10 22/20 5/4][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 58/68 67/94 3/13][PLAIN TEXT (Modell )][Plen Bins: 90,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ethersio.pcap.out b/tests/cfgs/default/result/ethersio.pcap.out index cadd17a27..1150ba041 100644 --- a/tests/cfgs/default/result/ethersio.pcap.out +++ b/tests/cfgs/default/result/ethersio.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) EtherSIO 36 3226 1 +Acceptable 36 3226 1 + 1 UDP 172.23.2.27:1024 -> 172.23.2.15:6060 [proto: 363/EtherSIO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][36 pkts/3226 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][3.39 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 94/0 100/0 111/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 90/0 91/0 6/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 5,94,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/exe_download.pcap.out b/tests/cfgs/default/result/exe_download.pcap.out index 74379e2b6..940890002 100644 --- a/tests/cfgs/default/result/exe_download.pcap.out +++ b/tests/cfgs/default/result/exe_download.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 703 717463 1 +Acceptable 703 717463 1 + 1 TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][203 pkts/11127 bytes <-> 500 pkts/706336 bytes][Goodput ratio: 1/96][5.18 sec][Hostname/SNI: 144.91.69.195][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/9 319/365 49/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 55/1413 207/1514 11/134][URL: 144.91.69.195/solar.php][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx/1.10.3][User-Agent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Filename: phn34ycjtghm.exe][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Obsolete Server **][Risk Score: 310][Risk Info: Found host 144.91.69.195 / UA pwtyyEKzNtGatwnJjmCcBLbOveCVpc / Obsolete nginx server 1.10.3 / Found mime exe octet-stream][PLAIN TEXT (GET /solar.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,2,0,0,7,0,0,63,0,0,24,0,0] diff --git a/tests/cfgs/default/result/exe_download_as_png.pcap.out b/tests/cfgs/default/result/exe_download_as_png.pcap.out index e5cff697d..bd6ee97a2 100644 --- a/tests/cfgs/default/result/exe_download_as_png.pcap.out +++ b/tests/cfgs/default/result/exe_download_as_png.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 534 529449 1 +Acceptable 534 529449 1 + 1 TCP 10.9.25.101:49197 <-> 185.98.87.185:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][163 pkts/9113 bytes <-> 371 pkts/520336 bytes][Goodput ratio: 3/96][69.52 sec][Hostname/SNI: 185.98.87.185][bytes ratio: -0.966 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 623/25 60010/4824 5733/276][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 56/1403 204/1514 16/164][URL: 185.98.87.185/tablone.png][StatusCode: 200][Content-Type: image/png][Server: nginx/1.10.3][User-Agent: WinHTTP loader/1.0][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Obsolete Server **][Risk Score: 210][Risk Info: Found host 185.98.87.185 / Obsolete nginx server 1.10.3 / Found Windows Exe][PLAIN TEXT (GET /tablone.png HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,10,0,0,71,0,0,16,0,0] diff --git a/tests/cfgs/default/result/facebook.pcap.out b/tests/cfgs/default/result/facebook.pcap.out index e72f3a645..a7ad47b51 100644 --- a/tests/cfgs/default/result/facebook.pcap.out +++ b/tests/cfgs/default/result/facebook.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Facebook 60 30511 2 +Fun 60 30511 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.43.18 2 diff --git a/tests/cfgs/default/result/fastcgi.pcap.out b/tests/cfgs/default/result/fastcgi.pcap.out index 5d48d6158..1820086fb 100644 --- a/tests/cfgs/default/result/fastcgi.pcap.out +++ b/tests/cfgs/default/result/fastcgi.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) FastCGI 102 72243 1 +Safe 102 72243 1 + 1 TCP 10.0.0.9:38254 <-> 10.0.0.11:9000 [proto: 310/FastCGI][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][48 pkts/4271 bytes <-> 54 pkts/67972 bytes][Goodput ratio: 26/95][3.42 sec][Hostname/SNI: api.openstreetmap.org][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/81 1257/2019 204/358][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1259 1121/1514 151/523][User-Agent: dummy_agent dummy_agent][PLAIN TEXT (SCRIPT)][Plen Bins: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,85,0,0] diff --git a/tests/cfgs/default/result/fins.pcap.out b/tests/cfgs/default/result/fins.pcap.out index fabf8f02a..a90b9e4a3 100644 --- a/tests/cfgs/default/result/fins.pcap.out +++ b/tests/cfgs/default/result/fins.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) FINS 257 17841 3 +Acceptable 257 17841 3 + 1 UDP 10.4.14.102:58722 -> 10.130.130.130:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][245 pkts/16887 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 69/0 582/0 46/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (filename.exeaaaaaaaaaaaaaaaaaaa)][Plen Bins: 89,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.1.1.173:17134 <-> 10.1.1.164:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][6 pkts/385 bytes <-> 4 pkts/366 bytes][Goodput ratio: 13/40][0.59 sec][bytes ratio: 0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/145 117/151 158/157 58/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 64/92 83/176 11/50][PLAIN TEXT (EL20DR)][Plen Bins: 75,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.1.1.173:54855 <-> 10.1.1.164:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/55 bytes <-> 1 pkts/148 bytes][Goodput ratio: 23/71][0.16 sec][PLAIN TEXT (EL20DR)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/firefox.pcap.out b/tests/cfgs/default/result/firefox.pcap.out index 8dc5b2d84..7987190e3 100644 --- a/tests/cfgs/default/result/firefox.pcap.out +++ b/tests/cfgs/default/result/firefox.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 129 60233 6 +Safe 129 60233 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/fix.pcap.out b/tests/cfgs/default/result/fix.pcap.out index 5fbc9e76b..6436ef05a 100644 --- a/tests/cfgs/default/result/fix.pcap.out +++ b/tests/cfgs/default/result/fix.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) FIX 1261 115514 12 +Safe 1261 115514 12 + 1 TCP 208.245.107.3:4000 <-> 192.168.0.20:45578 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][228 pkts/26333 bytes <-> 228 pkts/13920 bytes][Goodput ratio: 53/2][22.80 sec][bytes ratio: 0.308 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 100/100 850/850 127/126][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/61 511/140 54/9][PLAIN TEXT (FIX.4.1)][Plen Bins: 35,41,10,8,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 8.17.22.31:4000 <-> 192.168.0.20:47968 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][201 pkts/21246 bytes <-> 200 pkts/13460 bytes][Goodput ratio: 38/2][22.86 sec][bytes ratio: 0.224 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 110/109 501/500 86/84][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/67 169/153 15/11][PLAIN TEXT (FIX.4.1)][Plen Bins: 23,67,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 8.17.22.31:4000 <-> 192.168.0.20:43594 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][111 pkts/16881 bytes <-> 111 pkts/7680 bytes][Goodput ratio: 57/5][22.65 sec][bytes ratio: 0.375 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/199 265/291 96/98][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 152/69 288/164 42/17][PLAIN TEXT (FIX.4.1)][Plen Bins: 3,25,31,28,10,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fix2.pcap.out b/tests/cfgs/default/result/fix2.pcap.out index e1a22c67e..f27461129 100644 --- a/tests/cfgs/default/result/fix2.pcap.out +++ b/tests/cfgs/default/result/fix2.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) FIX 3046 246540 2 +Safe 3046 246540 2 + 1 TCP 10.101.0.2:34962 <-> 10.102.0.2:1024 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][683 pkts/53501 bytes <-> 1304 pkts/102844 bytes][Goodput ratio: 25/25][0.01 sec][bytes ratio: -0.316 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 78/79 160/174 35/38][PLAIN TEXT (FIXT.1.1)][Plen Bins: 0,0,46,53,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.101.0.2:34963 <-> 10.102.0.9:1024 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][411 pkts/34812 bytes <-> 648 pkts/55383 bytes][Goodput ratio: 31/32][0.01 sec][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 85/85 160/174 39/42][PLAIN TEXT (FIXT.1.1)][Plen Bins: 0,0,47,52,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/forticlient.pcap.out b/tests/cfgs/default/result/forticlient.pcap.out index e849c0c36..3921a3cc8 100644 --- a/tests/cfgs/default/result/forticlient.pcap.out +++ b/tests/cfgs/default/result/forticlient.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) FortiClient 2000 430931 5 +Safe 2000 430931 5 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/ftp-start-tls.pcap.out b/tests/cfgs/default/result/ftp-start-tls.pcap.out index 1aa58890c..24204cebc 100644 --- a/tests/cfgs/default/result/ftp-start-tls.pcap.out +++ b/tests/cfgs/default/result/ftp-start-tls.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) FTPS 51 7510 1 +Unsafe 51 7510 1 + JA3 Host Stats: IP Address # JA3C 1 10.238.26.36 1 diff --git a/tests/cfgs/default/result/ftp.pcap.out b/tests/cfgs/default/result/ftp.pcap.out index 4c1a72021..0eed0abea 100644 --- a/tests/cfgs/default/result/ftp.pcap.out +++ b/tests/cfgs/default/result/ftp.pcap.out @@ -26,6 +26,10 @@ Unknown 1115 1122198 1 FTP_CONTROL 68 5571 1 FTP_DATA 9 1819 1 +Acceptable 9 1819 1 +Unsafe 68 5571 1 +Unrated 1115 1122198 1 + 1 TCP 192.168.1.212:50694 <-> 90.130.70.73:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 12][cat: Download/7][41 pkts/2892 bytes <-> 27 pkts/2679 bytes][Goodput ratio: 6/33][8.48 sec][User: anonymous][Pwd: NcFTP@][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/108 4743/1377 849/305][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/99 96/307 7/45][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found FTP username (anonymous)][PLAIN TEXT (vsFTPd 3.0.3)][Plen Bins: 74,18,5,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.212:50695 <-> 90.130.70.73:25685 [proto: 175/FTP_DATA][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][5 pkts/342 bytes <-> 4 pkts/1477 bytes][Goodput ratio: 0/82][0.09 sec][bytes ratio: -0.624 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/28 14/28 29/29 14/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/369 78/1271 5/521][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT ( 1 0 0 1073741)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ftp_failed.pcap.out b/tests/cfgs/default/result/ftp_failed.pcap.out index b5381f09f..cd14d585e 100644 --- a/tests/cfgs/default/result/ftp_failed.pcap.out +++ b/tests/cfgs/default/result/ftp_failed.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 2/0 (search/found) FTP_CONTROL 18 1700 1 +Unsafe 18 1700 1 + 1 TCP [2a00:d40:1:3:192:12:193:11]:44724 <-> [2a00:800:1010::1]:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Download/7][10 pkts/892 bytes <-> 8 pkts/808 bytes][Goodput ratio: 3/14][7.24 sec][User: hello][Pwd: ][Auth Failed][bytes ratio: 0.049 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 896/1442 5304/5318 1757/2052][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 89/101 98/126 4/15][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found FTP username (hello)][PLAIN TEXT (vsFTPd 3.0.3)][Plen Bins: 71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index 710f2d7dd..bcb1d2ed3 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -38,6 +38,12 @@ RTP 5 1070 1 SIP 85 39540 15 Protobuf 1 113 1 +Safe 1 113 1 +Acceptable 498 77785 202 +Unsafe 35 2456 11 +Dangerous 7 1620 3 +Unrated 34 4212 34 + 1 UDP 212.242.33.35:5060 <-> 192.168.1.2:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][23 pkts/11772 bytes <-> 37 pkts/14743 bytes][Goodput ratio: 91/89][1521.43 sec][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/227 32597/38366 167478/304738 41340/57147][Pkt Len c2s/s2c min/avg/max/stddev: 344/47 512/398 711/1118 86/358][PLAIN TEXT (SIP/2.0 401 Unauthorized)][Plen Bins: 29,0,0,0,0,0,0,0,0,3,6,0,3,6,8,13,1,0,3,0,1,15,0,0,0,5,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: VoIP/10][9 pkts/4647 bytes <-> 3 pkts/1944 bytes][Goodput ratio: 92/93][66.58 sec][bytes ratio: 0.410 (Upload)][IAT c2s/s2c min/avg/max/stddev: 507/34556 8170/34556 32608/34556 10578/0][Pkt Len c2s/s2c min/avg/max/stddev: 417/637 516/648 864/656 186/8][PLAIN TEXT (INVITEKsip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,59,0,0,0,0,0,0,8,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.2:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][71 pkts/6532 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1527.12 sec][Hostname/SNI: eci_domain][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 741/0 20522/0 93225/0 24163/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EFEDEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out index 34c5a3c32..b89f8a4cc 100644 --- a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out @@ -29,6 +29,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 3 655 3 HTTP 118 28709 37 +Acceptable 118 28709 37 +Unrated 3 655 3 + 1 TCP 172.20.3.5:2601 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 13][cat: Web/5][9 pkts/6343 bytes <-> 4 pkts/409 bytes][Goodput ratio: 92/46][11.25 sec][bytes ratio: 0.879 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/104 67/128 469/152 164/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 705/102 1514/243 721/81][PLAIN TEXT (POST /servlets/mms HTTP/1.1)][Plen Bins: 16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0] 2 TCP 172.20.3.5:2606 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 12][cat: Web/5][8 pkts/2287 bytes <-> 5 pkts/2963 bytes][Goodput ratio: 80/91][11.18 sec][Hostname/SNI: 172.20.3.13][bytes ratio: -0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/58 177/172 83/81][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 286/593 1514/1514 478/662][URL: 172.20.3.13/servlets/mms?message-id=189301][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 172.20.3.13 / Empty or missing User-Agent][PLAIN TEXT (GET /servlets/mms)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,50,0,0] 3 TCP 172.20.3.5:2604 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/1754 bytes <-> 4 pkts/583 bytes][Goodput ratio: 83/62][11.17 sec][Hostname/SNI: 172.20.3.13][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 307/81 2793/3724 10864/10997 4662/5143][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 351/146 1514/417 582/157][URL: 172.20.3.13/servlets/mms?message-id=189001][StatusCode: 200][Server: Resin/2.0.1][User-Agent: SonyEricssonT68/R201A][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 172.20.3.13][PLAIN TEXT (GET /servlets/mms)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] diff --git a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out index e5b96fc09..1d2fe970b 100644 --- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out @@ -30,6 +30,9 @@ Unknown 19 6603 19 VRRP 1 725 1 Radius 295 143155 57 +Acceptable 296 143880 58 +Unrated 19 6603 19 + 1 UDP 10.12.64.30:29200 <-> 198.226.25.53:1812 [proto: 146/Radius][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][110 pkts/79894 bytes <-> 102 pkts/24138 bytes][Goodput ratio: 93/82][2575.21 sec][bytes ratio: 0.536 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/154 25882/28068 567977/452627 75856/68610][Pkt Len c2s/s2c min/avg/max/stddev: 697/179 726/237 745/318 20/53][PLAIN TEXT (50311480271516480@wlan.mnc480.m)][Plen Bins: 0,0,0,0,12,12,10,0,12,0,0,0,0,0,0,0,0,0,0,0,14,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.12.64.30:29200 <-> 198.226.25.62:1812 [proto: 146/Radius][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][12 pkts/8682 bytes <-> 6 pkts/1365 bytes][Goodput ratio: 94/81][1507.26 sec][bytes ratio: 0.728 (Upload)][IAT c2s/s2c min/avg/max/stddev: 195/217 150274/201744 597367/597234 204869/243404][Pkt Len c2s/s2c min/avg/max/stddev: 660/165 724/228 745/318 27/65][PLAIN TEXT (50311480281501589@wlan.mnc480.m)][Plen Bins: 0,0,0,5,11,5,0,0,11,0,0,0,0,0,0,0,0,0,0,5,16,45,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.12.64.30:29200 <-> 198.226.25.53:1813 [proto: 146/Radius][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/3539 bytes <-> 4 pkts/620 bytes][Goodput ratio: 93/73][2002.35 sec][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6131/15399 400469/467937 1165850/1229729 441254/541835][Pkt Len c2s/s2c min/avg/max/stddev: 251/147 590/155 876/179 230/14][PLAIN TEXT (50311480073638072@wlan.mnc400.m)][Plen Bins: 0,0,0,30,10,0,10,0,10,0,0,0,0,0,0,0,0,0,0,10,10,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out b/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out index f31939713..be2026640 100644 --- a/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out +++ b/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) Unknown 1 197 1 +Unrated 1 197 1 + Undetected flows: diff --git a/tests/cfgs/default/result/geforcenow.pcapng.out b/tests/cfgs/default/result/geforcenow.pcapng.out index a9a50c39b..84579150d 100644 --- a/tests/cfgs/default/result/geforcenow.pcapng.out +++ b/tests/cfgs/default/result/geforcenow.pcapng.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) GeForceNow 108 69000 2 +Fun 108 69000 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.245 2 diff --git a/tests/cfgs/default/result/genshin-impact.pcap.out b/tests/cfgs/default/result/genshin-impact.pcap.out index bbf500b40..d0b9b2b34 100644 --- a/tests/cfgs/default/result/genshin-impact.pcap.out +++ b/tests/cfgs/default/result/genshin-impact.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) GenshinImpact 90 18405 6 +Fun 90 18405 6 + 1 UDP 192.168.2.100:58766 <-> 47.245.143.85:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1369 bytes <-> 8 pkts/3568 bytes][Goodput ratio: 78/91][1.63 sec][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 312/266 818/750 343/309][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 196/446 648/1223 192/449][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,13,0,6,13,20,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:52575 <-> 8.209.69.191:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1975 bytes <-> 8 pkts/1300 bytes][Goodput ratio: 85/74][2.27 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 409/181 1044/710 455/239][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 282/162 648/396 240/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,26,0,6,0,20,6,0,0,0,0,6,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:39686 <-> 49.51.181.168:80 [proto: 257/GenshinImpact][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][9 pkts/2327 bytes <-> 6 pkts/535 bytes][Goodput ratio: 78/35][0.71 sec][bytes ratio: 0.626 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/88 176/176 86/87][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 259/89 1468/138 434/29][PLAIN TEXT (194946781)][Plen Bins: 0,50,25,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0] diff --git a/tests/cfgs/default/result/git.pcap.out b/tests/cfgs/default/result/git.pcap.out index dde564425..5716dbe26 100644 --- a/tests/cfgs/default/result/git.pcap.out +++ b/tests/cfgs/default/result/git.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Git 90 74005 1 +Safe 90 74005 1 + 1 TCP 192.168.0.77:47991 <-> 5.153.231.21:9418 [proto: 226/Git][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Collaborative/15][41 pkts/3319 bytes <-> 49 pkts/70686 bytes][Goodput ratio: 18/95][1.11 sec][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/25 558/607 98/96][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 81/1443 593/2946 82/706][PLAIN TEXT (0045git)][Plen Bins: 4,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,12] diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index a8df01f0f..46d5a8aa2 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -44,6 +44,12 @@ LLMNR 10 770 6 NAT-PMP 4 176 4 BACnet 2 140 1 +Safe 23 4535 2 +Acceptable 184 57460 38 +Potentially Dangerous 2787 437378 330 +Dangerous 5 1215 1 +Unrated 883 76902 389 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/google_meet.pcapng.out b/tests/cfgs/default/result/google_meet.pcapng.out index 3621c3027..76308b3cc 100644 --- a/tests/cfgs/default/result/google_meet.pcapng.out +++ b/tests/cfgs/default/result/google_meet.pcapng.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleMeet 12 8888 2 +Acceptable 12 8888 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.88.231 2 diff --git a/tests/cfgs/default/result/google_ssl.pcap.out b/tests/cfgs/default/result/google_ssl.pcap.out index 039311c55..53449b281 100644 --- a/tests/cfgs/default/result/google_ssl.pcap.out +++ b/tests/cfgs/default/result/google_ssl.pcap.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 28 9108 1 +Safe 28 9108 1 + 1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 24][cat: Web/5][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][Goodput ratio: 43/91][6.67 sec][bytes ratio: -0.668 (Download)][IAT c2s/s2c min/avg/max/stddev: 76/66 422/544 1185/1213 376/402][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/633 368/1484 87/622][Plen Bins: 8,8,0,8,0,8,0,0,0,25,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0] diff --git a/tests/cfgs/default/result/googledns_android10.pcap.out b/tests/cfgs/default/result/googledns_android10.pcap.out index cc2c0bd85..d64850581 100644 --- a/tests/cfgs/default/result/googledns_android10.pcap.out +++ b/tests/cfgs/default/result/googledns_android10.pcap.out @@ -28,6 +28,8 @@ Patricia protocols IPv6: 0/0 (search/found) ICMP 4 392 1 DoH_DoT 528 132502 7 +Acceptable 532 132894 8 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.159 2 diff --git a/tests/cfgs/default/result/gquic.pcap.out b/tests/cfgs/default/result/gquic.pcap.out index c39aabab9..0d63bfb6b 100644 --- a/tests/cfgs/default/result/gquic.pcap.out +++ b/tests/cfgs/default/result/gquic.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Google 1 1392 1 +Acceptable 1 1392 1 + 1 UDP 10.44.5.25:61097 -> 216.58.213.163:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.gstatic.com][User-Agent: canary Chrome/85.0.4169.0 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Q050][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gquic_only_from_server.pcap.out b/tests/cfgs/default/result/gquic_only_from_server.pcap.out index 086f114ca..e1864c727 100644 --- a/tests/cfgs/default/result/gquic_only_from_server.pcap.out +++ b/tests/cfgs/default/result/gquic_only_from_server.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 30 39740 1 +Acceptable 30 39740 1 + 1 UDP 213.202.7.26:443 -> 10.189.122.71:60524 [VLAN: 1508][proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][30 pkts/39740 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.09 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/0 59/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 69/0 1325/0 1396/0 275/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (AESGCC20)][Plen Bins: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gtp_c.pcap.out b/tests/cfgs/default/result/gtp_c.pcap.out index 8be459d88..8532fdf2e 100644 --- a/tests/cfgs/default/result/gtp_c.pcap.out +++ b/tests/cfgs/default/result/gtp_c.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) GTP_C 4 684 1 +Acceptable 4 684 1 + 1 UDP 10.101.0.2:1024 <-> 10.102.0.2:2123 [proto: 152.272/GTP.GTP_C][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/365 bytes <-> 2 pkts/319 bytes][Goodput ratio: 77/73][0.00 sec][PLAIN TEXT (internet)][Plen Bins: 25,25,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gtp_false_positive.pcapng.out b/tests/cfgs/default/result/gtp_false_positive.pcapng.out index 92c9a6654..d6a97ae6f 100644 --- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out +++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 5 428 1 GTP 2 424 2 +Acceptable 2 424 2 +Unrated 5 428 1 + 1 UDP 119.185.190.173:2123 -> 66.86.98.114:50140 [proto: 152/GTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (autoAlgo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 50.7.111.134:17000 -> 103.225.103.159:2123 [proto: 152/GTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 14/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gtp_prime.pcapng.out b/tests/cfgs/default/result/gtp_prime.pcapng.out index bb889dd8e..2b2789891 100644 --- a/tests/cfgs/default/result/gtp_prime.pcapng.out +++ b/tests/cfgs/default/result/gtp_prime.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) GTP_PRIME 1 300 1 +Acceptable 1 300 1 + 1 UDP 10.10.54.1:64580 -> 10.10.39.10:3386 [VLAN: 103][proto: 152.273/GTP.GTP_PRIME][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (NODE01)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/h323-overflow.pcap.out b/tests/cfgs/default/result/h323-overflow.pcap.out index 89781602a..c63c5cce6 100644 --- a/tests/cfgs/default/result/h323-overflow.pcap.out +++ b/tests/cfgs/default/result/h323-overflow.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 1 58 1 +Unrated 1 58 1 + Undetected flows: diff --git a/tests/cfgs/default/result/h323.pcap.out b/tests/cfgs/default/result/h323.pcap.out index d970a4411..f3cca1ae5 100644 --- a/tests/cfgs/default/result/h323.pcap.out +++ b/tests/cfgs/default/result/h323.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) H323 12 1825 2 +Acceptable 12 1825 2 + 1 UDP 17.2.0.124:2034 <-> 17.2.0.161:1719 [proto: 158/H323][IP: 140/Apple][ClearText][Confidence: DPI][DPI packets: 2][cat: VoIP/10][3 pkts/665 bytes <-> 7 pkts/853 bytes][Goodput ratio: 81/65][80.21 sec][bytes ratio: -0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 247/336 288/13362 330/70142 42/25418][Pkt Len c2s/s2c min/avg/max/stddev: 80/67 222/122 411/176 139/48][PLAIN TEXT (@333333330)][Plen Bins: 20,20,10,10,30,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 17.2.0.124:3032 <-> 17.2.0.122:1720 [proto: 158/H323][IP: 140/Apple][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/207 bytes <-> 1 pkts/100 bytes][Goodput ratio: 74/46][0.06 sec][PLAIN TEXT (5295672)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/h323_tcp.pcap.out b/tests/cfgs/default/result/h323_tcp.pcap.out index 30c9e8abe..eb47ef27f 100644 --- a/tests/cfgs/default/result/h323_tcp.pcap.out +++ b/tests/cfgs/default/result/h323_tcp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) H323 10 939 1 +Acceptable 10 939 1 + 1 TCP 10.1.6.18:1720 <-> 10.1.3.143:32803 [proto: 158/H323][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][5 pkts/509 bytes <-> 5 pkts/430 bytes][Goodput ratio: 44/37][1.04 sec][bytes ratio: 0.084 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 60/17 261/261 627/627 217/225][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 102/86 151/214 35/64][PLAIN TEXT (m.jemec)][Plen Bins: 0,0,50,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/haproxy.pcap.out b/tests/cfgs/default/result/haproxy.pcap.out index 1cba1a8fb..6f6936f6e 100644 --- a/tests/cfgs/default/result/haproxy.pcap.out +++ b/tests/cfgs/default/result/haproxy.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HAProxy 1 375 1 +Safe 1 375 1 + 1 TCP 1.1.1.1:48502 -> 2.2.2.2:443 [proto: 350/HAProxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/375 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (PROXY TCP)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hart_ip.pcap.out b/tests/cfgs/default/result/hart_ip.pcap.out index 4b0573ca9..db3733c2b 100644 --- a/tests/cfgs/default/result/hart_ip.pcap.out +++ b/tests/cfgs/default/result/hart_ip.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) HART-IP 65 4413 3 +Acceptable 65 4413 3 + 1 TCP 192.168.0.101:49559 <-> 192.168.0.10:5094 [proto: 72/HART-IP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][27 pkts/1652 bytes <-> 14 pkts/1156 bytes][Goodput ratio: 11/33][34.10 sec][bytes ratio: 0.177 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1547/3394 30003/30004 6255/8934][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 61/83 75/110 8/16][PLAIN TEXT (wihartgw)][Plen Bins: 70,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.0.10:5095 <-> 192.168.0.101:49905 [proto: 72/HART-IP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][12 pkts/915 bytes <-> 11 pkts/635 bytes][Goodput ratio: 42/27][34.71 sec][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 46/51 516/3796 4241/30007 1317/9907][Pkt Len c2s/s2c min/avg/max/stddev: 60/50 76/58 98/63 13/4][PLAIN TEXT (wihartgw)][Plen Bins: 69,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.0.101:49905 -> 192.168.0.10:5094 [proto: 72/HART-IP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/55 bytes -> 0 pkts/0 bytes][Goodput ratio: 23/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out b/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out index 1af36cbd3..26dd42d25 100644 --- a/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out +++ b/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out @@ -25,6 +25,9 @@ TLS 196 76217 4 WindowsUpdate 19 2638 1 Pinterest 88 34448 1 +Safe 215 78855 5 +Fun 88 34448 1 + JA3 Host Stats: IP Address # JA3C 1 194.226.199.103 1 diff --git a/tests/cfgs/default/result/hislip.pcap.out b/tests/cfgs/default/result/hislip.pcap.out index 3e7bf8d58..a9fef2388 100644 --- a/tests/cfgs/default/result/hislip.pcap.out +++ b/tests/cfgs/default/result/hislip.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HiSLIP 184 12204 4 +Acceptable 184 12204 4 + 1 TCP 10.64.0.127:51056 <-> 10.64.0.72:4880 [proto: 372/HiSLIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][39 pkts/2432 bytes <-> 23 pkts/1584 bytes][Goodput ratio: 12/20][214.30 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5039/8986 25879/26093 6570/7043][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 62/69 108/78 11/4][PLAIN TEXT (582390DAF)][Plen Bins: 97,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.64.0.127:51055 <-> 10.64.0.72:4880 [proto: 372/HiSLIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][27 pkts/1765 bytes <-> 20 pkts/1466 bytes][Goodput ratio: 14/23][214.32 sec][bytes ratio: 0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9060/14014 30021/30224 11869/12472][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/73 80/95 11/13][PLAIN TEXT (Query INTERRUPTED)][Plen Bins: 88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.64.0.127:51054 <-> 10.64.0.72:4880 [proto: 372/HiSLIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][23 pkts/1460 bytes <-> 16 pkts/1064 bytes][Goodput ratio: 11/15][246.85 sec][bytes ratio: 0.157 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9131/16221 30014/30221 11397/11595][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 63/66 108/78 12/6][PLAIN TEXT (582390DAF)][Plen Bins: 95,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hl7.pcap.out b/tests/cfgs/default/result/hl7.pcap.out index bed019835..6d20f4544 100644 --- a/tests/cfgs/default/result/hl7.pcap.out +++ b/tests/cfgs/default/result/hl7.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HL7 9 1173 1 +Acceptable 9 1173 1 + 1 TCP 10.0.0.155:49242 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][5 pkts/777 bytes <-> 4 pkts/396 bytes][Goodput ratio: 61/42][0.04 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 8/16 31/21 13/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 155/99 531/222 188/71][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (SENDING)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hots.pcapng.out b/tests/cfgs/default/result/hots.pcapng.out index 1e9f8ece3..ba1e19b68 100644 --- a/tests/cfgs/default/result/hots.pcapng.out +++ b/tests/cfgs/default/result/hots.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Heroes_of_the_Storm 100 10145 3 +Fun 100 10145 3 + 1 UDP 24.105.57.16:3724 -> 192.168.0.73:50609 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][40 pkts/4753 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][1.26 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 32/0 62/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 119/0 164/0 34/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 22,0,47,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 24.105.57.183:1119 -> 192.168.0.73:50609 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][25 pkts/2978 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][0.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6/0 38/0 63/0 22/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 119/0 158/0 21/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 4,24,40,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.0.73:54598 <-> 24.105.56.13:3724 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/908 bytes <-> 21 pkts/1506 bytes][Goodput ratio: 35/41][92.43 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/17 42/51 66/63 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 65/72 66/74 2/5][Plen Bins: 51,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hpvirtgrp.pcap.out b/tests/cfgs/default/result/hpvirtgrp.pcap.out index 02f50ae0d..e3f4f98df 100644 --- a/tests/cfgs/default/result/hpvirtgrp.pcap.out +++ b/tests/cfgs/default/result/hpvirtgrp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HP_VIRTGRP 135 12739 9 +Acceptable 135 12739 9 + 1 TCP 192.168.2.100:40152 <-> 160.44.194.66:5223 [proto: 256/HP_VIRTGRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][7 pkts/1019 bytes <-> 8 pkts/613 bytes][Goodput ratio: 61/26][1.18 sec][bytes ratio: 0.249 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 92/192 380/409 144/135][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 146/77 217/106 74/17][Plen Bins: 0,50,0,0,12,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:35634 <-> 160.44.194.66:5223 [proto: 256/HP_VIRTGRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/945 bytes <-> 7 pkts/524 bytes][Goodput ratio: 52/23][233.89 sec][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 38973/46772 233376/233402 86940/93315][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 118/75 217/106 70/18][Plen Bins: 0,57,0,0,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:49838 <-> 160.44.194.66:5223 [proto: 256/HP_VIRTGRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][9 pkts/1019 bytes <-> 6 pkts/435 bytes][Goodput ratio: 48/20][129.59 sec][bytes ratio: 0.402 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18430/32235 128357/128902 44878/55811][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 113/72 217/106 68/18][Plen Bins: 0,50,0,0,16,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hsrp0.pcap.out b/tests/cfgs/default/result/hsrp0.pcap.out index 076fa8341..aa49dcbbb 100644 --- a/tests/cfgs/default/result/hsrp0.pcap.out +++ b/tests/cfgs/default/result/hsrp0.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HSRP 4 264 4 +Acceptable 4 264 4 + 1 UDP 10.28.168.252:1985 -> 224.0.0.2:1985 [VLAN: 10][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.28.168.253:1985 -> 224.0.0.2:1985 [VLAN: 10][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.28.170.253:1985 -> 224.0.0.2:1985 [VLAN: 12][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hsrp2.pcap.out b/tests/cfgs/default/result/hsrp2.pcap.out index e8c52ffc2..db3aed661 100644 --- a/tests/cfgs/default/result/hsrp2.pcap.out +++ b/tests/cfgs/default/result/hsrp2.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) HSRP 2 188 2 +Acceptable 2 188 2 + 1 UDP 10.52.220.125:1985 -> 224.0.0.102:1985 [proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.52.253.125:1985 -> 224.0.0.102:1985 [proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out b/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out index 4c18c4a13..3dd580835 100644 --- a/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out +++ b/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 4/0 (search/found) HSRP 36 4374 2 +Acceptable 36 4374 2 + 1 UDP [fe80::1]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][18 pkts/2286 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][138.56 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8110/0 21092/0 4624/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 127/0 138/0 25/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 16,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP [fe80::2]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][18 pkts/2088 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][131.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 73/0 7611/0 21554/0 5305/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 116/0 138/0 31/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http-crash-content-disposition.pcap.out b/tests/cfgs/default/result/http-crash-content-disposition.pcap.out index 244416ab4..379a45571 100644 --- a/tests/cfgs/default/result/http-crash-content-disposition.pcap.out +++ b/tests/cfgs/default/result/http-crash-content-disposition.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 9 3328 1 +Acceptable 9 3328 1 + 1 TCP 192.168.0.103:51171 <-> 174.129.0.10:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][4 pkts/691 bytes <-> 5 pkts/2637 bytes][Goodput ratio: 69/90][0.31 sec][Hostname/SNI: khu.sh][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/50 125/145 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 173/527 480/1492 178/601][URL: khu.sh/imessages.php?songify_a=3h248fIbwJ&new][StatusCode: 200][Req Content-Type: text/plain][Content-Type: text/html][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST /imessages.php)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] diff --git a/tests/cfgs/default/result/http-lines-split.pcap.out b/tests/cfgs/default/result/http-lines-split.pcap.out index aa965fac6..41a7590bd 100644 --- a/tests/cfgs/default/result/http-lines-split.pcap.out +++ b/tests/cfgs/default/result/http-lines-split.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 14 2503 1 +Acceptable 14 2503 1 + 1 TCP 192.168.0.1:39236 <-> 192.168.0.20:31337 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/481 bytes <-> 7 pkts/2022 bytes][Goodput ratio: 14/81][0.00 sec][Hostname/SNI: toni.lan][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 69/289 92/1514 12/503][URL: toni.lan:31337/][StatusCode: 200][User-Agent: uclient-fetch][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] diff --git a/tests/cfgs/default/result/http-manipulated.pcap.out b/tests/cfgs/default/result/http-manipulated.pcap.out index 22e38c891..a90ef0cfb 100644 --- a/tests/cfgs/default/result/http-manipulated.pcap.out +++ b/tests/cfgs/default/result/http-manipulated.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 40 45063 2 +Acceptable 40 45063 2 + 1 TCP 192.168.0.20:33684 <-> 192.168.0.7:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1543 bytes <-> 15 pkts/42291 bytes][Goodput ratio: 47/98][0.07 sec][Hostname/SNI: www.lan][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/6 72/73 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/2819 440/5894 123/2007][URL: www.lan:8080/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri][StatusCode: 200][Content-Type: text/html][Server: gamma_httpd][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (GET /aaaaaaaaa)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,64] 2 TCP 192.168.0.20:33632 <-> 192.168.0.7:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/412 bytes <-> 4 pkts/817 bytes][Goodput ratio: 18/71][0.00 sec][Hostname/SNI: wwww.lan][bytes ratio: -0.330 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 69/204 130/631 28/246][URL: wwww.lan:8080/][StatusCode: 200][Content-Type: text/html][Server: gamma_httpd][User-Agent: curl/7.64.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http-proxy.pcapng.out b/tests/cfgs/default/result/http-proxy.pcapng.out index 6d9c0390a..fbfdc0b9a 100644 --- a/tests/cfgs/default/result/http-proxy.pcapng.out +++ b/tests/cfgs/default/result/http-proxy.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP_Proxy 11 1652 1 +Acceptable 11 1652 1 + 1 TCP 192.168.1.103:1241 <-> 192.168.1.146:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/654 bytes <-> 5 pkts/998 bytes][Goodput ratio: 45/72][5.24 sec][Hostname/SNI: http.com][bytes ratio: -0.208 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1048/118 4958/234 1958/116][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 109/200 348/770 107/285][URL: http://http.com/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][PLAIN TEXT (GET http)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http2.pcapng.out b/tests/cfgs/default/result/http2.pcapng.out index 574a4918a..aa59e2bfb 100644 --- a/tests/cfgs/default/result/http2.pcapng.out +++ b/tests/cfgs/default/result/http2.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP2 10 1271 1 +Safe 10 1271 1 + 1 TCP 127.0.0.1:37824 <-> 127.0.0.1:29518 [proto: 349/HTTP2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][4 pkts/591 bytes <-> 6 pkts/680 bytes][Goodput ratio: 54/40][0.00 sec][bytes ratio: -0.070 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 0/0 1/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 77/81 148/113 212/163 50/35][PLAIN TEXT ( HTTP/2.0)][Plen Bins: 40,10,30,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_asymmetric.pcapng.out b/tests/cfgs/default/result/http_asymmetric.pcapng.out index 1c42eeae7..c39e456e8 100644 --- a/tests/cfgs/default/result/http_asymmetric.pcapng.out +++ b/tests/cfgs/default/result/http_asymmetric.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 23 9961 2 +Acceptable 23 9961 2 + 1 TCP 192.168.1.146:80 -> 192.168.1.103:1044 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Web/5][13 pkts/8357 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][5.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/0 5000/0 1435/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 643/0 1514/0 626/0][StatusCode: 404][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][Risk: ** HTTP Susp User-Agent **** Error Code **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / HTTP Error Code 404 / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] 2 TCP 192.168.0.1:1044 -> 10.10.10.1:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][10 pkts/1604 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][5.11 sec][Hostname/SNI: proxy.wiresharkfest.acropolis.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 567/0 4951/0 1550/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 160/0 418/0 160/0][URL: proxy.wiresharkfest.acropolis.local/favicon.ico][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_auth.pcap.out b/tests/cfgs/default/result/http_auth.pcap.out index 33454c57f..d211dd299 100644 --- a/tests/cfgs/default/result/http_auth.pcap.out +++ b/tests/cfgs/default/result/http_auth.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 33 20574 1 +Acceptable 33 20574 1 + 1 TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0] diff --git a/tests/cfgs/default/result/http_connect.pcap.out b/tests/cfgs/default/result/http_connect.pcap.out index 89a7bb50d..2af61d547 100644 --- a/tests/cfgs/default/result/http_connect.pcap.out +++ b/tests/cfgs/default/result/http_connect.pcap.out @@ -26,6 +26,9 @@ DNS 2 178 1 TLS 58 36496 1 HTTP_Connect 40 26841 1 +Safe 58 36496 1 +Acceptable 42 27019 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.146 1 diff --git a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out index 506869ce9..4ece68db3 100644 --- a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out +++ b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) POP3 1 123 1 +Unsafe 1 123 1 + 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 2/POP3][IP: 274/Alibaba][ClearText][Confidence: Match by port][DPI packets: 1][cat: Email/3][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: No client to server traffic / TCP probing attempt][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_invalid_server.pcap.out b/tests/cfgs/default/result/http_invalid_server.pcap.out index dd5376cd6..446bbfccd 100644 --- a/tests/cfgs/default/result/http_invalid_server.pcap.out +++ b/tests/cfgs/default/result/http_invalid_server.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OCSP 12 1301 1 +Safe 12 1301 1 + 1 TCP 192.168.1.29:51536 <-> 143.204.14.183:80 [proto: 7.63/HTTP.OCSP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/556 bytes <-> 5 pkts/745 bytes][Goodput ratio: 15/55][0.04 sec][Hostname/SNI: ocsp.rootg2.amazontrust.com][bytes ratio: -0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 12/12 6/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/149 148/468 28/160][URL: ocsp.rootg2.amazontrust.com/][StatusCode: 200][Content-Type: application/ocsp-response][Server: ¯\_(ツ)_/¯][User-Agent: **][Risk: ** HTTP Susp User-Agent **** HTTP Susp Header **][Risk Score: 200][Risk Info: Suspicious Log4J / Suspicious Agent][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 33,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index 04ca8c23a..c6b50554e 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -31,6 +31,10 @@ Facebook 22 10202 2 Google 62 15977 1 QUIC 3 502 1 +Safe 106 39646 11 +Acceptable 65 16479 2 +Fun 22 10202 2 + JA3 Host Stats: IP Address # JA3C 1 2a00:d40:1:3:7aac:c0ff:fea7:d4c 1 diff --git a/tests/cfgs/default/result/http_on_sip_port.pcap.out b/tests/cfgs/default/result/http_on_sip_port.pcap.out index 2689357da..b13b925ba 100644 --- a/tests/cfgs/default/result/http_on_sip_port.pcap.out +++ b/tests/cfgs/default/result/http_on_sip_port.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 4 1831 1 +Acceptable 4 1831 1 + 1 TCP 82.178.111.221:5060 <-> 45.58.148.2:8888 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/351 bytes <-> 2 pkts/1480 bytes][Goodput ratio: 63/92][0.32 sec][Hostname/SNI: 45.58.148.2][URL: 45.58.148.2/star-123456/index.m3u8?token=89b198b8844824ca15b8b379c26fc1b7dfcba368-5KUJTJ5Y73AGIAOV-1618753174-1618742374][StatusCode: 403][Server: Flussonic][User-Agent: exoplayer-codelab][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Error Code **][Risk Score: 70][Risk Info: Found host 45.58.148.2 / Expected on port 80 / HTTP Error Code 403][PLAIN TEXT (GET /star)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_origin_different_than_host.pcap.out b/tests/cfgs/default/result/http_origin_different_than_host.pcap.out index 000466cbe..470c09bfd 100644 --- a/tests/cfgs/default/result/http_origin_different_than_host.pcap.out +++ b/tests/cfgs/default/result/http_origin_different_than_host.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 4 1229 1 +Acceptable 4 1229 1 + 1 TCP 10.140.206.74:34536 <-> 18.135.206.102:80 [VLAN: 113][proto: GTP:7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/835 bytes <-> 2 pkts/394 bytes][Goodput ratio: 73/42][0.35 sec][Hostname/SNI: csb.performgroup.io][URL: csb.performgroup.io/?topreferer=optawidgets.365scores.com][StatusCode: 101][User-Agent: Mozilla/5.0 (Linux; Android 9; JKM-LX1 Build/HUAWEIJKM-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/106.0.5249.118 Mobile Safari/537.36][PLAIN TEXT (topreferer)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_starting_with_reply.pcapng.out b/tests/cfgs/default/result/http_starting_with_reply.pcapng.out index 7e5940eb9..0da9ef15f 100644 --- a/tests/cfgs/default/result/http_starting_with_reply.pcapng.out +++ b/tests/cfgs/default/result/http_starting_with_reply.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 18 9297 1 +Acceptable 18 9297 1 + 1 TCP 192.168.1.146:80 <-> 192.168.1.103:1044 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][11 pkts/8231 bytes <-> 7 pkts/1066 bytes][Goodput ratio: 92/64][5.11 sec][Hostname/SNI: proxy.wiresharkfest.acropolis.local][bytes ratio: 0.771 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 566/1272 5000/4951 1568/2124][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 748/152 1514/403 625/155][URL: proxy.wiresharkfest.acropolis.local/icons/ubuntu-logo.png][StatusCode: 200][Content-Type: image/png][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,44,0,0] diff --git a/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out b/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out index 93ff1424c..54a2bacc0 100644 --- a/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out +++ b/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 115 76310 1 +Acceptable 115 76310 1 + 1 TCP 254.125.135.128:21359 <-> 66.152.103.45:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][76 pkts/67448 bytes <-> 39 pkts/8862 bytes][Goodput ratio: 93/71][386.83 sec][Hostname/SNI: va.origin.startappservice.com][bytes ratio: 0.768 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/234 4719/10214 59840/59845 10187/13183][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 887/227 1454/424 557/96][StatusCode: 200][User-Agent: Mozil][PLAIN TEXT (WGET /tracking/adImpression)][Plen Bins: 0,0,0,2,26,0,6,1,13,1,4,6,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,0,0,0] diff --git a/tests/cfgs/default/result/i3d.pcap.out b/tests/cfgs/default/result/i3d.pcap.out index a6a3644bb..746a451a4 100644 --- a/tests/cfgs/default/result/i3d.pcap.out +++ b/tests/cfgs/default/result/i3d.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) i3D 60 36502 4 +Fun 60 36502 4 + 1 UDP 192.168.2.100:62461 <-> 213.163.87.47:50004 [proto: 301/i3D][IP: 58/Discord][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/16467 bytes <-> 1 pkts/116 bytes][Goodput ratio: 96/63][0.05 sec][bytes ratio: 0.986 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/0 36/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 116/116 1176/116 1258/116 294/0][PLAIN TEXT (90.186.132.133)][Plen Bins: 0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,66,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:55205 <-> 213.163.87.47:50004 [proto: 301/i3D][IP: 58/Discord][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/11517 bytes <-> 1 pkts/116 bytes][Goodput ratio: 95/63][0.11 sec][bytes ratio: 0.980 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 9/0 31/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/116 823/116 1209/116 456/0][PLAIN TEXT (90.186.132.133)][Plen Bins: 0,6,13,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:62620 <-> 213.163.87.47:50004 [proto: 301/i3D][IP: 58/Discord][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/5099 bytes <-> 1 pkts/116 bytes][Goodput ratio: 88/63][0.25 sec][bytes ratio: 0.956 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6/0 19/0 36/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/116 364/116 1252/116 258/0][PLAIN TEXT (90.186.132.133)][Plen Bins: 0,6,13,0,0,0,0,0,47,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/iax.pcap.out b/tests/cfgs/default/result/iax.pcap.out index 11d581969..ebc011aba 100644 --- a/tests/cfgs/default/result/iax.pcap.out +++ b/tests/cfgs/default/result/iax.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) IAX 50 9172 1 +Acceptable 50 9172 1 + 1 UDP 82.110.36.84:4569 <-> 192.168.2.120:4566 [proto: 95/IAX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][28 pkts/5240 bytes <-> 22 pkts/3932 bytes][Goodput ratio: 77/76][0.53 sec][bytes ratio: 0.143 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/5 43/51 10/13][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 187/179 214/214 48/59][PLAIN TEXT (442088205155)][Plen Bins: 14,0,2,0,0,84,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/icmp-tunnel.pcap.out b/tests/cfgs/default/result/icmp-tunnel.pcap.out index f83fa5a69..2223d9016 100644 --- a/tests/cfgs/default/result/icmp-tunnel.pcap.out +++ b/tests/cfgs/default/result/icmp-tunnel.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) ICMP 863 190810 1 +Acceptable 863 190810 1 + 1 ICMP 192.168.154.131:0 <-> 192.168.154.132:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][448 pkts/98566 bytes <-> 415 pkts/92244 bytes][Goodput ratio: 81/81][1122.51 sec][bytes ratio: 0.033 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2578/2731 145505/145505 9091/9494][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 220/222 1075/1070 245/245][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (OpenSSH5)][Plen Bins: 0,32,24,24,7,3,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/iec60780-5-104.pcap.out b/tests/cfgs/default/result/iec60780-5-104.pcap.out index b2cff9306..21a80f53e 100644 --- a/tests/cfgs/default/result/iec60780-5-104.pcap.out +++ b/tests/cfgs/default/result/iec60780-5-104.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) IEC60870 147 9033 6 +Acceptable 147 9033 6 + 1 TCP 172.27.248.109:1578 <-> 172.27.248.79:2404 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][28 pkts/1758 bytes <-> 19 pkts/1297 bytes][Goodput ratio: 9/20][235.18 sec][bytes ratio: 0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/4 9106/11905 32485/32516 10297/10287][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 63/68 76/118 5/15][Plen Bins: 96,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.27.248.109:1568 <-> 172.27.248.79:2404 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][17 pkts/1040 bytes <-> 12 pkts/674 bytes][Goodput ratio: 7/3][160.96 sec][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9874/10029 38294/26906 11815/8997][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 61/56 68/62 2/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.27.248.109:1572 <-> 172.27.248.79:2404 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][15 pkts/940 bytes <-> 10 pkts/572 bytes][Goodput ratio: 9/4][191.16 sec][bytes ratio: 0.243 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12850/21996 59783/60001 22023/25276][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 63/57 76/62 5/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ieee_c37118.pcap.out b/tests/cfgs/default/result/ieee_c37118.pcap.out index 01dc70111..d41e9e1dc 100644 --- a/tests/cfgs/default/result/ieee_c37118.pcap.out +++ b/tests/cfgs/default/result/ieee_c37118.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) IEEE-C37118 778 74034 2 +Acceptable 778 74034 2 + 1 TCP 192.168.0.20:36835 <-> 192.168.0.241:4712 [proto: 367/IEEE-C37118][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][159 pkts/10556 bytes <-> 258 pkts/30782 bytes][Goodput ratio: 1/45][5.04 sec][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/19 56/52 18/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/119 84/200 3/9][PLAIN TEXT (Blue PMU )][Plen Bins: 1,98,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.0.10:4712 <-> 192.168.0.60:4713 [proto: 367/IEEE-C37118][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][4 pkts/240 bytes <-> 357 pkts/32456 bytes][Goodput ratio: 30/54][7.49 sec][bytes ratio: -0.985 (Download)][IAT c2s/s2c min/avg/max/stddev: 54/19 185/20 316/59 131/2][Pkt Len c2s/s2c min/avg/max/stddev: 60/90 60/91 60/416 0/17][PLAIN TEXT (1 )][Plen Bins: 1,98,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/imap-starttls.pcap.out b/tests/cfgs/default/result/imap-starttls.pcap.out index e9aa026e7..0c35f2604 100644 --- a/tests/cfgs/default/result/imap-starttls.pcap.out +++ b/tests/cfgs/default/result/imap-starttls.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) IMAPS 32 7975 1 +Safe 32 7975 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.17.53 1 diff --git a/tests/cfgs/default/result/imap.pcap.out b/tests/cfgs/default/result/imap.pcap.out index 38c69095e..2599401d2 100644 --- a/tests/cfgs/default/result/imap.pcap.out +++ b/tests/cfgs/default/result/imap.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) IMAP 33 3774 1 +Unsafe 33 3774 1 + 1 TCP 10.40.4.2:46045 <-> 10.40.3.2:143 [proto: 4/IMAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Email/3][20 pkts/1507 bytes <-> 13 pkts/2267 bytes][Goodput ratio: 12/62][4.57 sec][User: samir][Pwd: pfres][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/17 39/39 15/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 75/174 139/762 17/181][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found IMAP username (samir)][PLAIN TEXT ( OK IMAP4)][Plen Bins: 51,22,11,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/imaps.pcap.out b/tests/cfgs/default/result/imaps.pcap.out index 863fd6030..9e0d89350 100644 --- a/tests/cfgs/default/result/imaps.pcap.out +++ b/tests/cfgs/default/result/imaps.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 20 5196 1 IMAPS 8 4378 1 +Safe 28 9574 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.1 1 diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index 807f438dc..b2aaeb660 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) IMO 100 35380 2 +Acceptable 100 35380 2 + 1 UDP 192.168.12.169:49207 <-> 93.33.47.58:57604 [proto: 216/IMO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: VoIP/10][28 pkts/7889 bytes <-> 37 pkts/13060 bytes][Goodput ratio: 85/88][3.22 sec][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/89 962/721 250/181][Pkt Len c2s/s2c min/avg/max/stddev: 43/43 282/353 1094/1081 414/430][Plen Bins: 63,0,0,4,1,1,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,6,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.169:49207 <-> 185.155.137.30:36535 [proto: 216/IMO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][19 pkts/13028 bytes <-> 16 pkts/1403 bytes][Goodput ratio: 94/52][3.19 sec][bytes ratio: 0.806 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/171 1003/1002 308/343][Pkt Len c2s/s2c min/avg/max/stddev: 224/52 686/88 1266/266 496/60][PLAIN TEXT (/Q/MpI )][Plen Bins: 32,0,2,8,0,5,18,5,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index 382a3573f..96fc5d857 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -34,6 +34,11 @@ TLS 103 62597 5 Dropbox 5 725 2 Instagram 576 391376 22 +Safe 103 62597 5 +Acceptable 166 132007 10 +Fun 576 391376 22 +Unrated 1 66 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.103 1 diff --git a/tests/cfgs/default/result/ip_fragmented_garbage.pcap.out b/tests/cfgs/default/result/ip_fragmented_garbage.pcap.out index 157cd0000..312eca79e 100644 --- a/tests/cfgs/default/result/ip_fragmented_garbage.pcap.out +++ b/tests/cfgs/default/result/ip_fragmented_garbage.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 29 1566 1 +Unrated 29 1566 1 + Undetected flows: diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out index aaad4142f..d663e8f8a 100644 --- a/tests/cfgs/default/result/iphone.pcap.out +++ b/tests/cfgs/default/result/iphone.pcap.out @@ -39,6 +39,10 @@ AppleiTunes 74 25151 8 Spotify 2 172 1 NAT-PMP 2 120 1 +Safe 150 55443 17 +Acceptable 260 140186 25 +Fun 76 25323 9 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.17 2 diff --git a/tests/cfgs/default/result/ipp.pcap.out b/tests/cfgs/default/result/ipp.pcap.out index 44757ed70..53b0bef27 100644 --- a/tests/cfgs/default/result/ipp.pcap.out +++ b/tests/cfgs/default/result/ipp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) IPP 277 248554 3 +Acceptable 277 248554 3 + 1 TCP 10.10.10.49:55342 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: System/18][150 pkts/237529 bytes <-> 84 pkts/5922 bytes][Goodput ratio: 96/6][1.20 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.951 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 6/11 218/212 27/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1584/70 2962/267 978/27][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 1,1,0,0,3,2,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1,2,0,0,0,0,2,0,68] 2 TCP 10.10.10.49:55343 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: System/18][14 pkts/1662 bytes <-> 11 pkts/1306 bytes][Goodput ratio: 44/44][0.06 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 5/7 44/40 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/119 294/333 85/82][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 30,0,0,10,30,0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.10.10.49:55341 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: System/18][10 pkts/1098 bytes <-> 8 pkts/1037 bytes][Goodput ratio: 39/48][0.02 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/130 355/393 92/110][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 33,0,0,0,33,0,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out b/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out index ca34f59f9..637c771dd 100644 --- a/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out +++ b/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) IPSec 1080 580682 24 +Safe 1080 580682 24 + 1 UDP 192.168.2.100:14500 <-> 109.237.187.227:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][133 pkts/90074 bytes <-> 158 pkts/61560 bytes][Goodput ratio: 94/89][< 1 sec][bytes ratio: 0.188 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 224588/183284 12245008/12245090 1295597/1170056][Pkt Len c2s/s2c min/avg/max/stddev: 122/82 677/390 1374/1374 512/393][PLAIN TEXT (@EmPAT)][Plen Bins: 0,0,14,14,24,0,7,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,7,0,0,5,0,0,0,7,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0] 2 UDP 192.168.2.100:14500 <-> 109.237.187.130:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][37 pkts/23230 bytes <-> 53 pkts/36862 bytes][Goodput ratio: 93/94][< 1 sec][bytes ratio: -0.227 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51181/32575 761601/761794 163164/132507][Pkt Len c2s/s2c min/avg/max/stddev: 138/122 628/696 1374/1374 489/539][PLAIN TEXT (H.P.RE)][Plen Bins: 0,0,6,13,20,0,6,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,20,0,0,0,0,0,0] 3 UDP 192.168.2.100:10500 <-> 109.237.187.227:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][54 pkts/44820 bytes <-> 53 pkts/11118 bytes][Goodput ratio: 95/80][< 1 sec][bytes ratio: 0.602 (Upload)][IAT c2s/s2c min/avg/max/stddev: 28/27 689892/698588 12245747/12245747 1998175/2019137][Pkt Len c2s/s2c min/avg/max/stddev: 818/94 830/210 842/330 12/118][PLAIN TEXT (rMpKau6)][Plen Bins: 0,25,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out index b5c760c4d..d55a4c1f0 100644 --- a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out +++ b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out @@ -26,6 +26,9 @@ Patricia protocols IPv6: 4/0 (search/found) Unknown 1 150 1 IPSec 1 166 1 +Safe 1 166 1 +Unrated 1 150 1 + 1 ESP [2a01:4c8:c014:144e:1:2:945b:6761]:0 -> [2a01:4c8:f000:f49::4]:0 [VLAN: 2][proto: GTP:79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/irc.pcap.out b/tests/cfgs/default/result/irc.pcap.out index 2eac2c07a..3d73ee343 100644 --- a/tests/cfgs/default/result/irc.pcap.out +++ b/tests/cfgs/default/result/irc.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) IRC 29 8945 1 +Unsafe 29 8945 1 + 1 TCP 10.180.156.249:45921 <-> 38.229.70.20:8000 [proto: 65/IRC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Chat/9][14 pkts/1046 bytes <-> 15 pkts/7899 bytes][Goodput ratio: 11/87][14.57 sec][bytes ratio: -0.766 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1314/1206 8864/8864 2852/2736][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/527 107/1514 14/611][Risk: ** Known Proto on Non Std Port **** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 160][Risk Info: Found IRC username (xxxxx)][PLAIN TEXT (USER xx)][Plen Bins: 13,41,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0] diff --git a/tests/cfgs/default/result/iso9506-1-mms.pcap.out b/tests/cfgs/default/result/iso9506-1-mms.pcap.out index 6037059a6..a596916f3 100644 --- a/tests/cfgs/default/result/iso9506-1-mms.pcap.out +++ b/tests/cfgs/default/result/iso9506-1-mms.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) ISO9506-1-MMS 22 1907 1 +Acceptable 22 1907 1 + 1 TCP 172.16.0.101:1345 <-> 172.16.202.5:102 [proto: 366/ISO9506-1-MMS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: IoT-Scada/31][11 pkts/1000 bytes <-> 11 pkts/907 bytes][Goodput ratio: 37/31][0.61 sec][bytes ratio: 0.049 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63/28 218/100 83/42][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 91/82 221/200 47/39][Plen Bins: 51,16,16,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out b/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out index e84fcbd99..2cd3457b3 100644 --- a/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out +++ b/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 11 5132 1 +Safe 11 5132 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out b/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out index 45e0997c7..13a817093 100644 --- a/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 27 6966 1 +Safe 27 6966 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/jabber.pcap.out b/tests/cfgs/default/result/jabber.pcap.out index ef923294d..7760d19da 100644 --- a/tests/cfgs/default/result/jabber.pcap.out +++ b/tests/cfgs/default/result/jabber.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Jabber 358 61304 12 +Acceptable 358 61304 12 + 1 TCP 172.16.0.62:57094 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13807 bytes][Goodput ratio: 49/80][2.17 sec][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 611/611 109/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 559/1514 104/415][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,24,9,13,4,6,9,0,2,2,2,0,0,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] 2 TCP 172.16.0.62:57122 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13806 bytes][Goodput ratio: 49/80][2.16 sec][bytes ratio: -0.415 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 521/520 99/101][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 677/1514 116/415][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,22,9,15,4,7,9,0,2,2,2,0,0,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] 3 TCP 172.16.0.62:57149 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][21 pkts/2752 bytes <-> 17 pkts/3414 bytes][Goodput ratio: 50/67][656.22 sec][bytes ratio: -0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35858/700 600484/4996 141164/1575][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/201 305/529 77/137][PLAIN TEXT (presence to)][Plen Bins: 0,18,0,22,18,9,18,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/jsonrpc.pcap.out b/tests/cfgs/default/result/jsonrpc.pcap.out index a1819a48a..0e42f3cf3 100644 --- a/tests/cfgs/default/result/jsonrpc.pcap.out +++ b/tests/cfgs/default/result/jsonrpc.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) JSON-RPC 16 2815 2 +Acceptable 16 2815 2 + 1 TCP 192.168.8.251:51084 <-> 179.99.210.200:80 [proto: 7.375/HTTP.JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: RPC/16][4 pkts/1322 bytes <-> 4 pkts/843 bytes][Goodput ratio: 81/73][< 1 sec][Hostname/SNI: mdotti.dyndns.org][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 34/34 102/101 48/48][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 330/211 1124/566 458/209][URL: mdotti.dyndns.org/zabbix/jsrpc.php?output=json-rpc][StatusCode: 200][Req Content-Type: application/json-rpc][Content-Type: application/json-rpc][Server: Apache/2.2.16 (Debian)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete Apache server 2.2.16][PLAIN TEXT (POST /zabbix/jsrpc.php)][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:36646 <-> 127.0.0.1:8080 [proto: 375/JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][4 pkts/378 bytes <-> 4 pkts/272 bytes][Goodput ratio: 28/0][0.01 sec][bytes ratio: 0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 3/0 10/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/68 172/74 45/3][PLAIN TEXT (sonrpc)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kafka.pcapng.out b/tests/cfgs/default/result/kafka.pcapng.out index 3bbc2ecf9..3721dec1d 100644 --- a/tests/cfgs/default/result/kafka.pcapng.out +++ b/tests/cfgs/default/result/kafka.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Kafka 19 2237 1 +Acceptable 19 2237 1 + 1 TCP 127.0.0.1:46136 <-> 127.0.0.1:9092 [proto: 377/Kafka][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][12 pkts/1107 bytes <-> 7 pkts/1130 bytes][Goodput ratio: 28/58][13.63 sec][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 800/288 6849/1049 2039/441][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 92/161 206/512 42/149][PLAIN TEXT (console)][Plen Bins: 12,38,12,12,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kerberos-error.pcap.out b/tests/cfgs/default/result/kerberos-error.pcap.out index b930cac11..9531bf7a6 100644 --- a/tests/cfgs/default/result/kerberos-error.pcap.out +++ b/tests/cfgs/default/result/kerberos-error.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Kerberos 2 481 1 +Acceptable 2 481 1 + 1 UDP 148.151.79.183:34473 <-> 144.199.10.233:88 [VLAN: 2008][proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/333 bytes <-> 1 pkts/148 bytes][Goodput ratio: 86/68][0.36 sec][linux.shell.com\mus-n-cj0709][PLAIN TEXT (LINUX.SHELL.COM)][Plen Bins: 0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kerberos-login.pcap.out b/tests/cfgs/default/result/kerberos-login.pcap.out index be6f16975..acb87b291 100644 --- a/tests/cfgs/default/result/kerberos-login.pcap.out +++ b/tests/cfgs/default/result/kerberos-login.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Kerberos 39 37272 13 +Acceptable 39 37272 13 + 1 TCP 192.168.10.12:44256 <-> 192.168.10.3:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Network/14][9 pkts/3720 bytes <-> 6 pkts/3520 bytes][Goodput ratio: 84/88][0.00 sec][testbed1.ca\ubuntu64a][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 413/587 1621/1620 646/731][PLAIN TEXT (TESTBED)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] 2 UDP 10.1.12.2:1074 <-> 10.5.3.1:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1275 bytes <-> 1 pkts/1279 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 3 UDP 10.1.12.2:1092 <-> 10.5.3.1:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1277 bytes <-> 1 pkts/1270 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kerberos.pcap.out b/tests/cfgs/default/result/kerberos.pcap.out index f826bdabe..78c9ff32b 100644 --- a/tests/cfgs/default/result/kerberos.pcap.out +++ b/tests/cfgs/default/result/kerberos.pcap.out @@ -30,6 +30,9 @@ SMBv23 6 1914 3 Kerberos 48 19194 24 LDAP 14 4152 7 +Acceptable 68 25260 34 +Unrated 9 3031 2 + 1 TCP 172.16.8.201:49171 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1486 bytes <-> 1 pkts/1506 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0] 2 TCP 172.16.8.201:49160 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0] 3 TCP 172.16.8.201:49176 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0] diff --git a/tests/cfgs/default/result/kerberos_fuzz.pcapng.out b/tests/cfgs/default/result/kerberos_fuzz.pcapng.out index 3d10e6dcc..3b836a2fd 100644 --- a/tests/cfgs/default/result/kerberos_fuzz.pcapng.out +++ b/tests/cfgs/default/result/kerberos_fuzz.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Kerberos 1 288 1 +Acceptable 1 288 1 + 1 TCP 126.4.1.0:88 -> 19.0.0.0:53646 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/288 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][r1i???ca???????]*??0p??????_???????ea?id;?????o\??????][PLAIN TEXT (/S.2T )][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kismet.pcap.out b/tests/cfgs/default/result/kismet.pcap.out index e5707531f..1d8134a43 100644 --- a/tests/cfgs/default/result/kismet.pcap.out +++ b/tests/cfgs/default/result/kismet.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Kismet 35 4871 1 +Acceptable 35 4871 1 + 1 TCP 127.0.0.1:34065 <-> 127.0.0.1:2501 [proto: 309/Kismet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][18 pkts/2029 bytes <-> 17 pkts/2842 bytes][Goodput ratio: 51/67][14.61 sec][bytes ratio: -0.167 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 399/399 857/870 1099/1099 407/366][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/167 1099/253 239/52][PLAIN TEXT (KISMET)][Plen Bins: 6,0,6,0,75,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kontiki.pcap.out b/tests/cfgs/default/result/kontiki.pcap.out index 11ad22ee7..ca1b4aaa0 100644 --- a/tests/cfgs/default/result/kontiki.pcap.out +++ b/tests/cfgs/default/result/kontiki.pcap.out @@ -27,6 +27,10 @@ Unknown 4 1696 2 Kontiki 44 35476 2 ICMP 7 494 4 +Acceptable 7 494 4 +Potentially Dangerous 44 35476 2 +Unrated 4 1696 2 + 1 UDP 10.25.32.59:19948 <-> 64.200.148.86:8888 [proto: 32/Kontiki][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][11 pkts/1069 bytes <-> 29 pkts/34159 bytes][Goodput ratio: 57/96][0.72 sec][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 94/3 212/29 93/7][Pkt Len c2s/s2c min/avg/max/stddev: 46/70 97/1178 259/1283 77/315][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (ZuetBitjw)][Plen Bins: 22,0,2,0,0,2,5,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0] 2 ICMP 10.25.32.3:0 -> 10.25.32.59:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][4.59 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.25.32.59:19948 -> 64.200.148.88:80 [proto: 32/Kontiki][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][4 pkts/248 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][4.59 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/line.pcap.out b/tests/cfgs/default/result/line.pcap.out index 7e70713a6..c75a462f3 100644 --- a/tests/cfgs/default/result/line.pcap.out +++ b/tests/cfgs/default/result/line.pcap.out @@ -26,6 +26,9 @@ TLS 72 11499 1 Line 37 9480 1 LineCall 181 42253 3 +Safe 72 11499 1 +Acceptable 218 51733 4 + JA3 Host Stats: IP Address # JA3C 1 10.200.3.125 1 diff --git a/tests/cfgs/default/result/linecall_falsepositve.pcap.out b/tests/cfgs/default/result/linecall_falsepositve.pcap.out index f4765aac6..614053973 100644 --- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out +++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 42 16442 1 +Unrated 42 16442 1 + Undetected flows: diff --git a/tests/cfgs/default/result/lisp_registration.pcap.out b/tests/cfgs/default/result/lisp_registration.pcap.out index 384120669..1d5a3d006 100644 --- a/tests/cfgs/default/result/lisp_registration.pcap.out +++ b/tests/cfgs/default/result/lisp_registration.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) LISP 30 5266 4 +Acceptable 30 5266 4 + 1 TCP 10.0.123.3:52995 <-> 10.0.123.1:4342 [proto: 236/LISP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Cloud/13][4 pkts/894 bytes <-> 3 pkts/715 bytes][Goodput ratio: 74/76][0.36 sec][bytes ratio: 0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 120/73 213/145 88/72][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 224/238 714/586 283/246][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.0.123.2:15373 <-> 10.0.123.1:4342 [proto: 236/LISP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Cloud/13][4 pkts/682 bytes <-> 3 pkts/635 bytes][Goodput ratio: 66/73][0.36 sec][bytes ratio: 0.036 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/2 118/74 208/146 87/72][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 170/212 502/506 191/208][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.0.123.3:4342 <-> 10.0.123.1:4342 [proto: 236/LISP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][4 pkts/636 bytes <-> 4 pkts/568 bytes][Goodput ratio: 73/70][0.01 sec][bytes ratio: 0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/5 0/2][Pkt Len c2s/s2c min/avg/max/stddev: 142/130 159/142 182/154 15/8][Plen Bins: 0,0,12,75,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out index 54f2a4890..14fe06a00 100644 --- a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out +++ b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out @@ -26,6 +26,9 @@ Unknown 356 25081 2 HTTP 34 6741 3 LDAP 32 2796 2 +Acceptable 66 9537 5 +Unrated 356 25081 2 + 1 TCP 172.16.238.10:48534 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][7 pkts/692 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 30/79][0.00 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 99/327 276/1420 72/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit **][Risk Score: 310][Risk Info: Found host 172.16.238.11 / Found mime exe java-vm / Suspicious Log4J][PLAIN TEXT (GET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] 2 TCP 172.16.238.10:48444 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/624 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 33/79][0.01 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/2 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 104/327 276/1420 77/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit **][Risk Score: 310][Risk Info: Found host 172.16.238.11 / Found mime exe java-vm / Suspicious Log4J][PLAIN TEXT (GGET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] 3 TCP 172.16.238.1:1984 <-> 172.16.238.10:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][5 pkts/994 bytes <-> 4 pkts/503 bytes][Goodput ratio: 65/44][19.29 sec][Hostname/SNI: 192.168.13.31][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/7 4822/6428 10256/10256 4838/4568][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 199/126 714/291 258/95][URL: 192.168.13.31:8080/log4shell/login][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: text/html][User-Agent: jndi:ldap://172.16.238.11:1389/a][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Possible Exploit **][Risk Score: 310][Risk Info: Found host 192.168.13.31 / Suspicious Log4J / Expected 172.16.238.10, found 192.168.13.31 / Expected on port 80][PLAIN TEXT (POST /log)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/long_tls_certificate.pcap.out b/tests/cfgs/default/result/long_tls_certificate.pcap.out index 0ff8edb23..2c5de9b85 100644 --- a/tests/cfgs/default/result/long_tls_certificate.pcap.out +++ b/tests/cfgs/default/result/long_tls_certificate.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Alibaba 47 14812 1 +Acceptable 47 14812 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.60 1 diff --git a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out index 9dfd81537..aa349fc5d 100644 --- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out @@ -28,6 +28,8 @@ WhatsAppCall 24 3996 3 STUN 30 3450 1 Cloudflare 9 8862 3 +Acceptable 88 20854 12 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/malformed_dns.pcap.out b/tests/cfgs/default/result/malformed_dns.pcap.out index 2981b9b3a..53b1c2a14 100644 --- a/tests/cfgs/default/result/malformed_dns.pcap.out +++ b/tests/cfgs/default/result/malformed_dns.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 6 5860 1 +Acceptable 6 5860 1 + 1 UDP 127.0.0.1:50435 <-> 127.0.0.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/140 bytes <-> 4 pkts/5720 bytes][Goodput ratio: 40/97][5.03 sec][Hostname/SNI: www.xt.com][66.66.66.66][bytes ratio: -0.952 (Download)][IAT c2s/s2c min/avg/max/stddev: 4999/13 4999/1670 4999/4983 0/2343][Pkt Len c2s/s2c min/avg/max/stddev: 70/1430 70/1430 70/1430 0/0][Risk: ** Malformed Packet **** Large DNS Packet (512+ bytes) **** Minor Issues **][Risk Score: 70][Risk Info: DNS Record with zero TTL / Invalid DNS Query Lenght / 1388 Bytes DNS Packet][PLAIN TEXT (AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0] diff --git a/tests/cfgs/default/result/malformed_icmp.pcap.out b/tests/cfgs/default/result/malformed_icmp.pcap.out index bb075b445..e86000b9f 100644 --- a/tests/cfgs/default/result/malformed_icmp.pcap.out +++ b/tests/cfgs/default/result/malformed_icmp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) ICMP 1 42 1 +Acceptable 1 42 1 + 1 ICMP 218.152.179.213:0 -> 218.152.179.54:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/42 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/malware.pcap.out b/tests/cfgs/default/result/malware.pcap.out index 4f2ebc703..aa3483581 100644 --- a/tests/cfgs/default/result/malware.pcap.out +++ b/tests/cfgs/default/result/malware.pcap.out @@ -31,6 +31,9 @@ HTTP 3 547 2 ICMP 1 98 1 TLS 843 577251 2 +Safe 843 577251 2 +Acceptable 6 861 4 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.20 1 diff --git a/tests/cfgs/default/result/memcached.cap.out b/tests/cfgs/default/result/memcached.cap.out index 899ae0326..0a1ef53d7 100644 --- a/tests/cfgs/default/result/memcached.cap.out +++ b/tests/cfgs/default/result/memcached.cap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Memcached 10 1711 1 +Acceptable 10 1711 1 + 1 TCP 127.0.0.1:59604 <-> 127.0.0.1:11211 [proto: 40/Memcached][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/411 bytes <-> 4 pkts/1300 bytes][Goodput ratio: 2/79][< 1 sec][bytes ratio: -0.520 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/325 74/1094 4/444][PLAIN TEXT (STAT pid 8837)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/merakicloud.pcapng.out b/tests/cfgs/default/result/merakicloud.pcapng.out index 02a884bca..f8db5bb26 100644 --- a/tests/cfgs/default/result/merakicloud.pcapng.out +++ b/tests/cfgs/default/result/merakicloud.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) MerakiCloud 44 6049 1 +Acceptable 44 6049 1 + 1 UDP 2.36.234.133:47301 <-> 209.206.59.34:7351 [proto: 66/MerakiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][22 pkts/3603 bytes <-> 22 pkts/2446 bytes][Goodput ratio: 74/62][400.21 sec][bytes ratio: 0.191 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 198/199 19165/19166 25000/25010 10520/10521][Pkt Len c2s/s2c min/avg/max/stddev: 154/88 164/111 197/190 18/43][Plen Bins: 0,38,0,38,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mgcp.pcap.out b/tests/cfgs/default/result/mgcp.pcap.out index d8e6d93ce..9814a4219 100644 --- a/tests/cfgs/default/result/mgcp.pcap.out +++ b/tests/cfgs/default/result/mgcp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) MGCP 23 2731 5 +Acceptable 23 2731 5 + 1 UDP 10.10.228.72:2427 <-> 10.10.244.2:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][6 pkts/1254 bytes <-> 6 pkts/418 bytes][Goodput ratio: 79/40][6.26 sec][Hostname/SNI: vg224][bytes ratio: 0.500 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 884/884 3523/3523 1524/1523][Pkt Len c2s/s2c min/avg/max/stddev: 60/57 209/70 846/104 285/19][PLAIN TEXT (RSIP 262662134 )][Plen Bins: 41,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 172.16.1.116:2427 <-> 172.16.1.119:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][4 pkts/370 bytes <-> 4 pkts/395 bytes][Goodput ratio: 54/57][80.75 sec][Hostname/SNI: gateway44.myplace.com][bytes ratio: -0.033 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/36 26914/26914 76721/76695 35257/35238][Pkt Len c2s/s2c min/avg/max/stddev: 61/98 92/99 103/101 18/1][PLAIN TEXT (RQNT 1 )][Plen Bins: 12,87,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 67.232.180.250:38238 -> 186.112.128.179:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Hostname/SNI: gateway44.myplace.com][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (RQNT 1 )][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mining.pcapng.out b/tests/cfgs/default/result/mining.pcapng.out index dfb1cbe83..6c1d26077 100644 --- a/tests/cfgs/default/result/mining.pcapng.out +++ b/tests/cfgs/default/result/mining.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Mining 673 219078 4 +Unsafe 673 219078 4 + 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes][Goodput ratio: 93/43][1091.42 sec][currency: ZCash][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7234/8131 71734/71815 15224/15291][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 900/117 1514/376 709/99][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (method)][Plen Bins: 28,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,29,0,0] 2 TCP 147.229.13.222:49307 <-> 185.71.66.39:9999 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Mining/99][112 pkts/10941 bytes <-> 97 pkts/20817 bytes][Goodput ratio: 45/74][295.93 sec][currency: Ethereum][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 2992/2893 9784/10017 3265/3384][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/215 259/297 57/112][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (worker)][Plen Bins: 0,1,28,0,12,0,0,58,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes][Goodput ratio: 53/53][1154.54 sec][currency: ZCash/Monero][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 15953/19141 60205/60205 20621/20751][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/143 326/369 91/88][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (method)][Plen Bins: 0,40,0,0,0,44,0,13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/modbus.pcap.out b/tests/cfgs/default/result/modbus.pcap.out index 20103cdb5..fcd275c43 100644 --- a/tests/cfgs/default/result/modbus.pcap.out +++ b/tests/cfgs/default/result/modbus.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Modbus 102 6681 1 +Acceptable 102 6681 1 + 1 TCP 192.168.110.131:2074 <-> 192.168.110.138:502 [proto: 44/Modbus][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][51 pkts/3366 bytes <-> 51 pkts/3315 bytes][Goodput ratio: 18/17][23.11 sec][bytes ratio: 0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 477/477 1073/1074 501/501][Pkt Len c2s/s2c min/avg/max/stddev: 66/65 66/65 66/65 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/monero.pcap.out b/tests/cfgs/default/result/monero.pcap.out index 416f87c8e..4d0c24e23 100644 --- a/tests/cfgs/default/result/monero.pcap.out +++ b/tests/cfgs/default/result/monero.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Monero 60 61276 4 +Acceptable 60 61276 4 + 1 TCP 192.168.2.100:48882 <-> 159.69.36.66:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][10 pkts/907 bytes <-> 5 pkts/14808 bytes][Goodput ratio: 32/98][0.05 sec][bytes ratio: -0.885 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/6 25/19 10/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91/2962 349/7314 86/2751][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75] 2 TCP 192.168.2.100:39378 <-> 78.56.22.89:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][7 pkts/709 bytes <-> 8 pkts/14970 bytes][Goodput ratio: 42/97][0.11 sec][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/9 54/50 26/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1871 349/2958 101/1201][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,57] 3 TCP 192.168.2.100:38004 <-> 100.42.27.58:18085 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][5 pkts/577 bytes <-> 10 pkts/15078 bytes][Goodput ratio: 51/96][0.23 sec][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/14 115/110 53/36][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/1508 349/2958 117/915][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,22] diff --git a/tests/cfgs/default/result/mongo_false_positive.pcapng.out b/tests/cfgs/default/result/mongo_false_positive.pcapng.out index a8b9a0590..698daa891 100644 --- a/tests/cfgs/default/result/mongo_false_positive.pcapng.out +++ b/tests/cfgs/default/result/mongo_false_positive.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 26 12163 1 +Safe 26 12163 1 + 1 TCP 188.75.184.20:49542 <-> 251.182.120.32:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 14][cat: Web/5][13 pkts/9962 bytes <-> 13 pkts/2201 bytes][Goodput ratio: 93/67][84.45 sec][bytes ratio: 0.638 (Upload)][IAT c2s/s2c min/avg/max/stddev: 186/186 7406/5844 21467/15787 7157/5701][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 766/169 1328/189 433/46][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,0,0,51,0,0,0,0,9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,9,9,0,0,0,4,0,0,4,0,4,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mongodb.pcap.out b/tests/cfgs/default/result/mongodb.pcap.out index 08bec4098..42a4680f6 100644 --- a/tests/cfgs/default/result/mongodb.pcap.out +++ b/tests/cfgs/default/result/mongodb.pcap.out @@ -28,6 +28,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 3 230 1 MongoDB 24 2510 7 +Acceptable 24 2510 7 +Unrated 3 230 1 + 1 TCP 10.10.10.16:51358 <-> 10.10.10.17:27017 [VLAN: 100][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][3 pkts/491 bytes <-> 1 pkts/78 bytes][Goodput ratio: 55/0][0.00 sec][PLAIN TEXT (admin.)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.10.10.10:51822 <-> 10.10.10.11:27017 [VLAN: 300][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][3 pkts/469 bytes <-> 1 pkts/78 bytes][Goodput ratio: 53/0][0.34 sec][PLAIN TEXT (admin.)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.10.10.18:64566 <-> 10.10.10.19:30000 [VLAN: 300][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][3 pkts/295 bytes <-> 1 pkts/78 bytes][Goodput ratio: 25/0][0.10 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (InactiveUserIdentity.)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mpeg-dash.pcap.out b/tests/cfgs/default/result/mpeg-dash.pcap.out index 39791d82b..b07833f0e 100644 --- a/tests/cfgs/default/result/mpeg-dash.pcap.out +++ b/tests/cfgs/default/result/mpeg-dash.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) MpegDash 13 4669 4 +Fun 13 4669 4 + 1 TCP 10.84.1.81:60926 <-> 166.248.152.10:80 [proto: 7.291/HTTP.MpegDash][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][2 pkts/456 bytes <-> 2 pkts/1520 bytes][Goodput ratio: 72/92][0.30 sec][Hostname/SNI: gdl.news-cdn.site][URL: gdl.news-cdn.site/as/bigo-ad-creatives/3s3/2lOTA7.mp4][StatusCode: 200][Content-Type: video/mp4][Server: openresty][User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A715F Build/RP1A.200720.012; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/89.0.4389.105 Mobile Safari/537.36][PLAIN TEXT (GET /as/bigo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] 2 TCP 54.161.101.85:80 <-> 192.168.2.105:59144 [proto: 7.291/HTTP.MpegDash][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][2 pkts/1649 bytes <-> 2 pkts/323 bytes][Goodput ratio: 92/59][0.01 sec][Hostname/SNI: livesim.dashif.org][URL: livesim.dashif.org/livesim/sts_1652783809/sid_40c11e12/chunkdur_1/ato_7/testpic4_8s/V2400/206598098.m4s][User-Agent: VLC/3.0.16 LibVLC/3.0.16][PLAIN TEXT (OHTTP/1.1 200 OK)][Plen Bins: 0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] 3 TCP 192.168.2.105:59142 <-> 54.161.101.85:80 [proto: 7.291/HTTP.MpegDash][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][3 pkts/390 bytes <-> 1 pkts/74 bytes][Goodput ratio: 47/0][0.10 sec][Hostname/SNI: livesim.dashif.org][URL: livesim.dashif.org/livesim/sts_1652783809/sid_40c11e12/chunkdur_1/ato_7/testpic4_8s/A48/init.mp4][User-Agent: VLC/3.0.16 LibVLC/3.0.16][PLAIN TEXT (IGET /livesim/sts)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mpeg.pcap.out b/tests/cfgs/default/result/mpeg.pcap.out index ee30c830d..a22b0c3c7 100644 --- a/tests/cfgs/default/result/mpeg.pcap.out +++ b/tests/cfgs/default/result/mpeg.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 19 10643 1 +Safe 19 10643 1 + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Goodput ratio: 20/93][0.18 sec][Hostname/SNI: luca.ntop.org][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/6 77/41 28/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/68 84/989 214/1502 46/649][URL: luca.ntop.org/0.mp3][StatusCode: 200][Content-Type: audio/mpeg][Server: Apache/2.4.7 (Ubuntu)][User-Agent: Wget/1.16.3 (darwin14.1.0)][PLAIN TEXT (GET /0.mp)][Plen Bins: 0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0] diff --git a/tests/cfgs/default/result/mpegts.pcap.out b/tests/cfgs/default/result/mpegts.pcap.out index 3eeac914e..fee47d4b2 100644 --- a/tests/cfgs/default/result/mpegts.pcap.out +++ b/tests/cfgs/default/result/mpegts.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) MPEG_TS 1 1362 1 +Fun 1 1362 1 + 1 UDP 10.1.16.48:40737 -> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/1362 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mqtt.pcap.out b/tests/cfgs/default/result/mqtt.pcap.out index d11fd4798..789493268 100644 --- a/tests/cfgs/default/result/mqtt.pcap.out +++ b/tests/cfgs/default/result/mqtt.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) MQTT 9 1481 2 +Acceptable 9 1481 2 + 1 TCP 10.10.10.1:1883 <-> 192.168.0.1:41892 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RPC/16][4 pkts/370 bytes <-> 4 pkts/756 bytes][Goodput ratio: 26/65][1.69 sec][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 79/80 261/561 618/1000 253/377][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 92/189 155/458 36/157][PLAIN TEXT (bbbbbaaaaab)][Plen Bins: 42,14,28,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 100.67.35.238:35035 -> 51.137.28.239:1883 [VLAN: 1008][proto: 222/MQTT][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Jiotazewpmlithub.azure)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mssql_tds.pcap.out b/tests/cfgs/default/result/mssql_tds.pcap.out index a565af419..c8979698f 100644 --- a/tests/cfgs/default/result/mssql_tds.pcap.out +++ b/tests/cfgs/default/result/mssql_tds.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) MsSQL-TDS 38 16260 12 +Acceptable 38 16260 12 + 1 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 7][cat: Database/11][7 pkts/8717 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 393/0 1245/0 1514/0 436/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 2 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Database/11][10 pkts/1552 bytes <-> 7 pkts/1521 bytes][Goodput ratio: 64/75][7.22 sec][bytes ratio: 0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 31/28 867/1024 1890/2071 763/864][Pkt Len c2s/s2c min/avg/max/stddev: 60/88 155/217 307/492 90/169][PLAIN TEXT (first )][Plen Bins: 0,42,7,14,0,7,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Database/11][2 pkts/614 bytes <-> 2 pkts/524 bytes][Goodput ratio: 78/75][0.14 sec][Plen Bins: 0,25,0,0,0,25,0,0,0,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mullvad_dns.pcap.out b/tests/cfgs/default/result/mullvad_dns.pcap.out index ade85722d..65329b110 100644 --- a/tests/cfgs/default/result/mullvad_dns.pcap.out +++ b/tests/cfgs/default/result/mullvad_dns.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Mullvad 2 214 1 +Acceptable 2 214 1 + 1 UDP 192.168.122.11:51696 <-> 9.9.9.9:53 [proto: 5.348/DNS.Mullvad][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/98 bytes <-> 1 pkts/116 bytes][Goodput ratio: 57/63][0.05 sec][Hostname/SNI: www.mullvad.net][45.83.223.209][PLAIN TEXT (mullvad)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mullvad_wireguard.pcap.out b/tests/cfgs/default/result/mullvad_wireguard.pcap.out index a0c740bb7..4ecd5079c 100644 --- a/tests/cfgs/default/result/mullvad_wireguard.pcap.out +++ b/tests/cfgs/default/result/mullvad_wireguard.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) WireGuard 10 1924 1 +Acceptable 10 1924 1 + 1 UDP 192.168.122.11:22595 <-> 198.54.131.98:5060 [proto: 206/WireGuard][IP: 348/Mullvad][Encrypted][Confidence: DPI][DPI packets: 3][cat: VPN/2][6 pkts/828 bytes <-> 4 pkts/1096 bytes][Goodput ratio: 69/85][0.97 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/234 193/239 470/248 177/6][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 138/274 202/714 29/254][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 51820][Plen Bins: 0,0,60,20,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/munin.pcap.out b/tests/cfgs/default/result/munin.pcap.out index e709d1aa9..9396866ba 100644 --- a/tests/cfgs/default/result/munin.pcap.out +++ b/tests/cfgs/default/result/munin.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Munin 60 5422 4 +Acceptable 60 5422 4 + 1 TCP 172.16.16.108:59958 <-> 172.16.17.1:4949 [proto: 329/Munin][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/592 bytes <-> 7 pkts/835 bytes][Goodput ratio: 9/44][0.22 sec][Hostname/SNI: gw-ct][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/24 30/35 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/119 93/349 10/95][PLAIN TEXT ( munin node at gw)][Plen Bins: 75,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.16.108:55256 <-> 172.16.17.102:4949 [proto: 329/Munin][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/602 bytes <-> 7 pkts/737 bytes][Goodput ratio: 11/36][0.23 sec][Hostname/SNI: elastic-node02][bytes ratio: -0.101 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/27 34/47 14/15][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/105 93/251 10/61][PLAIN TEXT ( munin node at elastic)][Plen Bins: 87,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.16.16.108:45654 <-> 172.16.17.103:4949 [proto: 329/Munin][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/596 bytes <-> 7 pkts/732 bytes][Goodput ratio: 10/36][0.25 sec][Hostname/SNI: kibana-node01][bytes ratio: -0.102 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/29 42/50 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/105 93/251 10/61][PLAIN TEXT ( munin node at kibana)][Plen Bins: 87,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mysql-8.pcap.out b/tests/cfgs/default/result/mysql-8.pcap.out index dc69dbd0b..0d47e05f1 100644 --- a/tests/cfgs/default/result/mysql-8.pcap.out +++ b/tests/cfgs/default/result/mysql-8.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) MySQL 35 6224 2 +Acceptable 35 6224 2 + 1 TCP 192.168.20.80:47044 <-> 192.168.20.108:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][15 pkts/1806 bytes <-> 16 pkts/4051 bytes][Goodput ratio: 45/74][2.86 sec][bytes ratio: -0.383 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/238 2778/2821 797/779][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/253 359/2251 88/522][PLAIN TEXT (8.0.32)][Plen Bins: 7,28,21,7,0,0,0,21,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] 2 TCP 192.168.1.105:8738 <-> 10.42.18.198:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][2 pkts/140 bytes <-> 2 pkts/227 bytes][Goodput ratio: 0/38][0.00 sec][PLAIN TEXT (DDDDDD)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/natpmp.pcap.out b/tests/cfgs/default/result/natpmp.pcap.out index 78aa4139c..0808f1648 100644 --- a/tests/cfgs/default/result/natpmp.pcap.out +++ b/tests/cfgs/default/result/natpmp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) NAT-PMP 11 586 4 +Acceptable 11 586 4 + 1 UDP 192.168.1.128:36852 <-> 192.168.1.254:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][2 pkts/98 bytes <-> 2 pkts/120 bytes][Goodput ratio: 14/23][8.37 sec][Result: 0][Internal Port: 51413][External Port: 51413][External Address: 10.201.213.174][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:35763 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Result: 0][Internal Port: 22000][External Port: 20216][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:59817 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/108 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][0.25 sec][Result: 0][Internal Port: 22000][External Port: 6243][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nats.pcap.out b/tests/cfgs/default/result/nats.pcap.out index b525e4c2d..b465602b0 100644 --- a/tests/cfgs/default/result/nats.pcap.out +++ b/tests/cfgs/default/result/nats.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) Nats 27 2460 2 +Acceptable 27 2460 2 + 1 TCP 127.0.0.1:54821 <-> 127.0.0.1:4222 [proto: 68/Nats][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: RPC/16][7 pkts/545 bytes <-> 7 pkts/725 bytes][Goodput ratio: 26/44][2.20 sec][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 78/104 191/365 46/107][PLAIN TEXT (rINFO )][Plen Bins: 60,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:54820 <-> 127.0.0.1:4222 [proto: 68/Nats][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: RPC/16][7 pkts/527 bytes <-> 6 pkts/663 bytes][Goodput ratio: 26/47][0.01 sec][bytes ratio: -0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 7/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 44/56 75/110 191/365 48/114][PLAIN TEXT (bINFO )][Plen Bins: 33,0,0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out b/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out index 416831a0b..fde7af840 100644 --- a/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out +++ b/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SOAP 13 2935 1 +Acceptable 13 2935 1 + 1 TCP 10.3.9.19:40632 <-> 10.68.137.118:8091 [proto: 7.253/HTTP.SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: RPC/16][7 pkts/1546 bytes <-> 6 pkts/1389 bytes][Goodput ratio: 73/76][3438.13 sec][Hostname/SNI: 10.68.137.118][bytes ratio: 0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/29 687620/24940 3382709/49851 1347715/24911][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 221/232 1180/739 392/263][URL: 10.68.137.118:8091/Apcn/ApcRemoteService][StatusCode: 200][User-Agent: Jakarta Commons-HttpClient/3.0.1][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.68.137.118][PLAIN TEXT (POST /Apcn/ApcRemoteService HTT)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nest_log_sink.pcap.out b/tests/cfgs/default/result/nest_log_sink.pcap.out index 77984a2f4..daae29250 100644 --- a/tests/cfgs/default/result/nest_log_sink.pcap.out +++ b/tests/cfgs/default/result/nest_log_sink.pcap.out @@ -28,6 +28,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 15 1612 1 NestLogSink 759 116848 13 +Acceptable 774 118460 14 + 1 TCP 192.168.242.15:63342 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 8][cat: Cloud/13][37 pkts/14650 bytes <-> 35 pkts/4115 bytes][Goodput ratio: 86/54][4.71 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 142/150 1347/1490 251/290][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 396/118 585/733 192/108][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,1,1,0,0,0,0,0,0,0,0,0,0,45,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.242.15:63345 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 8][cat: Cloud/13][36 pkts/14613 bytes <-> 35 pkts/4114 bytes][Goodput ratio: 86/54][4.14 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 11/0 132/134 1166/1477 229/290][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 406/118 584/732 185/107][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,1,0,1,0,0,0,0,0,0,0,0,0,45,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.242.15:63351 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 8][cat: Cloud/13][25 pkts/9229 bytes <-> 24 pkts/2916 bytes][Goodput ratio: 85/55][3.56 sec][bytes ratio: 0.520 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/0 164/174 1319/1484 293/350][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 369/122 584/733 204/130][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,2,0,0,0,0,0,0,0,0,2,0,0,41,0,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/netbios.pcap.out b/tests/cfgs/default/result/netbios.pcap.out index 6a9d29fc4..5e5d384b2 100644 --- a/tests/cfgs/default/result/netbios.pcap.out +++ b/tests/cfgs/default/result/netbios.pcap.out @@ -28,6 +28,9 @@ Patricia protocols IPv6: 0/0 (search/found) NetBIOS 258 24196 13 SMBv1 2 486 2 +Acceptable 258 24196 13 +Dangerous 2 486 2 + 1 UDP 10.0.4.131:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][181 pkts/16652 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][59.62 sec][Hostname/SNI: xstream_hy][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 10/0 328/0 929/0 225/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FIFDFEFCEFEBENFPEIFJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.0.5.233:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][59 pkts/5428 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][57.96 sec][Hostname/SNI: ozi][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 749/0 1008/0 1515/0 361/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EPFKEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.0.5.233:137 <-> 10.0.4.24:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/184 bytes <-> 2 pkts/434 bytes][Goodput ratio: 54/80][10.00 sec][Hostname/SNI: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/netbios_wildcard_dns_query.pcap.out b/tests/cfgs/default/result/netbios_wildcard_dns_query.pcap.out index d6368a6e9..79674dcda 100644 --- a/tests/cfgs/default/result/netbios_wildcard_dns_query.pcap.out +++ b/tests/cfgs/default/result/netbios_wildcard_dns_query.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 1 92 1 +Acceptable 1 92 1 + 1 UDP 10.1.67.250:41335 -> 10.1.66.20:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/netflix.pcap.out b/tests/cfgs/default/result/netflix.pcap.out index 30be79495..602b4d420 100644 --- a/tests/cfgs/default/result/netflix.pcap.out +++ b/tests/cfgs/default/result/netflix.pcap.out @@ -33,6 +33,10 @@ IGMP 1 60 1 TLS 2 126 1 NetFlix 956 508247 38 +Safe 2 126 1 +Acceptable 835 498043 22 +Fun 956 508247 38 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.7 4 diff --git a/tests/cfgs/default/result/netflow-fritz.pcap.out b/tests/cfgs/default/result/netflow-fritz.pcap.out index 7af28b971..535e91665 100644 --- a/tests/cfgs/default/result/netflow-fritz.pcap.out +++ b/tests/cfgs/default/result/netflow-fritz.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NetFlow 1 222 1 +Acceptable 1 222 1 + 1 UDP 192.168.0.1:23384 -> 192.168.1.1:2055 [proto: 128/NetFlow][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/netflowv9.pcap.out b/tests/cfgs/default/result/netflowv9.pcap.out index 4b5a4eb3e..9662e8cd6 100644 --- a/tests/cfgs/default/result/netflowv9.pcap.out +++ b/tests/cfgs/default/result/netflowv9.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NetFlow 10 13888 1 +Acceptable 10 13888 1 + 1 UDP 192.168.2.134:48629 -> 192.168.2.222:2057 [proto: 128/NetFlow][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/13888 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 1362/0 1389/0 1418/0 23/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,30,20,0,0,0,0] diff --git a/tests/cfgs/default/result/nfsv2.pcap.out b/tests/cfgs/default/result/nfsv2.pcap.out index 8e575ceea..b292b208b 100644 --- a/tests/cfgs/default/result/nfsv2.pcap.out +++ b/tests/cfgs/default/result/nfsv2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) NFS 156 23144 7 +Acceptable 156 23144 7 + 1 UDP 139.25.22.2:1023 <-> 139.25.22.102:2049 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][72 pkts/12640 bytes <-> 72 pkts/9284 bytes][Goodput ratio: 76/67][0.35 sec][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 40/40 7/7][Pkt Len c2s/s2c min/avg/max/stddev: 166/70 176/129 214/198 12/42][PLAIN TEXT (werrmsche)][Plen Bins: 13,2,0,30,49,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 139.25.22.2:671 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/102 bytes][Goodput ratio: 73/58][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 139.25.22.2:686 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/66 bytes][Goodput ratio: 73/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nfsv3.pcap.out b/tests/cfgs/default/result/nfsv3.pcap.out index 63019f15d..2f3473bfc 100644 --- a/tests/cfgs/default/result/nfsv3.pcap.out +++ b/tests/cfgs/default/result/nfsv3.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) NFS 128 22816 8 +Acceptable 128 22816 8 + 1 UDP 139.25.22.2:1022 <-> 139.25.22.102:2049 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][57 pkts/10398 bytes <-> 57 pkts/11038 bytes][Goodput ratio: 77/78][0.29 sec][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 50/50 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 170/74 182/194 226/342 15/82][PLAIN TEXT (werrmsche)][Plen Bins: 0,10,0,11,52,10,0,12,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 139.25.22.2:706 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/114 bytes][Goodput ratio: 73/63][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 139.25.22.2:722 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/66 bytes][Goodput ratio: 73/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index 94124e42a..28bff4e4f 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -32,6 +32,10 @@ TLS 56 8595 2 Nintendo 890 320242 12 AmazonAWS 20 2216 5 +Safe 56 8595 2 +Acceptable 50 4316 7 +Fun 890 320242 12 + JA3 Host Stats: IP Address # JA3C 1 192.168.12.114 1 diff --git a/tests/cfgs/default/result/nntp.pcap.out b/tests/cfgs/default/result/nntp.pcap.out index f2e22f1fe..5162e62af 100644 --- a/tests/cfgs/default/result/nntp.pcap.out +++ b/tests/cfgs/default/result/nntp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Usenet 32 7037 1 +Acceptable 32 7037 1 + 1 TCP 192.168.190.20:55630 <-> 192.168.190.5:119 [proto: 93/Usenet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][19 pkts/1363 bytes <-> 13 pkts/5674 bytes][Goodput ratio: 8/85][67.36 sec][bytes ratio: -0.613 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2775/4125 19518/19565 5508/6659][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 72/436 97/1514 10/556][PLAIN TEXT (200 Leafnode NNTP Daemon)][Plen Bins: 48,17,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,11,0,0] diff --git a/tests/cfgs/default/result/no_sni.pcap.out b/tests/cfgs/default/result/no_sni.pcap.out index ef827a8b7..f5bb8de3a 100644 --- a/tests/cfgs/default/result/no_sni.pcap.out +++ b/tests/cfgs/default/result/no_sni.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 174 50253 7 DoH_DoT 268 31882 1 +Safe 174 50253 7 +Acceptable 268 31882 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.119 4 diff --git a/tests/cfgs/default/result/nomachine.pcapng.out b/tests/cfgs/default/result/nomachine.pcapng.out index 65e690a75..3e40cf42e 100644 --- a/tests/cfgs/default/result/nomachine.pcapng.out +++ b/tests/cfgs/default/result/nomachine.pcapng.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) NoMachine 73 7085 2 +Acceptable 73 7085 2 + 1 TCP 192.168.88.231:48084 <-> 192.168.88.208:4000 [proto: 378/NoMachine][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][25 pkts/1903 bytes <-> 24 pkts/3906 bytes][Goodput ratio: 28/66][10.47 sec][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 442/486 7610/7654 1659/1752][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 76/163 184/1295 42/246][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found NoMachine][PLAIN TEXT (NoMachine)][Plen Bins: 14,45,11,18,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.88.231:56019 <-> 192.168.88.208:4000 [proto: 378/NoMachine][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: RemoteAccess/12][11 pkts/584 bytes <-> 13 pkts/692 bytes][Goodput ratio: 21/21][0.49 sec][bytes ratio: -0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 20/3 38/38 166/133 48/33][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 53/53 60/64 2/3][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: No server to client traffic / Found NoMachine][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ocs.pcap.out b/tests/cfgs/default/result/ocs.pcap.out index fc7874615..5c3336134 100644 --- a/tests/cfgs/default/result/ocs.pcap.out +++ b/tests/cfgs/default/result/ocs.pcap.out @@ -35,6 +35,10 @@ GoogleServices 13 2277 2 Crashlytics 21 2785 2 Azure 6 360 1 +Safe 26 3128 3 +Acceptable 57 6705 10 +Fun 863 57552 7 + JA3 Host Stats: IP Address # JA3C 1 192.168.180.2 4 diff --git a/tests/cfgs/default/result/ocsp.pcapng.out b/tests/cfgs/default/result/ocsp.pcapng.out index fd2b3dd41..e51d92563 100644 --- a/tests/cfgs/default/result/ocsp.pcapng.out +++ b/tests/cfgs/default/result/ocsp.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) OCSP 344 73647 10 +Safe 344 73647 10 + 1 TCP 192.168.1.128:49034 <-> 23.12.96.145:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][24 pkts/3999 bytes <-> 22 pkts/8476 bytes][Goodput ratio: 29/69][117.30 sec][Hostname/SNI: ocsp.entrust.net][bytes ratio: -0.359 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5094/5187 10241/10241 4906/5058][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 167/385 505/1566 128/500][URL: ocsp.entrust.net/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][PLAIN TEXT (BHPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] 2 TCP 192.168.1.227:49813 <-> 109.70.240.130:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/2245 bytes <-> 13 pkts/8626 bytes][Goodput ratio: 51/84][65.14 sec][Hostname/SNI: ocsp07.actalis.it][bytes ratio: -0.587 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 28/36 10/15][Pkt Len c2s/s2c min/avg/max/stddev: 112/112 224/664 491/1566 171/540][URL: ocsp07.actalis.it/VA/AUTH-ROOT/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D][StatusCode: 200][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Microsoft-CryptoAPI/10.0][PLAIN TEXT (GET /VA/AUTH)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,41,8,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 3 TCP 192.168.1.128:47904 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][27 pkts/4355 bytes <-> 23 pkts/5119 bytes][Goodput ratio: 27/47][166.99 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 6194/7858 10240/10240 4838/4216][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 161/223 505/917 122/269][URL: ocsp.digicert.com/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CEA)][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/oicq.pcap.out b/tests/cfgs/default/result/oicq.pcap.out index b8c0d15c6..8807f259f 100644 --- a/tests/cfgs/default/result/oicq.pcap.out +++ b/tests/cfgs/default/result/oicq.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) OICQ 29 2542 29 +Acceptable 29 2542 29 + 1 UDP 90.147.69.210:54233 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 90.147.69.210:59802 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 90.147.69.210:60434 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ookla.pcap.out b/tests/cfgs/default/result/ookla.pcap.out index c8fb71688..8a96a611e 100644 --- a/tests/cfgs/default/result/ookla.pcap.out +++ b/tests/cfgs/default/result/ookla.pcap.out @@ -27,6 +27,8 @@ Patricia protocols IPv6: 0/0 (search/found) Ookla 113 38411 6 +Safe 113 38411 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 2 diff --git a/tests/cfgs/default/result/opc-ua.pcap.out b/tests/cfgs/default/result/opc-ua.pcap.out index fd3f4334b..93c2c7e93 100644 --- a/tests/cfgs/default/result/opc-ua.pcap.out +++ b/tests/cfgs/default/result/opc-ua.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OPC-UA 381 45578 1 +Acceptable 381 45578 1 + 1 TCP 127.0.0.1:57420 <-> 127.0.0.1:4840 [proto: 360/OPC-UA][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: IoT-Scada/31][191 pkts/23255 bytes <-> 190 pkts/22323 bytes][Goodput ratio: 54/52][0.01 sec][bytes ratio: 0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 122/117 222/664 68/84][PLAIN TEXT (opc.tcp)][Plen Bins: 0,0,26,23,45,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openflow.pcap.out b/tests/cfgs/default/result/openflow.pcap.out index 069bdec09..701350c93 100644 --- a/tests/cfgs/default/result/openflow.pcap.out +++ b/tests/cfgs/default/result/openflow.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OpenFlow 21 1826 1 +Acceptable 21 1826 1 + 1 TCP 107.110.12.153:49234 <-> 107.110.12.153:6653 [proto: 374/OpenFlow][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][11 pkts/1066 bytes <-> 10 pkts/760 bytes][Goodput ratio: 31/12][0.06 sec][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/8 31/31 10/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/76 298/94 65/10][Plen Bins: 72,18,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out index a5ed315f9..26ecb5332 100644 --- a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out +++ b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 2/0 (search/found) OpenVPN 13 5354 1 +Acceptable 13 5354 1 + 1 UDP [::1]:56256 <-> [::1]:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: VPN/2][7 pkts/3253 bytes <-> 6 pkts/2101 bytes][Goodput ratio: 89/85][0.02 sec][bytes ratio: 0.215 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 11/9 4/4][Pkt Len c2s/s2c min/avg/max/stddev: 114/114 465/350 1228/1033 382/314][Plen Bins: 0,31,7,0,0,0,7,15,0,0,0,7,0,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index 64ea86fe5..b06e1cc20 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) OpenVPN 660 121492 8 +Acceptable 660 121492 8 + 1 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 3][cat: VPN/2][62 pkts/11508 bytes <-> 58 pkts/16664 bytes][Goodput ratio: 77/85][19.24 sec][bytes ratio: -0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/106 3994/2456 764/365][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 186/287 1214/1287 193/325][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (160727093158Z)][Plen Bins: 0,33,19,9,29,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0] 2 TCP 10.181.235.122:39772 <-> 10.251.71.30:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VPN/2][100 pkts/13594 bytes <-> 95 pkts/13987 bytes][Goodput ratio: 51/55][32.02 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 245/317 3842/9253 675/1172][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/147 472/542 78/90][PLAIN TEXT (121031022835Z)][Plen Bins: 35,13,1,39,1,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 3.111.166.78:51146 <-> 85.134.13.165:1194 [proto: 159/OpenVPN][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: VPN/2][51 pkts/7057 bytes <-> 49 pkts/8409 bytes][Goodput ratio: 70/76][17.72 sec][bytes ratio: -0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 343/338 4127/4124 897/934][Pkt Len c2s/s2c min/avg/max/stddev: 60/64 138/172 168/1242 35/312][PLAIN TEXT (New York1)][Plen Bins: 48,4,1,40,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out index b9fbc34b7..89dd68112 100644 --- a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out +++ b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OpenVPN 944 303931 1 +Acceptable 944 303931 1 + 1 UDP 3.111.166.78:51146 <-> 85.134.13.165:1194 [proto: 159/OpenVPN][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: VPN/2][594 pkts/138399 bytes <-> 350 pkts/165532 bytes][Goodput ratio: 82/91][73.25 sec][bytes ratio: -0.089 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 101/181 5093/5107 502/713][Pkt Len c2s/s2c min/avg/max/stddev: 60/64 233/473 1490/1487 273/526][PLAIN TEXT (New York1)][Plen Bins: 18,1,1,72,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out b/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out index 75a450a7f..0767f5fdc 100644 --- a/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out +++ b/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OpenVPN 195 27581 1 +Acceptable 195 27581 1 + 1 TCP 10.181.235.122:39772 <-> 10.251.71.30:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VPN/2][100 pkts/13594 bytes <-> 95 pkts/13987 bytes][Goodput ratio: 51/55][32.02 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 245/317 3842/9253 675/1172][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/147 472/542 78/90][PLAIN TEXT (121031022835Z)][Plen Bins: 35,13,1,39,1,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/opera-vpn.pcapng.out b/tests/cfgs/default/result/opera-vpn.pcapng.out index 9a206c750..8d3503bc6 100644 --- a/tests/cfgs/default/result/opera-vpn.pcapng.out +++ b/tests/cfgs/default/result/opera-vpn.pcapng.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 3 206 1 OperaVPN 3197 1398676 61 +Safe 3 206 1 +Acceptable 3197 1398676 61 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.29 61 diff --git a/tests/cfgs/default/result/oracle12.pcapng.out b/tests/cfgs/default/result/oracle12.pcapng.out index 1e4d8fa84..1530a4928 100644 --- a/tests/cfgs/default/result/oracle12.pcapng.out +++ b/tests/cfgs/default/result/oracle12.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) Oracle 20 2518 1 +Acceptable 20 2518 1 + 1 TCP 10.0.2.15:40226 <-> 10.0.72.139:1521 [proto: 167/Oracle][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 20][cat: Database/11][9 pkts/1447 bytes <-> 11 pkts/1071 bytes][Goodput ratio: 65/41][0.03 sec][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/3 20/19 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/97 287/293 93/71][PLAIN TEXT (DESCRIPTION)][Plen Bins: 18,18,9,9,0,9,18,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/os_detected.pcapng.out b/tests/cfgs/default/result/os_detected.pcapng.out index bfa8038b8..04b731c08 100644 --- a/tests/cfgs/default/result/os_detected.pcapng.out +++ b/tests/cfgs/default/result/os_detected.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 1 1294 1 +Acceptable 1 1294 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/ospfv2_add_new_prefix.pcap.out b/tests/cfgs/default/result/ospfv2_add_new_prefix.pcap.out index 2043faa7d..5b191642e 100644 --- a/tests/cfgs/default/result/ospfv2_add_new_prefix.pcap.out +++ b/tests/cfgs/default/result/ospfv2_add_new_prefix.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OSPF 2 200 1 +Acceptable 2 200 1 + 1 OSPF 10.1.10.10:0 <-> 10.1.10.1:0 [proto: 85/OSPF][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/122 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][2.51 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out index 03daaf697..a0cc4a2cf 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out @@ -29,6 +29,10 @@ HalfLife2 2 96 1 Starcraft 4 200 4 Protobuf 8 2487 1 +Safe 8 2487 1 +Fun 9 505 7 +Potentially Dangerous 4 333 2 + 1 UDP 127.0.0.1:1119 -> 127.0.0.1:1120 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/2487 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][204.53 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8008/0 29219/0 105424/0 32476/0][Pkt Len c2s/s2c min/avg/max/stddev: 48/0 311/0 576/0 250/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 37,0,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.128:1 -> 1.2.3.4:10 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: TCP NULL scan / No server to client traffic][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.128:1 -> 1.2.3.4:11 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][293.20 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: TCP NULL scan / No server to client traffic][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out index cebcf2a79..1945022ba 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out @@ -30,6 +30,8 @@ Usenet 12 1099 2 TeamViewer 59 31448 1 WireGuard 4 592 2 +Acceptable 85 33828 6 + 1 TCP 192.168.0.1:8787 <-> 10.10.10.1:32177 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: RemoteAccess/12][25 pkts/14755 bytes <-> 34 pkts/16693 bytes][Goodput ratio: 90/89][2.12 sec][bytes ratio: -0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/59 277/257 105/90][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 590/491 1514/1514 585/593][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (XDsiBZ)][Plen Bins: 0,19,2,5,2,0,0,0,0,0,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,15,5,0,2,2,2,0,0,0,0,0,0,29,0,0] 2 TCP 172.16.20.244:59038 <-> 172.16.20.75:5432 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Database/11][6 pkts/416 bytes <-> 4 pkts/273 bytes][Goodput ratio: 2/0][0.02 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 17/18 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 69/68 78/74 5/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.26.235.166:55630 <-> 172.30.92.62:119 [proto: 93/Usenet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][4 pkts/293 bytes <-> 2 pkts/264 bytes][Goodput ratio: 7/47][0.02 sec][bytes ratio: 0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 6/17 17/17 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 73/132 87/190 9/58][PLAIN TEXT (200 Leafnode NNTP Daemon)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_3.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_3.pcapng.out index 1bff9b97a..de30320b2 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_3.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_3.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) MapleStory 4 362 1 +Fun 4 362 1 + 1 TCP 192.168.16.173:60546 <-> 93.184.216.34:80 [proto: 113/MapleStory][IP: 288/Edgecast][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][3 pkts/288 bytes <-> 1 pkts/74 bytes][Goodput ratio: 28/0][0.10 sec][Hostname/SNI: example.com][User-Agent: AspINet][PLAIN TEXT (pGET /maplestory/ HTTP/1.1)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out index c23467edd..91666d3bc 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 2 68 1 +Unrated 2 68 1 + Undetected flows: diff --git a/tests/cfgs/default/result/pgm.pcap.out b/tests/cfgs/default/result/pgm.pcap.out index b6accd0fc..d5c35d4fa 100644 --- a/tests/cfgs/default/result/pgm.pcap.out +++ b/tests/cfgs/default/result/pgm.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) PGM 1000 196302 1 +Acceptable 1000 196302 1 + 1 PGM 10.244.64.154:0 -> 235.0.1.47:0 [proto: 296/PGM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1000 pkts/196302 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][78.91 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/0 1479/0 169/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 196/0 1344/0 201/0][PLAIN TEXT (PORTFOLIO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pgsql.pcap.out b/tests/cfgs/default/result/pgsql.pcap.out index d2436010f..ee7b1321a 100644 --- a/tests/cfgs/default/result/pgsql.pcap.out +++ b/tests/cfgs/default/result/pgsql.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) PostgreSQL 88 8913 6 +Acceptable 88 8913 6 + 1 TCP 127.0.0.1:45930 <-> 127.0.0.1:5432 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Database/11][12 pkts/1366 bytes <-> 12 pkts/1664 bytes][Goodput ratio: 41/52][15.40 sec][bytes ratio: -0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002/1011 8826/8907 2767/2792][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 114/139 327/348 73/104][PLAIN TEXT (database)][Plen Bins: 8,41,0,16,0,8,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.20.244:59039 <-> 172.16.20.75:5432 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Database/11][10 pkts/924 bytes <-> 6 pkts/911 bytes][Goodput ratio: 27/56][0.01 sec][bytes ratio: 0.007 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 1/2 3/7 1/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 92/152 175/455 38/139][PLAIN TEXT (database)][Plen Bins: 37,12,25,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 127.0.0.1:45931 <-> 127.0.0.1:5432 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Database/11][7 pkts/705 bytes <-> 8 pkts/974 bytes][Goodput ratio: 33/45][0.12 sec][bytes ratio: -0.160 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/14 45/40 18/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/122 222/251 52/72][PLAIN TEXT (database)][Plen Bins: 14,28,14,0,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pim.pcap.out b/tests/cfgs/default/result/pim.pcap.out index c2f6f8d28..174a7f558 100644 --- a/tests/cfgs/default/result/pim.pcap.out +++ b/tests/cfgs/default/result/pim.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) IP_PIM 10 920 1 +Acceptable 10 920 1 + 1 PIM 192.168.203.234:0 -> 224.0.0.13:0 [proto: 297/IP_PIM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/920 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][9.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 999/0 1001/0 1006/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 92/0 108/0 8/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pinterest.pcap.out b/tests/cfgs/default/result/pinterest.pcap.out index 6e3cdf5a1..a38c5c576 100644 --- a/tests/cfgs/default/result/pinterest.pcap.out +++ b/tests/cfgs/default/result/pinterest.pcap.out @@ -31,6 +31,11 @@ Google 328 150112 5 Pinterest 239 115791 9 GoogleServices 55 11104 1 +Safe 157 68609 19 +Acceptable 383 161216 6 +Fun 323 193395 11 +Tracker/Ads 48 23075 1 + JA3 Host Stats: IP Address # JA3C 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 1 diff --git a/tests/cfgs/default/result/pluralsight.pcap.out b/tests/cfgs/default/result/pluralsight.pcap.out index 496a2713e..e36655089 100644 --- a/tests/cfgs/default/result/pluralsight.pcap.out +++ b/tests/cfgs/default/result/pluralsight.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Pluralsight 44 29652 6 +Fun 44 29652 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/pop3.pcap.out b/tests/cfgs/default/result/pop3.pcap.out index a5e66191d..bf0bdd648 100644 --- a/tests/cfgs/default/result/pop3.pcap.out +++ b/tests/cfgs/default/result/pop3.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) POP3 144 31172 6 +Unsafe 144 31172 6 + 1 TCP 192.168.0.4:26383 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 16][cat: Email/3][22 pkts/1338 bytes <-> 30 pkts/21359 bytes][Goodput ratio: 10/92][1.26 sec][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59/41 97/111 37/39][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 61/712 120/1514 14/680][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 47,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,30,0,0] 2 TCP 143.225.229.181:35287 <-> 74.208.5.28:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: Email/3][18 pkts/1269 bytes <-> 13 pkts/2646 bytes][Goodput ratio: 6/67][27.32 sec][User: cicciopernacchio@mail.com][Pwd: pippozzo][bytes ratio: -0.352 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1792/2973 5526/5668 2204/2427][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 70/204 98/1514 8/379][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found username (cicciopernacchio@mail.com)][PLAIN TEXT (OK POP server ready H migmxus)][Plen Bins: 60,20,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] 3 TCP 192.168.0.4:26308 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 16][cat: Email/3][9 pkts/594 bytes <-> 10 pkts/881 bytes][Goodput ratio: 16/34][0.59 sec][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 29/0 64/64 81/88 18/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/88 120/145 20/32][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 63,9,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pop3_stls.pcap.out b/tests/cfgs/default/result/pop3_stls.pcap.out index ed9b9cf26..64b934b65 100644 --- a/tests/cfgs/default/result/pop3_stls.pcap.out +++ b/tests/cfgs/default/result/pop3_stls.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) POPS 53 11189 1 +Safe 53 11189 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.20.18 1 diff --git a/tests/cfgs/default/result/pops.pcapng.out b/tests/cfgs/default/result/pops.pcapng.out index 0af9c8411..3025ea924 100644 --- a/tests/cfgs/default/result/pops.pcapng.out +++ b/tests/cfgs/default/result/pops.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) POPS 5 2998 1 +Safe 5 2998 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.1 1 diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index a4cd0f6da..889abe897 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -33,6 +33,11 @@ PPStream 56 36585 20 OCSP 2 1093 1 Cybersec 28 29201 2 +Safe 30 30294 3 +Acceptable 195 101385 55 +Fun 56 36585 20 +Unrated 980 377564 29 + 1 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Goodput ratio: 87/96][0.02 sec][Hostname/SNI: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426/1303 426/1314 0/56][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 223.26.106.66][PLAIN TEXT (GET /videos/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,93,0,0,0,0,0,0,0,0] 2 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.283/HTTP.Cybersec][IP: 307/AVAST][ClearText][Confidence: DPI][DPI packets: 9][cat: Download/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Goodput ratio: 95/96][13.04 sec][Hostname/SNI: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/0 307/0 127/0][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002/1239 1314/1314 434/215][URL: bcu.ff.avast.com/bc2][StatusCode: 200][Req Content-Type: application/x-enc][Content-Type: application/octet-stream][Server: nginx/1.8.0][User-Agent: {D699054D-1699-47D2-9B2B-E96F438C1160}][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 300][Risk Info: Suspicious Log4J / Obsolete nginx server 1.8.0 / Found mime exe octet-stream][PLAIN TEXT (POST /bc2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,75,0,0,0,0,0,0,0,0] 3 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/303 bytes <-> 9 pkts/11826 bytes][Goodput ratio: 82/96][0.09 sec][Hostname/SNI: preimage1.qiyipic.com][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/4 0/30 0/10][Pkt Len c2s/s2c min/avg/max/stddev: 303/1314 303/1314 303/1314 0/0][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_1.jpg?no=1][StatusCode: 200][Content-Type: image/jpeg][Server: QWS][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)][Plen Bins: 0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pptp.pcap.out b/tests/cfgs/default/result/pptp.pcap.out index 6d72b35bb..af14610a3 100644 --- a/tests/cfgs/default/result/pptp.pcap.out +++ b/tests/cfgs/default/result/pptp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) PPTP 24 2328 1 +Acceptable 24 2328 1 + 1 TCP 192.168.43.22:41366 <-> 191.101.61.1:1723 [proto: 115/PPTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: VPN/2][13 pkts/1210 bytes <-> 11 pkts/1118 bytes][Goodput ratio: 29/34][5.43 sec][bytes ratio: 0.040 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/7 389/463 1680/1179 503/373][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 93/102 234/222 58/56][PLAIN TEXT (cananian)][Plen Bins: 44,11,0,0,33,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/profinet-io-le.pcap.out b/tests/cfgs/default/result/profinet-io-le.pcap.out index a4a4161c3..e9d4c7557 100644 --- a/tests/cfgs/default/result/profinet-io-le.pcap.out +++ b/tests/cfgs/default/result/profinet-io-le.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) PROFINET_IO 2 516 1 +Acceptable 2 516 1 + 1 UDP 10.10.0.150:1566 <-> 10.10.0.129:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/206 bytes <-> 1 pkts/310 bytes][Goodput ratio: 79/86][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/protobuf.pcap.out b/tests/cfgs/default/result/protobuf.pcap.out index 2f1da401d..e5bb23bea 100644 --- a/tests/cfgs/default/result/protobuf.pcap.out +++ b/tests/cfgs/default/result/protobuf.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Protobuf 60 4446 5 +Safe 60 4446 5 + 1 TCP 127.0.0.1:52392 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][11 pkts/890 bytes <-> 9 pkts/498 bytes][Goodput ratio: 32/0][70.00 sec][bytes ratio: 0.282 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10000 6667/8333 10000/10000 4714/3727][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 81/55 122/66 31/4][PLAIN TEXT (AAAABBBBX)][Plen Bins: 42,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:39786 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/832 bytes <-> 3 pkts/174 bytes][Goodput ratio: 66/0][10.00 sec][bytes ratio: 0.654 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2500/0 10000/0 4330/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/58 604/66 219/6][PLAIN TEXT (Lorem ipsum dolor sit amet)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 127.0.0.1:51680 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: Network/14][9 pkts/588 bytes <-> 7 pkts/390 bytes][Goodput ratio: 15/0][50.00 sec][bytes ratio: 0.202 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10000 5714/7500 10000/10000 4949/4330][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65/56 72/66 8/4][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/protonvpn.pcap.out b/tests/cfgs/default/result/protonvpn.pcap.out index 347716478..8e0c81cff 100644 --- a/tests/cfgs/default/result/protonvpn.pcap.out +++ b/tests/cfgs/default/result/protonvpn.pcap.out @@ -29,6 +29,9 @@ TLS 1 74 1 WireGuard 14 2060 1 ProtonVPN 26 8061 1 +Safe 1 74 1 +Acceptable 40 10121 2 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/psiphon3.pcap.out b/tests/cfgs/default/result/psiphon3.pcap.out index d72af74d6..251aafc43 100644 --- a/tests/cfgs/default/result/psiphon3.pcap.out +++ b/tests/cfgs/default/result/psiphon3.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Psiphon 62 11818 1 +Acceptable 62 11818 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.103 1 diff --git a/tests/cfgs/default/result/ptpv2.pcap.out b/tests/cfgs/default/result/ptpv2.pcap.out index 511ae45a7..5ab44051e 100644 --- a/tests/cfgs/default/result/ptpv2.pcap.out +++ b/tests/cfgs/default/result/ptpv2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 6/0 (search/found) PTPv2 14 1664 3 +Acceptable 14 1664 3 + 1 UDP [fe80::20:9400:d]:320 <-> [fe80::2b0:aeff:fe01:f921]:320 [proto: 358/PTPv2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/354 bytes <-> 4 pkts/488 bytes][Goodput ratio: 47/49][0.26 sec][bytes ratio: -0.159 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/50 0/149 0/70][Pkt Len c2s/s2c min/avg/max/stddev: 118/120 118/122 118/128 0/3][Plen Bins: 0,85,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP [fe80::20:9400:e]:320 <-> [fe80::2b0:aeff:fe01:f921]:320 [proto: 358/PTPv2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/354 bytes <-> 3 pkts/360 bytes][Goodput ratio: 47/48][0.11 sec][bytes ratio: -0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 118/120 118/120 118/120 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP [fe80::2b0:aeff:fe01:f921]:319 -> [fe80::20:9400:d]:319 [proto: 358/PTPv2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/108 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/punycode-idn.pcap.out b/tests/cfgs/default/result/punycode-idn.pcap.out index c658b147f..97a4442f8 100644 --- a/tests/cfgs/default/result/punycode-idn.pcap.out +++ b/tests/cfgs/default/result/punycode-idn.pcap.out @@ -26,6 +26,9 @@ DNS 2 162 1 HTTP 12 1597 1 Spotify 2 197 1 +Acceptable 14 1759 2 +Fun 2 197 1 + 1 TCP 192.168.2.140:56011 <-> 170.33.9.230:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/568 bytes <-> 5 pkts/1029 bytes][Goodput ratio: 29/69][0.57 sec][Hostname/SNI: www.love.xn--55qx5d][bytes ratio: -0.289 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/122 222/352 90/163][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/206 137/765 36/280][URL: www.love.xn--55qx5d/][StatusCode: 403][Content-Type: text/html][User-Agent: curl/7.77.0][Risk: ** IDN Domain Name **** Error Code **][Risk Score: 20][Risk Info: www.love.xn--55qx5d / HTTP Error Code 403][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.140:45520 <-> 192.168.2.1:53 [proto: 5.156/DNS.Spotify][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/128 bytes][Goodput ratio: 39/67][0.02 sec][Hostname/SNI: i.scdn.co][146.75.62.248][PLAIN TEXT (scdnco)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.140:60156 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/81 bytes][Goodput ratio: 48/48][0.00 sec][Hostname/SNI: www.xn--mnich-kva.com][::][Risk: ** IDN Domain Name **** Error Code **][Risk Score: 20][Risk Info: www.xn--mnich-kva.com / DNS Error Code NXDOMAIN][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic-23.pcap.out b/tests/cfgs/default/result/quic-23.pcap.out index 2461c6c20..dc5457ed4 100644 --- a/tests/cfgs/default/result/quic-23.pcap.out +++ b/tests/cfgs/default/result/quic-23.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 20 7191 1 +Acceptable 20 7191 1 + JA3 Host Stats: IP Address # JA3C 1 2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7 1 diff --git a/tests/cfgs/default/result/quic-24.pcap.out b/tests/cfgs/default/result/quic-24.pcap.out index 639f4a7f5..0528668be 100644 --- a/tests/cfgs/default/result/quic-24.pcap.out +++ b/tests/cfgs/default/result/quic-24.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 15 8000 1 +Acceptable 15 8000 1 + JA3 Host Stats: IP Address # JA3C 1 10.9.0.1 1 diff --git a/tests/cfgs/default/result/quic-27.pcap.out b/tests/cfgs/default/result/quic-27.pcap.out index c7e6e566c..69ba562f4 100644 --- a/tests/cfgs/default/result/quic-27.pcap.out +++ b/tests/cfgs/default/result/quic-27.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) Google 20 12887 1 +Acceptable 20 12887 1 + JA3 Host Stats: IP Address # JA3C 1 3ef4:2194:f4a6:3503:40cd:714:57:c4e4 1 diff --git a/tests/cfgs/default/result/quic-28.pcap.out b/tests/cfgs/default/result/quic-28.pcap.out index d15d44b5b..0f2f4b846 100644 --- a/tests/cfgs/default/result/quic-28.pcap.out +++ b/tests/cfgs/default/result/quic-28.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 253 246793 1 +Acceptable 253 246793 1 + JA3 Host Stats: IP Address # JA3C 1 10.9.0.2 1 diff --git a/tests/cfgs/default/result/quic-29.pcap.out b/tests/cfgs/default/result/quic-29.pcap.out index a56293f46..2f5925edb 100644 --- a/tests/cfgs/default/result/quic-29.pcap.out +++ b/tests/cfgs/default/result/quic-29.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 15 9386 1 +Acceptable 15 9386 1 + JA3 Host Stats: IP Address # JA3C 1 10.9.0.1 1 diff --git a/tests/cfgs/default/result/quic-33.pcapng.out b/tests/cfgs/default/result/quic-33.pcapng.out index 9dec0d2d6..3a0067211 100644 --- a/tests/cfgs/default/result/quic-33.pcapng.out +++ b/tests/cfgs/default/result/quic-33.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 7 5336 1 +Acceptable 7 5336 1 + JA3 Host Stats: IP Address # JA3C 1 ::1 1 diff --git a/tests/cfgs/default/result/quic-34.pcap.out b/tests/cfgs/default/result/quic-34.pcap.out index c1b75d49a..3f02a683d 100644 --- a/tests/cfgs/default/result/quic-34.pcap.out +++ b/tests/cfgs/default/result/quic-34.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 4 4836 1 +Acceptable 4 4836 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.56.1 1 diff --git a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out index ced7ea023..a020b5770 100644 --- a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out +++ b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 21 9039 1 +Acceptable 21 9039 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.56.103 1 diff --git a/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out b/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out index b214ffcb4..3ea4d455d 100644 --- a/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out +++ b/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 1 1280 1 +Acceptable 1 1280 1 + 1 UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][QUIC ver: Q024][PLAIN TEXT ( )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic-mvfst-22.pcap.out b/tests/cfgs/default/result/quic-mvfst-22.pcap.out index 1d16edb6a..d5e7ad2b4 100644 --- a/tests/cfgs/default/result/quic-mvfst-22.pcap.out +++ b/tests/cfgs/default/result/quic-mvfst-22.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Facebook 490 288303 1 +Fun 490 288303 1 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/quic-mvfst-22_decryption_error.pcap.out b/tests/cfgs/default/result/quic-mvfst-22_decryption_error.pcap.out index a353960b8..3db845503 100644 --- a/tests/cfgs/default/result/quic-mvfst-22_decryption_error.pcap.out +++ b/tests/cfgs/default/result/quic-mvfst-22_decryption_error.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 11 3918 1 +Acceptable 11 3918 1 + 1 UDP 10.230.40.168:62196 <-> 94.97.225.146:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][10 pkts/3852 bytes <-> 1 pkts/66 bytes][Goodput ratio: 93/57][0.00 sec][bytes ratio: 0.966 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 385/66 1260/66 401/0][QUIC ver: MVFST-22][Plen Bins: 0,36,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic-mvfst-27.pcapng.out b/tests/cfgs/default/result/quic-mvfst-27.pcapng.out index fe9f4f66d..ae30e7072 100644 --- a/tests/cfgs/default/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/default/result/quic-mvfst-27.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Facebook 20 11399 1 +Fun 20 11399 1 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/quic-mvfst-exp.pcap.out b/tests/cfgs/default/result/quic-mvfst-exp.pcap.out index b8315d050..a0fc4ecbc 100644 --- a/tests/cfgs/default/result/quic-mvfst-exp.pcap.out +++ b/tests/cfgs/default/result/quic-mvfst-exp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) FbookReelStory 30 26309 1 +Fun 30 26309 1 + JA3 Host Stats: IP Address # JA3C 1 2aac:cdf7:d506:7807:9092:75f:a963:f4ab 1 diff --git a/tests/cfgs/default/result/quic-v2.pcapng.out b/tests/cfgs/default/result/quic-v2.pcapng.out index bf1292d91..e1ac930f8 100644 --- a/tests/cfgs/default/result/quic-v2.pcapng.out +++ b/tests/cfgs/default/result/quic-v2.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 19 12970 1 +Acceptable 19 12970 1 + JA3 Host Stats: IP Address # JA3C 1 ::1 1 diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index 85db45f7b..ad876b6d8 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -29,6 +29,9 @@ YouTube 85 76193 5 Google 11 10063 2 QUIC 9 7436 2 +Acceptable 433 272373 5 +Fun 85 76193 5 + 1 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Email/3][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Goodput ratio: 72/95][37.93 sec][Hostname/SNI: mail.google.com][bytes ratio: -0.812 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 303/161 21144/21225 1960/1485][Pkt Len c2s/s2c min/avg/max/stddev: 67/61 149/916 1392/1392 207/581][User-Agent: beta Chrome/43.0.2357.45][QUIC ver: Q024][PLAIN TEXT (mail.google.com)][Plen Bins: 4,37,1,5,3,0,3,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0] 2 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Goodput ratio: 80/97][1.00 sec][Hostname/SNI: www.youtube.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 52/26 803/828 183/134][Pkt Len c2s/s2c min/avg/max/stddev: 79/61 211/1208 1392/1392 358/430][User-Agent: Chrome/50.0.2661.102 Linux x86_64][QUIC ver: Q030][PLAIN TEXT (www.youtube.com)][Plen Bins: 1,35,1,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,57,0,0,0,0,0] 3 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][6 pkts/7072 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][4.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 800/0 1749/0 595/0][Pkt Len c2s/s2c min/avg/max/stddev: 112/0 1179/0 1392/0 477/0][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][QUIC ver: Q033][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic046.pcap.out b/tests/cfgs/default/result/quic046.pcap.out index 1bdc0674d..88daf7fd7 100644 --- a/tests/cfgs/default/result/quic046.pcap.out +++ b/tests/cfgs/default/result/quic046.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) YouTube 100 91297 1 +Fun 100 91297 1 + 1 UDP 192.168.1.236:50587 <-> 216.58.206.86:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][37 pkts/6724 bytes <-> 63 pkts/84573 bytes][Goodput ratio: 77/97][0.05 sec][Hostname/SNI: i.ytimg.com][bytes ratio: -0.853 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/5 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 70/62 182/1342 1392/1392 304/222][User-Agent: Chrome/80.0.3987.132 Windows NT 6.3; Win64; x64][QUIC ver: Q046][PLAIN TEXT (i.ytimg.com)][Plen Bins: 26,1,1,0,5,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index d4a90d261..43dae132a 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 2/0 (search/found) Google 15 5178 1 QUIC 2 2588 1 +Acceptable 17 7766 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.100 1 diff --git a/tests/cfgs/default/result/quic_cc_ack.pcapng.out b/tests/cfgs/default/result/quic_cc_ack.pcapng.out index 2a4f2ee1b..8259ba3b6 100644 --- a/tests/cfgs/default/result/quic_cc_ack.pcapng.out +++ b/tests/cfgs/default/result/quic_cc_ack.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 2 2784 2 +Acceptable 2 2784 2 + 1 UDP 152.14.223.145:57113 -> 71.98.228.93:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Draft-29][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 2 UDP 183.23.159.144:37787 -> 108.140.147.22:443 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Draft-29][PLAIN TEXT (IhUo.7y)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out b/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out index 7f65e62be..68b213721 100644 --- a/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out +++ b/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Snapchat 2 2784 2 +Fun 2 2784 2 + JA3 Host Stats: IP Address # JA3C 1 134.53.36.43 1 diff --git a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out index 7c279d773..829b5933e 100644 --- a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 4 3998 1 +Acceptable 4 3998 1 + JA3 Host Stats: IP Address # JA3C 1 ::1 1 diff --git a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 917f75f7e..ef59794b7 100644 --- a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -32,6 +32,10 @@ GoogleServices 71 98832 25 WhatsAppFiles 1 1392 1 GoogleCloud 3 4176 3 +Safe 3 4176 3 +Acceptable 154 214368 88 +Fun 22 30624 22 + JA3 Host Stats: IP Address # JA3C 1 168.144.64.5 4 diff --git a/tests/cfgs/default/result/quic_interop_V.pcapng.out b/tests/cfgs/default/result/quic_interop_V.pcapng.out index 4b7457e46..eb32456d6 100644 --- a/tests/cfgs/default/result/quic_interop_V.pcapng.out +++ b/tests/cfgs/default/result/quic_interop_V.pcapng.out @@ -26,6 +26,8 @@ ICMP 21 7436 9 ICMPV6 10 10642 5 QUIC 215 224846 63 +Acceptable 246 242924 77 + 1 UDP 192.168.1.128:34511 -> 131.159.24.198:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1419/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (SezYZO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.128:37643 -> 71.202.41.169:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 243/0 1426/0 4801/0 1546/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (tIABbj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.128:42468 -> 138.91.188.147:4433 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1425/0 4800/0 1548/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q39.pcap.out b/tests/cfgs/default/result/quic_q39.pcap.out index 9ab647c4c..693a15425 100644 --- a/tests/cfgs/default/result/quic_q39.pcap.out +++ b/tests/cfgs/default/result/quic_q39.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) YouTube 60 24185 1 +Fun 60 24185 1 + 1 UDP 170.216.16.209:38620 <-> 21.157.183.227:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][27 pkts/20099 bytes <-> 33 pkts/4086 bytes][Goodput ratio: 94/66][48.95 sec][Hostname/SNI: s.youtube.com][bytes ratio: 0.662 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 2239/1370 14326/14805 3925/3576][Pkt Len c2s/s2c min/avg/max/stddev: 65/60 744/124 1392/1392 569/228][User-Agent: com.google.android.youtube Cronet/63.0.3223.7][QUIC ver: Q039][PLAIN TEXT (s.youtube.com)][Plen Bins: 24,47,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,5,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q43.pcap.out b/tests/cfgs/default/result/quic_q43.pcap.out index 9a197c53e..dfc23b1ec 100644 --- a/tests/cfgs/default/result/quic_q43.pcap.out +++ b/tests/cfgs/default/result/quic_q43.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 2 1464 1 +Acceptable 2 1464 1 + 1 UDP 51.120.20.202:49241 <-> 72.119.217.29:443 [proto: 188.196/QUIC.DoH_DoT][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1392 bytes <-> 1 pkts/72 bytes][Goodput ratio: 97/41][0.05 sec][Hostname/SNI: dns.google.com][QUIC ver: Q043][PLAIN TEXT (dns.google.com)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q46.pcap.out b/tests/cfgs/default/result/quic_q46.pcap.out index 044854fa7..0f7385837 100644 --- a/tests/cfgs/default/result/quic_q46.pcap.out +++ b/tests/cfgs/default/result/quic_q46.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Google 20 21241 1 +Acceptable 20 21241 1 + 1 UDP 172.29.42.236:38292 <-> 153.20.183.203:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][5 pkts/1675 bytes <-> 15 pkts/19566 bytes][Goodput ratio: 87/97][0.31 sec][Hostname/SNI: play.google.com][bytes ratio: -0.842 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/20 17/224 8/59][Pkt Len c2s/s2c min/avg/max/stddev: 70/78 335/1304 1392/1392 529/328][User-Agent: Chrome/74.0.3729.157 Android 8.0.0; BND-L21][QUIC ver: Q046][PLAIN TEXT (play.google.comL)][Plen Bins: 20,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q46_b.pcap.out b/tests/cfgs/default/result/quic_q46_b.pcap.out index 8b52b26f3..280a258cb 100644 --- a/tests/cfgs/default/result/quic_q46_b.pcap.out +++ b/tests/cfgs/default/result/quic_q46_b.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) YouTubeUpload 20 7020 1 +Fun 20 7020 1 + 1 UDP 172.27.69.216:45530 <-> 110.231.134.35:443 [proto: 188.136/QUIC.YouTubeUpload][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][6 pkts/2916 bytes <-> 14 pkts/4104 bytes][Goodput ratio: 81/69][3.09 sec][Hostname/SNI: upload.youtube.com][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 24/0 200/218 384/1017 128/277][Pkt Len c2s/s2c min/avg/max/stddev: 118/106 486/293 1440/1440 466/345][User-Agent: com.google.android.youtube Cronet/76.0.3809.0][QUIC ver: Q046][PLAIN TEXT (upload.youtube.comx)][Plen Bins: 45,15,0,0,0,0,0,0,0,0,20,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q50.pcap.out b/tests/cfgs/default/result/quic_q50.pcap.out index 928531a32..8f2103915 100644 --- a/tests/cfgs/default/result/quic_q50.pcap.out +++ b/tests/cfgs/default/result/quic_q50.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleServices 20 20434 1 +Acceptable 20 20434 1 + 1 UDP 248.144.129.147:39203 <-> 184.151.193.237:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][6 pkts/3579 bytes <-> 14 pkts/16855 bytes][Goodput ratio: 93/97][0.47 sec][Hostname/SNI: www.googletagmanager.com][bytes ratio: -0.650 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 85/27 210/221 80/63][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 596/1204 1392/1392 588/461][User-Agent: Chrome/83.0.4103.101 Android 8.0.0; LDN-L21][QUIC ver: Q050][PLAIN TEXT (x.GdrZY)][Plen Bins: 5,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_t50.pcap.out b/tests/cfgs/default/result/quic_t50.pcap.out index 49b4d8595..346285118 100644 --- a/tests/cfgs/default/result/quic_t50.pcap.out +++ b/tests/cfgs/default/result/quic_t50.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleServices 12 8420 1 +Acceptable 12 8420 1 + JA3 Host Stats: IP Address # JA3C 1 40.154.127.200 1 diff --git a/tests/cfgs/default/result/quic_t51.pcap.out b/tests/cfgs/default/result/quic_t51.pcap.out index 5607f2364..a1639f214 100644 --- a/tests/cfgs/default/result/quic_t51.pcap.out +++ b/tests/cfgs/default/result/quic_t51.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Google 12 9296 1 +Acceptable 12 9296 1 + JA3 Host Stats: IP Address # JA3C 1 187.227.136.152 1 diff --git a/tests/cfgs/default/result/quickplay.pcap.out b/tests/cfgs/default/result/quickplay.pcap.out index a02b54194..60b2eb089 100644 --- a/tests/cfgs/default/result/quickplay.pcap.out +++ b/tests/cfgs/default/result/quickplay.pcap.out @@ -27,6 +27,9 @@ Facebook 6 1740 3 Google 2 378 1 Xiaomi 2 1469 1 +Acceptable 137 98026 13 +Fun 18 6521 8 + 1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Goodput ratio: 89/94][101.50 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/2021 3144/2862 23289/5776 4036/929][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511/933 587/1456 27/494][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV250R240/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV250R240-0023.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 3,0,0,3,1,1,0,0,0,1,0,0,0,49,1,1,7,0,1,0,0,0,0,0,3,0,0,0,3,1,0,0,0,1,1,0,3,3,0,0,0,0,0,13,0,0,0,0] 2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Goodput ratio: 89/95][109.64 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 7709/7600 23311/23043 9303/8905][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502/1143 502/1456 0/288][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0058.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,56,0,0,0,0,4,0,0,0,0,8,0,0,4,0,0,0,0,0,0,0,4,4,0,0,0,4,0,4,0,12,0,0,0,0] 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Goodput ratio: 89/95][53.74 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434/13894 23447/24732 10022/10838][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502/1174 502/1456 0/264][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0] diff --git a/tests/cfgs/default/result/radius_false_positive.pcapng.out b/tests/cfgs/default/result/radius_false_positive.pcapng.out index 59fc0c893..563387fab 100644 --- a/tests/cfgs/default/result/radius_false_positive.pcapng.out +++ b/tests/cfgs/default/result/radius_false_positive.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 10 7479 1 +Acceptable 10 7479 1 + 1 UDP [2bc6:b5ac:cb3b:676b::18]:443 -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff]:53129 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][10 pkts/7479 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/0 290/0 90/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 748/0 1292/0 549/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (AESGCC20at)][Plen Bins: 20,0,0,0,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/raknet.pcap.out b/tests/cfgs/default/result/raknet.pcap.out index 5a1df664d..d22b721f6 100644 --- a/tests/cfgs/default/result/raknet.pcap.out +++ b/tests/cfgs/default/result/raknet.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RakNet 66 9600 12 +Fun 66 9600 12 + 1 UDP 192.168.2.100:60689 <-> 148.153.35.205:60028 [proto: 286/RakNet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Game/8][8 pkts/2036 bytes <-> 7 pkts/577 bytes][Goodput ratio: 83/44][0.13 sec][bytes ratio: 0.558 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 14/16 30/21 11/5][Pkt Len c2s/s2c min/avg/max/stddev: 49/60 254/82 1506/152 474/31][Plen Bins: 60,20,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] 2 UDP 192.168.2.100:32951 <-> 148.153.35.205:60021 [proto: 286/RakNet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Game/8][8 pkts/2039 bytes <-> 7 pkts/563 bytes][Goodput ratio: 83/44][0.11 sec][bytes ratio: 0.567 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/12 25/21 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 49/60 255/80 1506/152 474/30][Plen Bins: 60,20,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] 3 UDP 192.168.2.100:44501 <-> 148.153.35.205:60030 [proto: 286/RakNet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Game/8][8 pkts/2039 bytes <-> 7 pkts/563 bytes][Goodput ratio: 83/44][0.14 sec][bytes ratio: 0.567 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/12 46/23 17/9][Pkt Len c2s/s2c min/avg/max/stddev: 49/60 255/80 1506/152 474/30][Plen Bins: 60,20,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] diff --git a/tests/cfgs/default/result/rdp.pcap.out b/tests/cfgs/default/result/rdp.pcap.out index f512c2a59..01a89f787 100644 --- a/tests/cfgs/default/result/rdp.pcap.out +++ b/tests/cfgs/default/result/rdp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RDP 20 3658 1 +Acceptable 20 3658 1 + 1 TCP 172.16.2.185:52494 <-> 192.168.2.142:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][13 pkts/1677 bytes <-> 7 pkts/1981 bytes][Goodput ratio: 64/84][0.37 sec][bytes ratio: -0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/43 25/56 45/86 20/16][Pkt Len c2s/s2c min/avg/max/stddev: 44/56 129/283 616/1223 152/394][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (192.168.2.142)][Plen Bins: 16,16,16,16,0,8,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rdp2.pcap.out b/tests/cfgs/default/result/rdp2.pcap.out index 77bd0190b..4af703c24 100644 --- a/tests/cfgs/default/result/rdp2.pcap.out +++ b/tests/cfgs/default/result/rdp2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RDP 39 11371 3 +Acceptable 39 11371 3 + 1 UDP 192.168.122.181:54759 <-> 192.168.122.2:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/2694 bytes <-> 2 pkts/2334 bytes][Goodput ratio: 94/96][1.76 sec][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1649 550/1649 1011/1649 418/0][Pkt Len c2s/s2c min/avg/max/stddev: 184/1060 674/1167 1274/1274 494/107][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (OKBI.HARDENING.COM)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] 2 UDP 10.50.181.210:60355 <-> 10.50.73.36:3389 [VLAN: 1108][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/1907 bytes <-> 3 pkts/1468 bytes][Goodput ratio: 90/90][0.13 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/7 41/48 80/90 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 199/64 477/489 1278/1278 463/558][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (drcsalgfc)][Plen Bins: 14,0,14,0,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0] 3 UDP 10.8.37.100:51652 <-> 10.100.2.87:3389 [VLAN: 1308][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][12 pkts/1418 bytes <-> 14 pkts/1550 bytes][Goodput ratio: 60/58][0.73 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 80/65 428/261 140/94][Pkt Len c2s/s2c min/avg/max/stddev: 64/60 118/111 384/148 82/26][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][Plen Bins: 19,46,19,11,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rdp3.pcap.out b/tests/cfgs/default/result/rdp3.pcap.out index ff7ece0c2..d97ef6a0c 100644 --- a/tests/cfgs/default/result/rdp3.pcap.out +++ b/tests/cfgs/default/result/rdp3.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RDP 30 4151 1 +Acceptable 30 4151 1 + 1 TCP 10.150.9.21:1685 <-> 10.157.4.161:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][17 pkts/2567 bytes <-> 13 pkts/1584 bytes][Goodput ratio: 63/54][0.67 sec][bytes ratio: 0.237 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 44/54 234/331 66/93][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 151/122 573/440 162/126][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (Cookie)][Plen Bins: 59,16,4,0,0,0,0,0,0,0,4,0,12,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/reasm_crash_anon.pcapng.out b/tests/cfgs/default/result/reasm_crash_anon.pcapng.out index 4ac6857a0..dfc18ae6e 100644 --- a/tests/cfgs/default/result/reasm_crash_anon.pcapng.out +++ b/tests/cfgs/default/result/reasm_crash_anon.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 200 20067 1 +Unrated 200 20067 1 + Undetected flows: diff --git a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out index 8d4ecd110..17e0e2404 100644 --- a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out +++ b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 82 77940 1 +Acceptable 82 77940 1 + 1 TCP 172.17.36.21:57619 <-> 63.190.145.43:80 [proto: GTP:7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][DPI packets: 21][cat: Web/5][28 pkts/3184 bytes <-> 54 pkts/74756 bytes][Goodput ratio: 0/93][15.67 sec][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 448/205 1615/2133 476/518][Pkt Len c2s/s2c min/avg/max/stddev: 94/90 114/1384 130/1490 9/330][PLAIN TEXT (.iJoJJ)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,92,0,0,0,0] diff --git a/tests/cfgs/default/result/reddit.pcap.out b/tests/cfgs/default/result/reddit.pcap.out index 26f510879..b3fd5bcb4 100644 --- a/tests/cfgs/default/result/reddit.pcap.out +++ b/tests/cfgs/default/result/reddit.pcap.out @@ -33,6 +33,11 @@ Amazon 100 59185 2 Reddit 522 181584 20 GoogleServices 340 129444 5 +Safe 175 62439 7 +Acceptable 1007 390125 26 +Fun 733 252471 26 +Tracker/Ads 27 8961 1 + JA3 Host Stats: IP Address # JA3C 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 1 diff --git a/tests/cfgs/default/result/riot.pcapng.out b/tests/cfgs/default/result/riot.pcapng.out index 8a1d00afd..0180eee9e 100644 --- a/tests/cfgs/default/result/riot.pcapng.out +++ b/tests/cfgs/default/result/riot.pcapng.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 3 4242 1 RiotGames 4 4338 1 +Safe 3 4242 1 +Fun 4 4338 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/riotgames.pcap.out b/tests/cfgs/default/result/riotgames.pcap.out index cae449913..a25cedc25 100644 --- a/tests/cfgs/default/result/riotgames.pcap.out +++ b/tests/cfgs/default/result/riotgames.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Discord 4 220 2 RiotGames 40 3733 7 +Fun 44 3953 9 + 1 UDP 192.168.2.100:59956 <-> 162.249.72.1:7194 [proto: 302/RiotGames][IP: 302/RiotGames][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][10 pkts/1106 bytes <-> 5 pkts/387 bytes][Goodput ratio: 62/46][5.50 sec][bytes ratio: 0.482 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/30 684/10 1033/30 438/14][Pkt Len c2s/s2c min/avg/max/stddev: 87/75 111/77 259/87 50/5][Plen Bins: 0,93,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:49298 <-> 162.249.72.1:7194 [proto: 302/RiotGames][IP: 302/RiotGames][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][6 pkts/712 bytes <-> 9 pkts/748 bytes][Goodput ratio: 65/49][2.43 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/31 283/132 994/203 372/82][Pkt Len c2s/s2c min/avg/max/stddev: 81/66 119/83 259/181 63/35][Plen Bins: 33,54,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:50004 <-> 162.249.72.1:8181 [proto: 302/RiotGames][IP: 302/RiotGames][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/78 bytes][Goodput ratio: 46/46][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rmcp.pcap.out b/tests/cfgs/default/result/rmcp.pcap.out index 03c98298d..413bf754e 100644 --- a/tests/cfgs/default/result/rmcp.pcap.out +++ b/tests/cfgs/default/result/rmcp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RMCP 6 380 6 +Safe 6 380 6 + 1 UDP 64.240.55.240:57984 -> 30.144.16.67:623 [proto: 351/RMCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 123.212.25.229:49531 -> 171.47.173.23:623 [proto: 351/RMCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 127.36.88.103:34698 -> 164.114.97.252:623 [proto: 351/RMCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/roblox.pcapng.out b/tests/cfgs/default/result/roblox.pcapng.out index 835ab3909..bec8c7a18 100644 --- a/tests/cfgs/default/result/roblox.pcapng.out +++ b/tests/cfgs/default/result/roblox.pcapng.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found) RakNet 44 21907 3 Roblox 34 12002 1 +Fun 78 33909 4 + JA3 Host Stats: IP Address # JA3C 1 192.168.12.156 1 diff --git a/tests/cfgs/default/result/rsh-syslog-false-positive.pcap.out b/tests/cfgs/default/result/rsh-syslog-false-positive.pcap.out index aa37c1043..ff24fa901 100644 --- a/tests/cfgs/default/result/rsh-syslog-false-positive.pcap.out +++ b/tests/cfgs/default/result/rsh-syslog-false-positive.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Syslog 6 3335 1 +Acceptable 6 3335 1 + 1 TCP 172.31.78.129:9039 -> 172.29.43.201:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/3335 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.08 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 11/0 16/0 26/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 292/0 556/0 844/0 212/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (52.926451)][Plen Bins: 0,0,0,0,0,0,0,34,0,0,0,0,0,16,0,0,0,0,16,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rsh.pcap.out b/tests/cfgs/default/result/rsh.pcap.out index 0e66de8a6..a8783d817 100644 --- a/tests/cfgs/default/result/rsh.pcap.out +++ b/tests/cfgs/default/result/rsh.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) RSH 24 1721 2 +Unsafe 24 1721 2 + 1 TCP 127.0.0.1:1021 <-> 127.0.0.1:514 [proto: 294/RSH][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: RemoteAccess/12][7 pkts/508 bytes <-> 5 pkts/356 bytes][Goodput ratio: 7/5][1.43 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/16 286/477 1414/1414 564/663][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/71 99/84 11/7][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: User 'someuser' executing 'some random command'][PLAIN TEXT (someuser)][Plen Bins: 66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:1023 <-> 127.0.0.1:514 [proto: 294/RSH][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: RemoteAccess/12][7 pkts/498 bytes <-> 5 pkts/359 bytes][Goodput ratio: 6/6][1.31 sec][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/15 262/437 1295/1295 517/607][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/72 89/87 8/8][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: User 'root' executing 'mkdir testdir'][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rsync.pcap.out b/tests/cfgs/default/result/rsync.pcap.out index cb0fdbd5b..b8b682fc5 100644 --- a/tests/cfgs/default/result/rsync.pcap.out +++ b/tests/cfgs/default/result/rsync.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RSYNC 30 2493 1 +Acceptable 30 2493 1 + 1 TCP 127.0.0.1:54489 <-> 127.0.0.1:873 [proto: 166/RSYNC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][16 pkts/1150 bytes <-> 14 pkts/1343 bytes][Goodput ratio: 7/31][0.14 sec][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 39/39 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/96 101/412 9/88][PLAIN TEXT (@RSYNCD)][Plen Bins: 87,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/tests/cfgs/default/result/rtcp_multiple_pkts_in_the_same_datagram.pcap.out index bf33db876..d3ae3238e 100644 --- a/tests/cfgs/default/result/rtcp_multiple_pkts_in_the_same_datagram.pcap.out +++ b/tests/cfgs/default/result/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTCP 5 740 1 +Acceptable 5 740 1 + 1 UDP 217.12.244.34:25963 <-> 217.12.247.98:31601 [proto: 165/RTCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/468 bytes <-> 2 pkts/272 bytes][Goodput ratio: 72/67][8.04 sec][PLAIN TEXT (931534)][Plen Bins: 0,0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtmp.pcap.out b/tests/cfgs/default/result/rtmp.pcap.out index bca763506..c34cdf396 100644 --- a/tests/cfgs/default/result/rtmp.pcap.out +++ b/tests/cfgs/default/result/rtmp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTMP 26 8368 1 +Acceptable 26 8368 1 + 1 TCP 192.168.43.1:1177 <-> 192.168.43.128:1935 [proto: 174/RTMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Media/1][12 pkts/4108 bytes <-> 14 pkts/4260 bytes][Goodput ratio: 84/82][1.04 sec][bytes ratio: -0.018 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 83/75 334/230 119/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 342/304 1514/1514 531/465][PLAIN TEXT (ace@nAt)][Plen Bins: 7,21,14,0,7,7,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,21,0,0] diff --git a/tests/cfgs/default/result/rtp.pcapng.out b/tests/cfgs/default/result/rtp.pcapng.out index 73f37ba02..f0359a2cf 100644 --- a/tests/cfgs/default/result/rtp.pcapng.out +++ b/tests/cfgs/default/result/rtp.pcapng.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) Discord 30 16092 1 RTP 45 20619 2 +Acceptable 45 20619 2 +Fun 30 16092 1 + 1 UDP 10.204.220.71:6000 -> 10.204.220.171:6000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][15 pkts/18438 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 25/0 77/0 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 1229/0 1486/0 467/0][Plen Bins: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,68,0,0] 2 UDP 150.219.118.19:54234 <-> 192.113.193.227:50003 [proto: 58/Discord][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Collaborative/15][11 pkts/1455 bytes <-> 19 pkts/14637 bytes][Goodput ratio: 68/95][0.14 sec][Client IP: 85.154.2.145][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 36/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/116 132/770 207/1146 54/475][PLAIN TEXT (85.154.2.145)][Plen Bins: 0,20,6,20,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,13,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtps.pcap.out b/tests/cfgs/default/result/rtps.pcap.out index 90da2defa..949a0b993 100644 --- a/tests/cfgs/default/result/rtps.pcap.out +++ b/tests/cfgs/default/result/rtps.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTPS 29 22382 1 +Acceptable 29 22382 1 + 1 UDP 127.0.0.1:28108 -> 127.0.0.1:7410 [proto: 359/RTPS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][29 pkts/22382 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][490.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1000/0 17655/0 30000/0 13497/0][Pkt Len c2s/s2c min/avg/max/stddev: 58/0 772/0 822/0 185/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (dds.sys)][Plen Bins: 3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtsp.pcap.out b/tests/cfgs/default/result/rtsp.pcap.out index 353c27b85..d464816b1 100644 --- a/tests/cfgs/default/result/rtsp.pcap.out +++ b/tests/cfgs/default/result/rtsp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RTSP 568 100872 7 +Fun 568 100872 7 + 1 TCP 10.1.1.10:52478 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 21][cat: Media/1][44 pkts/6374 bytes <-> 60 pkts/11092 bytes][Goodput ratio: 59/68][59.02 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1730/3 58323/42 9852/8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 145/185 257/751 77/190][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.1.1.10:52472 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 56 pkts/10878 bytes][Goodput ratio: 62/70][58.23 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1872/2 58022/20 10252/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/194 258/751 77/194][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.1.1.10:52480 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 52 pkts/10628 bytes][Goodput ratio: 62/71][59.74 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1921/2 59529/21 10518/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/204 258/751 77/198][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtsp_setup_http.pcapng.out b/tests/cfgs/default/result/rtsp_setup_http.pcapng.out index 2b5a87936..98e3e39a7 100644 --- a/tests/cfgs/default/result/rtsp_setup_http.pcapng.out +++ b/tests/cfgs/default/result/rtsp_setup_http.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTSP 1 233 1 +Fun 1 233 1 + 1 TCP 172.28.5.170:63840 -> 172.28.4.26:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (SETUP rtsp)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rx.pcap.out b/tests/cfgs/default/result/rx.pcap.out index 9a2ce20fc..bd1b51c6a 100644 --- a/tests/cfgs/default/result/rx.pcap.out +++ b/tests/cfgs/default/result/rx.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RX 132 26475 5 +Acceptable 132 26475 5 + 1 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RPC/16][48 pkts/6808 bytes <-> 31 pkts/5568 bytes][Goodput ratio: 70/77][20.45 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 509/13 19828/65 3094/18][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 142/180 510/782 117/123][PLAIN TEXT (UZ.SNS.IT)][Plen Bins: 2,26,41,0,17,6,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RPC/16][18 pkts/1833 bytes <-> 9 pkts/8086 bytes][Goodput ratio: 59/95][0.72 sec][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/20 47/76 240/282 63/93][Pkt Len c2s/s2c min/avg/max/stddev: 82/130 102/898 134/1118 15/411][PLAIN TEXT (root.cell)][Plen Bins: 0,25,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RPC/16][10 pkts/2085 bytes <-> 10 pkts/1057 bytes][Goodput ratio: 80/60][20.17 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 2520/4 19845/17 6549/5][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 208/106 510/198 183/34][PLAIN TEXT (UZ.SNS.IT)][Plen Bins: 10,30,40,0,5,0,0,0,0,0,0,0,5,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/s7comm-plus.pcap.out b/tests/cfgs/default/result/s7comm-plus.pcap.out index 2b4d73ecb..520e3da5e 100644 --- a/tests/cfgs/default/result/s7comm-plus.pcap.out +++ b/tests/cfgs/default/result/s7comm-plus.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) S7CommPlus 79 10271 1 +Acceptable 79 10271 1 + 1 TCP 192.168.25.177:53162 <-> 192.168.25.131:102 [proto: 361/S7CommPlus][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: IoT-Scada/31][54 pkts/6194 bytes <-> 25 pkts/4077 bytes][Goodput ratio: 53/65][7.11 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/276 995/964 315/396][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/163 395/351 76/132][PLAIN TEXT (SIMATIC)][Plen Bins: 42,6,28,3,1,0,3,0,0,12,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/s7comm.pcap.out b/tests/cfgs/default/result/s7comm.pcap.out index 499c65979..a7924aef1 100644 --- a/tests/cfgs/default/result/s7comm.pcap.out +++ b/tests/cfgs/default/result/s7comm.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) S7Comm 55 5260 1 +Acceptable 55 5260 1 + 1 TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: IoT-Scada/31][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/safari.pcap.out b/tests/cfgs/default/result/safari.pcap.out index 5135a5ad3..f1f12a2fb 100644 --- a/tests/cfgs/default/result/safari.pcap.out +++ b/tests/cfgs/default/result/safari.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 168 83390 7 +Safe 168 83390 7 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/salesforce.pcap.out b/tests/cfgs/default/result/salesforce.pcap.out index 7e2c3a00b..798697173 100644 --- a/tests/cfgs/default/result/salesforce.pcap.out +++ b/tests/cfgs/default/result/salesforce.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Salesforce 15 5205 1 +Safe 15 5205 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 1 diff --git a/tests/cfgs/default/result/sccp_hw_conf_register.pcapng.out b/tests/cfgs/default/result/sccp_hw_conf_register.pcapng.out index 08a54376c..83023d1eb 100644 --- a/tests/cfgs/default/result/sccp_hw_conf_register.pcapng.out +++ b/tests/cfgs/default/result/sccp_hw_conf_register.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) CiscoSkinny 17 1522 1 +Acceptable 17 1522 1 + 1 TCP 10.180.110.58:46461 <-> 10.180.110.48:2000 [proto: 164/CiscoSkinny][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: VoIP/10][8 pkts/932 bytes <-> 9 pkts/590 bytes][Goodput ratio: 53/17][0.24 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 40/29 202/199 74/70][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 116/66 370/86 105/13][PLAIN TEXT (NONSECURE)][Plen Bins: 63,12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/sctp.cap.out b/tests/cfgs/default/result/sctp.cap.out index 50b58d8de..b71fbb094 100644 --- a/tests/cfgs/default/result/sctp.cap.out +++ b/tests/cfgs/default/result/sctp.cap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) SCTP 4 340 2 +Acceptable 4 340 2 + 1 SCTP 10.28.6.43:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/138 bytes <-> 1 pkts/62 bytes][Goodput ratio: 0/0][< 1 sec][PLAIN TEXT (MEGACO/2 )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 SCTP 10.28.6.42:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes <-> 1 pkts/70 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/selfsigned.pcap.out b/tests/cfgs/default/result/selfsigned.pcap.out index 380ad5187..cbc3d421e 100644 --- a/tests/cfgs/default/result/selfsigned.pcap.out +++ b/tests/cfgs/default/result/selfsigned.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 20 3766 1 +Safe 20 3766 1 + JA3 Host Stats: IP Address # JA3C 1 127.0.0.1 1 diff --git a/tests/cfgs/default/result/sflow.pcap.out b/tests/cfgs/default/result/sflow.pcap.out index bf5cce2cd..2345ba47a 100644 --- a/tests/cfgs/default/result/sflow.pcap.out +++ b/tests/cfgs/default/result/sflow.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) sFlow 9 1702 1 +Acceptable 9 1702 1 + 1 UDP 172.21.35.17:1027 -> 172.21.35.199:6343 [proto: 129/sFlow][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][9 pkts/1702 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][109.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6002/0 13626/0 19002/0 4554/0][Pkt Len c2s/s2c min/avg/max/stddev: 186/0 189/0 214/0 9/0][PLAIN TEXT (abcdefghijklmnopq)][Plen Bins: 0,0,0,0,88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/shadowsocks.pcap.out b/tests/cfgs/default/result/shadowsocks.pcap.out index 844c7d0eb..664880c6c 100644 --- a/tests/cfgs/default/result/shadowsocks.pcap.out +++ b/tests/cfgs/default/result/shadowsocks.pcap.out @@ -25,6 +25,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 15 68444 1 SOCKS 29 69355 1 +Acceptable 29 69355 1 +Unrated 15 68444 1 + 1 TCP 127.0.0.1:37904 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/1160 bytes <-> 13 pkts/68195 bytes][Goodput ratio: 8/99][1.49 sec][bytes ratio: -0.967 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 114/160 659/660 191/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/5246 148/16450 20/7185][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 33,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41] diff --git a/tests/cfgs/default/result/signal.pcap.out b/tests/cfgs/default/result/signal.pcap.out index 8cf89fbb6..c5364ca49 100644 --- a/tests/cfgs/default/result/signal.pcap.out +++ b/tests/cfgs/default/result/signal.pcap.out @@ -30,6 +30,10 @@ ICMP 1 70 1 TLS 28 2022 3 AppleiTunes 90 29795 2 +Safe 28 2022 3 +Acceptable 7 1624 3 +Fun 602 312122 13 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.17 3 diff --git a/tests/cfgs/default/result/simple-dnscrypt.pcap.out b/tests/cfgs/default/result/simple-dnscrypt.pcap.out index 94aa8066e..63522ed11 100644 --- a/tests/cfgs/default/result/simple-dnscrypt.pcap.out +++ b/tests/cfgs/default/result/simple-dnscrypt.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNScrypt 111 44676 4 +Acceptable 111 44676 4 + JA3 Host Stats: IP Address # JA3C 1 192.168.43.167 2 diff --git a/tests/cfgs/default/result/sip.pcap.out b/tests/cfgs/default/result/sip.pcap.out index 57c833bd5..6cb64493e 100644 --- a/tests/cfgs/default/result/sip.pcap.out +++ b/tests/cfgs/default/result/sip.pcap.out @@ -25,6 +25,8 @@ RTP 9 1926 1 SIP 102 47087 2 RTCP 1 146 1 +Acceptable 112 49159 4 + 1 UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][53 pkts/21940 bytes <-> 31 pkts/15635 bytes][Goodput ratio: 90/92][1521.57 sec][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 158/13 25541/22026 150200/89874 25265/23489][Pkt Len c2s/s2c min/avg/max/stddev: 47/342 414/504 1118/711 343/85][PLAIN TEXT (REGISTER sip)][Plen Bins: 26,0,0,0,0,0,0,0,0,4,8,0,2,4,13,17,0,0,3,0,1,10,0,0,0,5,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][15 pkts/7568 bytes <-> 3 pkts/1944 bytes][Goodput ratio: 92/93][67.09 sec][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 507/34556 4746/34556 32608/34556 8188/0][Pkt Len c2s/s2c min/avg/max/stddev: 389/637 505/648 864/656 180/8][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,5,62,0,0,0,0,0,0,5,11,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 20/0 69/0 23/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (VRUDKBuYs)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/sip_hello.pcapng.out b/tests/cfgs/default/result/sip_hello.pcapng.out index 6d15cec05..2c8911a3f 100644 --- a/tests/cfgs/default/result/sip_hello.pcapng.out +++ b/tests/cfgs/default/result/sip_hello.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SIP 30 5592 1 +Acceptable 30 5592 1 + 1 UDP 10.239.156.235:5060 <-> 172.29.38.91:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: VoIP/10][15 pkts/2691 bytes <-> 15 pkts/2901 bytes][Goodput ratio: 73/75][491.56 sec][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 67/59 36861/36861 49155/49155 16718/16727][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 179/193 555/661 205/233][PLAIN TEXT (oREGISTER sip)][Plen Bins: 74,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/sites.pcapng.out b/tests/cfgs/default/result/sites.pcapng.out index 20ce3e4f5..a0114b7ce 100644 --- a/tests/cfgs/default/result/sites.pcapng.out +++ b/tests/cfgs/default/result/sites.pcapng.out @@ -66,6 +66,11 @@ Badoo 4 2145 1 AccuWeather 30 8562 1 GoogleClassroom 1 1292 1 +Safe 86 43868 8 +Acceptable 113 55431 17 +Fun 317 169650 21 +Potentially Dangerous 4 2225 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 5 diff --git a/tests/cfgs/default/result/skinny.pcap.out b/tests/cfgs/default/result/skinny.pcap.out index 1b68b2a05..95f2bff63 100644 --- a/tests/cfgs/default/result/skinny.pcap.out +++ b/tests/cfgs/default/result/skinny.pcap.out @@ -27,6 +27,8 @@ ICMP 2 140 1 RTP 2871 614394 5 CiscoSkinny 94 10114 3 +Acceptable 2967 624648 9 + 1 UDP 192.168.195.58:32144 <-> 192.168.195.50:17718 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][730 pkts/156220 bytes <-> 712 pkts/152368 bytes][Goodput ratio: 80/80][7.28 sec][bytes ratio: 0.012 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 20/20 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 214/214 214/214 214/214 0/0][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.195.58:32150 -> 192.168.193.24:9395 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][365 pkts/78110 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][7.28 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.195.58:32152 -> 192.168.193.24:9396 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][356 pkts/76184 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][7.10 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (wskptvv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/skype-conference-call.pcap.out b/tests/cfgs/default/result/skype-conference-call.pcap.out index 24c53c681..4947b08bd 100644 --- a/tests/cfgs/default/result/skype-conference-call.pcap.out +++ b/tests/cfgs/default/result/skype-conference-call.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Skype_TeamsCall 200 39687 1 +Acceptable 200 39687 1 + 1 UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][133 pkts/24845 bytes <-> 67 pkts/14842 bytes][Goodput ratio: 78/81][1.50 sec][bytes ratio: 0.252 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/8 147/120 22/27][Pkt Len c2s/s2c min/avg/max/stddev: 74/77 187/222 957/957 244/233][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,41,17,28,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/skype.pcap.out b/tests/cfgs/default/result/skype.pcap.out index c7d6c5860..256624b52 100644 --- a/tests/cfgs/default/result/skype.pcap.out +++ b/tests/cfgs/default/result/skype.pcap.out @@ -43,6 +43,11 @@ Spotify 5 430 1 Microsoft 14 1302 2 NAT-PMP 8 432 2 +Safe 488 54927 35 +Acceptable 1009 307083 198 +Fun 5 430 1 +Unrated 1567 272044 59 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.34 3 diff --git a/tests/cfgs/default/result/skype_no_unknown.pcap.out b/tests/cfgs/default/result/skype_no_unknown.pcap.out index 6884b86a0..1fcb62032 100644 --- a/tests/cfgs/default/result/skype_no_unknown.pcap.out +++ b/tests/cfgs/default/result/skype_no_unknown.pcap.out @@ -41,6 +41,11 @@ Dropbox 8 4352 4 Skype_Teams 518 198936 25 NAT-PMP 4 216 1 +Safe 474 102723 29 +Acceptable 754 231749 191 +Dangerous 5 1100 3 +Unrated 846 152252 44 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.34 3 diff --git a/tests/cfgs/default/result/skype_udp.pcap.out b/tests/cfgs/default/result/skype_udp.pcap.out index 3f2211ea7..9f88b8de0 100644 --- a/tests/cfgs/default/result/skype_udp.pcap.out +++ b/tests/cfgs/default/result/skype_udp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Skype_TeamsCall 5 339 1 +Acceptable 5 339 1 + 1 UDP 192.168.1.2:35990 <-> 24.224.190.149:39262 [proto: 125.38/Skype_Teams.Skype_TeamsCall][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: VoIP/10][4 pkts/279 bytes <-> 1 pkts/60 bytes][Goodput ratio: 40/30][72.51 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smb_deletefile.pcap.out b/tests/cfgs/default/result/smb_deletefile.pcap.out index 94fbd7177..3a98de574 100644 --- a/tests/cfgs/default/result/smb_deletefile.pcap.out +++ b/tests/cfgs/default/result/smb_deletefile.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMBv23 101 30748 1 +Acceptable 101 30748 1 + 1 TCP 192.168.1.118:56848 <-> 192.168.1.187:445 [proto: 10.41/NetBIOS.SMBv23][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][62 pkts/14382 bytes <-> 39 pkts/16366 bytes][Goodput ratio: 77/87][2.38 sec][bytes ratio: -0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/80 2157/2158 299/394][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 232/420 530/1514 194/299][Plen Bins: 0,0,4,7,1,0,1,1,0,1,7,9,20,21,6,13,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0] diff --git a/tests/cfgs/default/result/smb_frags.pcap.out b/tests/cfgs/default/result/smb_frags.pcap.out index f8472bd0b..f54b7a6a8 100644 --- a/tests/cfgs/default/result/smb_frags.pcap.out +++ b/tests/cfgs/default/result/smb_frags.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMBv1 8 2763 1 +Dangerous 8 2763 1 + 1 TCP 10.202.211.125:54120 <-> 10.202.7.8:445 [VLAN: 1608][proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: System/18][5 pkts/2009 bytes <-> 3 pkts/754 bytes][Goodput ratio: 82/71][0.58 sec][bytes ratio: 0.454 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/94 144/238 387/383 145/144][Pkt Len c2s/s2c min/avg/max/stddev: 70/78 402/251 1438/397 525/132][Risk: ** Known Proto on Non Std Port **** SMB Insecure Vers **** Unsafe Protocol **][Risk Score: 160][Risk Info: Found SMBv1 / Expected on port 139][PLAIN TEXT (defined.12)][Plen Bins: 0,20,0,0,0,0,20,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smbv1.pcap.out b/tests/cfgs/default/result/smbv1.pcap.out index dd7e98c73..48430b9b5 100644 --- a/tests/cfgs/default/result/smbv1.pcap.out +++ b/tests/cfgs/default/result/smbv1.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMBv1 7 1197 1 +Dangerous 7 1197 1 + 1 TCP 172.16.156.130:50927 <-> 10.128.0.243:445 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: System/18][4 pkts/669 bytes <-> 3 pkts/528 bytes][Goodput ratio: 68/69][0.10 sec][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 27/34 32/35 37/36 4/1][Pkt Len c2s/s2c min/avg/max/stddev: 136/114 167/176 194/243 26/53][Risk: ** Known Proto on Non Std Port **** SMB Insecure Vers **** Unsafe Protocol **][Risk Score: 160][Risk Info: Found SMBv1 / Expected on port 139][PLAIN TEXT (PC NETWORK PROGRAM 1.0)][Plen Bins: 0,14,28,14,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smpp_in_general.pcap.out b/tests/cfgs/default/result/smpp_in_general.pcap.out index 0ea8a1dff..6e241c94a 100644 --- a/tests/cfgs/default/result/smpp_in_general.pcap.out +++ b/tests/cfgs/default/result/smpp_in_general.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMPP 17 1144 1 +Acceptable 17 1144 1 + 1 TCP 10.226.202.118:1770 <-> 10.226.202.53:9000 [proto: 207/SMPP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][10 pkts/670 bytes <-> 7 pkts/474 bytes][Goodput ratio: 18/16][30.95 sec][bytes ratio: 0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3848/7230 28802/28906 9451/12515][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 67/68 104/79 17/7][PLAIN TEXT (password)][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smtp-starttls.pcap.out b/tests/cfgs/default/result/smtp-starttls.pcap.out index f513887e9..2f3ae7787 100644 --- a/tests/cfgs/default/result/smtp-starttls.pcap.out +++ b/tests/cfgs/default/result/smtp-starttls.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 2/0 (search/found) SMTPS 33 6429 1 Google 36 8403 1 +Safe 33 6429 1 +Acceptable 36 8403 1 + JA3 Host Stats: IP Address # JA3C 1 10.0.0.1 1 diff --git a/tests/cfgs/default/result/smtp.pcap.out b/tests/cfgs/default/result/smtp.pcap.out index f131f9fc9..31567fa32 100644 --- a/tests/cfgs/default/result/smtp.pcap.out +++ b/tests/cfgs/default/result/smtp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMTP 95 23157 1 +Acceptable 95 23157 1 + 1 TCP 194.7.248.153:2127 <-> 172.16.114.207:25 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Email/3][51 pkts/19311 bytes <-> 44 pkts/3846 bytes][Goodput ratio: 86/37][0.23 sec][Hostname/SNI: pigeon.eyrie.af.mil][bytes ratio: 0.668 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 5/6 67/68 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 379/87 1514/138 562/15][PLAIN TEXT (220 pigeon.eyrie.af.mil ESMTP S)][Plen Bins: 8,78,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,10,0,0] diff --git a/tests/cfgs/default/result/smtps.pcapng.out b/tests/cfgs/default/result/smtps.pcapng.out index da23a80b6..26adaaa4b 100644 --- a/tests/cfgs/default/result/smtps.pcapng.out +++ b/tests/cfgs/default/result/smtps.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SMTPS 4 936 1 +Safe 4 936 1 + JA3 Host Stats: IP Address # JA3C 1 62.43.36.99 1 diff --git a/tests/cfgs/default/result/snapchat.pcap.out b/tests/cfgs/default/result/snapchat.pcap.out index 77f064d79..bccec9a8f 100644 --- a/tests/cfgs/default/result/snapchat.pcap.out +++ b/tests/cfgs/default/result/snapchat.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 22 2879 1 Snapchat 34 7320 2 +Safe 22 2879 1 +Fun 34 7320 2 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 2 diff --git a/tests/cfgs/default/result/snapchat_call.pcapng.out b/tests/cfgs/default/result/snapchat_call.pcapng.out index 42d41a50e..14c5d8a59 100644 --- a/tests/cfgs/default/result/snapchat_call.pcapng.out +++ b/tests/cfgs/default/result/snapchat_call.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SnapchatCall 50 12772 1 +Acceptable 50 12772 1 + 1 UDP 192.168.12.169:42083 <-> 18.184.138.142:443 [proto: 188.255/QUIC.SnapchatCall][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 20][cat: VoIP/10][25 pkts/5295 bytes <-> 25 pkts/7477 bytes][Goodput ratio: 80/86][8.29 sec][bytes ratio: -0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/246 1313/1315 376/342][Pkt Len c2s/s2c min/avg/max/stddev: 65/62 212/299 1392/1392 365/419][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][QUIC ver: Q046][PLAIN TEXT (AESGCC20)][Plen Bins: 28,44,0,2,2,0,0,2,4,4,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] diff --git a/tests/cfgs/default/result/snapchat_call_v1.pcapng.out b/tests/cfgs/default/result/snapchat_call_v1.pcapng.out index b9bed5cc9..f5d749917 100644 --- a/tests/cfgs/default/result/snapchat_call_v1.pcapng.out +++ b/tests/cfgs/default/result/snapchat_call_v1.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SnapchatCall 477 365314 1 +Acceptable 477 365314 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.12.169 1 diff --git a/tests/cfgs/default/result/snmp.pcap.out b/tests/cfgs/default/result/snmp.pcap.out index 4b3e5c7de..ff99d904e 100644 --- a/tests/cfgs/default/result/snmp.pcap.out +++ b/tests/cfgs/default/result/snmp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SNMP 72 14435 17 +Acceptable 72 14435 17 + 1 UDP 10.99.8.88:43242 <-> 10.100.253.146:161 [VLAN: 1308][proto: 14/SNMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][3 pkts/2367 bytes <-> 3 pkts/1502 bytes][Goodput ratio: 94/91][0.11 sec][bytes ratio: 0.224 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/18 44/20 67/21 23/2][Pkt Len c2s/s2c min/avg/max/stddev: 611/75 789/501 1143/717 250/301][Risk: ** Error Code **][Risk Score: 10][Risk Info: SNMP Error 1][PLAIN TEXT (public)][Plen Bins: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 131.179.49.165:35970 <-> 254.158.1.169:161 [proto: 14/SNMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/462 bytes <-> 3 pkts/534 bytes][Goodput ratio: 73/76][0.43 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 143/142 144/144 145/146 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 106/147 154/178 178/198 34/22][Plen Bins: 0,0,16,16,67,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 131.179.49.165:60694 <-> 254.158.1.169:161 [proto: 14/SNMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/462 bytes <-> 3 pkts/527 bytes][Goodput ratio: 73/76][0.43 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 117/150 134/154 150/158 16/4][Pkt Len c2s/s2c min/avg/max/stddev: 106/147 154/176 178/191 34/20][Plen Bins: 0,0,16,16,67,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/soap.pcap.out b/tests/cfgs/default/result/soap.pcap.out index 229765f01..9e4374981 100644 --- a/tests/cfgs/default/result/soap.pcap.out +++ b/tests/cfgs/default/result/soap.pcap.out @@ -27,6 +27,8 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 14 5498 1 SOAP 6 5450 2 +Acceptable 20 10948 3 + 1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 14][cat: Web/5][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] 2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 253/SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: RPC/16][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.253/HTTP.SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/default/result/socks.pcap.out b/tests/cfgs/default/result/socks.pcap.out index 5a0d5c97f..c47ca209f 100644 --- a/tests/cfgs/default/result/socks.pcap.out +++ b/tests/cfgs/default/result/socks.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SOCKS 60 10559 4 +Acceptable 60 10559 4 + 1 TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] 2 TCP 10.180.156.185:53534 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/711 bytes <-> 7 pkts/2069 bytes][Goodput ratio: 24/77][0.05 sec][bytes ratio: -0.488 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/12 47/46 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/296 212/1514 47/500][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 3 TCP 10.180.156.185:53533 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/695 bytes <-> 6 pkts/2003 bytes][Goodput ratio: 22/80][0.01 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 3/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/334 212/1514 48/530][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] diff --git a/tests/cfgs/default/result/softether.pcap.out b/tests/cfgs/default/result/softether.pcap.out index a6f980bcf..b9d354b39 100644 --- a/tests/cfgs/default/result/softether.pcap.out +++ b/tests/cfgs/default/result/softether.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Softether 177 21287 4 +Acceptable 177 21287 4 + 1 UDP 192.168.2.100:51381 <-> 130.158.6.113:5004 [proto: 290/Softether][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: VPN/2][60 pkts/6549 bytes <-> 53 pkts/6612 bytes][Goodput ratio: 62/66][15284492.00 sec][Client IP: 90.186.132.133][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 96258056/107928440 3621430369/3621456266 526500672/568478016][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 109/125 522/370 160/114][PLAIN TEXT (90.186.132.133)][Plen Bins: 84,0,0,1,0,0,0,0,1,0,7,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:51381 <-> 130.158.6.105:5004 [proto: 290/Softether][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: VPN/2][16 pkts/2201 bytes <-> 14 pkts/2116 bytes][Goodput ratio: 69/72][238448.62 sec][Client IP: 84.59.132.100][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: 0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18338798/21672040 238159482/238187129 63456764/68468080][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 138/151 522/368 183/130][PLAIN TEXT (opcode)][Plen Bins: 74,0,0,3,0,0,0,0,3,0,10,0,0,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:51381 <-> 130.158.6.112:5004 [proto: 290/Softether][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 17][cat: VPN/2][16 pkts/1167 bytes <-> 14 pkts/1250 bytes][Goodput ratio: 42/53][117087.70 sec][Client IP: 2.207.60.163][Client Port: 51381][bytes ratio: -0.034 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5948/21107 9003169/10639145 116754845/116778948 31105232/33564352][Pkt Len c2s/s2c min/avg/max/stddev: 43/68 73/89 522/366 116/77][PLAIN TEXT (2.207.60.163)][Plen Bins: 93,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/someip-tp.pcap.out b/tests/cfgs/default/result/someip-tp.pcap.out index 85ed1d739..d041b79a7 100644 --- a/tests/cfgs/default/result/someip-tp.pcap.out +++ b/tests/cfgs/default/result/someip-tp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SOMEIP 9 12850 1 +Acceptable 9 12850 1 + 1 UDP 10.0.1.207:56772 -> 10.0.1.1:18193 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][9 pkts/12850 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.10 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 12/0 20/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 1218/0 1428/0 1454/0 74/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (./0123456789)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,88,0,0,0] diff --git a/tests/cfgs/default/result/someip-udp-method-call.pcapng.out b/tests/cfgs/default/result/someip-udp-method-call.pcapng.out index 1cf57bbda..922337119 100644 --- a/tests/cfgs/default/result/someip-udp-method-call.pcapng.out +++ b/tests/cfgs/default/result/someip-udp-method-call.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) SOMEIP 3 504 2 +Acceptable 3 504 2 + 1 UDP 192.168.0.1:49190 -> 224.0.0.1:49190 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.0.125:49191 <-> 192.168.0.1:49201 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/67 bytes <-> 1 pkts/67 bytes][Goodput ratio: 37/37][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/someip_sd_sample.pcap.out b/tests/cfgs/default/result/someip_sd_sample.pcap.out index e3c08e327..25295b159 100644 --- a/tests/cfgs/default/result/someip_sd_sample.pcap.out +++ b/tests/cfgs/default/result/someip_sd_sample.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) SOMEIP 6 660 2 +Acceptable 6 660 2 + 1 UDP 192.168.88.77:30490 <-> 192.168.88.73:30490 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/228 bytes <-> 2 pkts/204 bytes][Goodput ratio: 49/43][0.80 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.88.73:30490 -> 235.2.3.5:30490 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/228 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][0.80 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/source_engine.pcap.out b/tests/cfgs/default/result/source_engine.pcap.out index 6b2c75391..768543e09 100644 --- a/tests/cfgs/default/result/source_engine.pcap.out +++ b/tests/cfgs/default/result/source_engine.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Source_Engine 17 1139 17 +Fun 17 1139 17 + 1 UDP 118.149.186.147:21285 -> 206.125.246.214:27015 [proto: 333/Source_Engine][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 140.151.209.84:8335 -> 206.125.246.214:27015 [proto: 333/Source_Engine][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 151.182.246.17:17890 -> 206.125.246.221:27015 [proto: 333/Source_Engine][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/spotify_tcp.pcap.out b/tests/cfgs/default/result/spotify_tcp.pcap.out index 6d8bbd1c4..623cb2061 100644 --- a/tests/cfgs/default/result/spotify_tcp.pcap.out +++ b/tests/cfgs/default/result/spotify_tcp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Spotify 10 3370 1 +Fun 10 3370 1 + 1 TCP 10.0.2.15:48628 <-> 35.190.243.72:4070 [proto: 156/Spotify][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Music/25][5 pkts/1094 bytes <-> 5 pkts/2276 bytes][Goodput ratio: 72/88][0.19 sec][bytes ratio: -0.351 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/33 30/42 63/71 23/28][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 219/455 517/1514 194/569][Plen Bins: 0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] diff --git a/tests/cfgs/default/result/sql_injection.pcap.out b/tests/cfgs/default/result/sql_injection.pcap.out index 5355d5d54..033d6ccf4 100644 --- a/tests/cfgs/default/result/sql_injection.pcap.out +++ b/tests/cfgs/default/result/sql_injection.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 5 2748 1 +Acceptable 5 2748 1 + 1 TCP 192.168.3.109:53528 <-> 192.168.3.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/823 bytes <-> 3 pkts/1925 bytes][Goodput ratio: 84/90][0.00 sec][Hostname/SNI: 192.168.3.107][URL: 192.168.3.107/DVWA-master/vulnerabilities/sqli/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 160][Risk Info: Found host 192.168.3.107][PLAIN TEXT (GET /DV)][Plen Bins: 0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] diff --git a/tests/cfgs/default/result/srvloc-v1.pcapng.out b/tests/cfgs/default/result/srvloc-v1.pcapng.out index 32dc901aa..1485af09e 100644 --- a/tests/cfgs/default/result/srvloc-v1.pcapng.out +++ b/tests/cfgs/default/result/srvloc-v1.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) Service_Location_Protocol 2 490 2 +Acceptable 2 490 2 + 1 UDP 23.220.116.175:427 -> 192.168.199.71:57782 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/404 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (Stella4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 250.83.105.78:51708 -> 172.30.246.115:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (service)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/srvloc.pcap.out b/tests/cfgs/default/result/srvloc.pcap.out index a5b1a0875..c9e6ccb9a 100644 --- a/tests/cfgs/default/result/srvloc.pcap.out +++ b/tests/cfgs/default/result/srvloc.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Service_Location_Protocol 629 57125 620 +Acceptable 629 57125 620 + 1 UDP 45.124.147.156:50663 -> 165.114.202.61:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][URL(s): slpTest://test:31337/][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (slpTest)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 20.133.112.32:11510 -> 165.114.202.61:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/192 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (service)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 42.224.153.12:15346 -> 90.147.171.51:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/192 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (service)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ssdp-m-search-ua.pcap.out b/tests/cfgs/default/result/ssdp-m-search-ua.pcap.out index 1a362bc53..cf616da1d 100644 --- a/tests/cfgs/default/result/ssdp-m-search-ua.pcap.out +++ b/tests/cfgs/default/result/ssdp-m-search-ua.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SSDP 4 864 1 +Acceptable 4 864 1 + 1 UDP 192.168.242.50:56446 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][Hostname/SNI: 239.255.255.250:1900][User-Agent: Google Chrome/99.0.4844.74 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ssdp-m-search.pcap.out b/tests/cfgs/default/result/ssdp-m-search.pcap.out index 1394f0c56..7d11cbea7 100644 --- a/tests/cfgs/default/result/ssdp-m-search.pcap.out +++ b/tests/cfgs/default/result/ssdp-m-search.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SSDP 19 1197 1 +Acceptable 19 1197 1 + 1 UDP 192.168.242.8:42253 -> 192.168.242.255:32412 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][19 pkts/1197 bytes -> 0 pkts/0 bytes][Goodput ratio: 33/0][90.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4999/0 4999/0 5000/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 63/0 63/0 63/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ssh.pcap.out b/tests/cfgs/default/result/ssh.pcap.out index 7491b762d..c5295e4f2 100644 --- a/tests/cfgs/default/result/ssh.pcap.out +++ b/tests/cfgs/default/result/ssh.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SSH 258 35546 1 +Acceptable 258 35546 1 + 1 TCP 172.16.238.1:58395 <-> 172.16.238.168:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 10][cat: RemoteAccess/12][159 pkts/15615 bytes <-> 99 pkts/19931 bytes][Goodput ratio: 33/67][248.48 sec][Hostname/SNI: SSH-2.0-OpenSSH_5.3][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1846/2934 166223/166224 14794/19692][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/201 970/1346 83/283][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **][Risk Score: 150][Risk Info: Found cipher arcfour128 / Found cipher arcfour128][HASSH-C: 21B457A327CE7A2D4FCE5EF2C42400BD][Server: SSH-2.0-OpenSSH_5.6][HASSH-S: B1C6C0D56317555B85C7005A3DE29325][Plen Bins: 2,76,12,2,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out b/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out index 905129f32..c8d2ef48c 100644 --- a/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out +++ b/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 21 5412 1 +Safe 21 5412 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.222 1 diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index ce11d204b..0afe3df3f 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -37,6 +37,10 @@ Google 11 1420 2 QUIC 6 475 1 Starcraft 236 51494 6 +Safe 46 3071 14 +Acceptable 506 304727 31 +Fun 245 52374 7 + 1 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Goodput ratio: 4/96][3.22 sec][Hostname/SNI: llnw.blizzard.com][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/3 2914/58 341/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 56/1451 241/1514 20/291][URL: llnw.blizzard.com/sc2-pod-retail/AF11CD00/EU/24621.direct/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil][StatusCode: 200][Content-Type: application/octet-stream][Server: Apache][User-Agent: Blizzard Web Client][Risk: ** Binary App Transfer **** Susp DGA Domain name **][Risk Score: 250][Risk Info: llnw.blizzard.com / Found mime exe octet-stream][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] 2 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][126 pkts/9157 bytes <-> 89 pkts/41021 bytes][Goodput ratio: 26/88][3.83 sec][bytes ratio: -0.635 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/37 1016/1086 104/133][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/461 249/1514 28/593][PLAIN TEXT (matteobracci1@gmail.com)][Plen Bins: 76,2,2,2,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,13,0,0] 3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Goodput ratio: 15/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.948 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/3 33/34 13/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/1402 203/1514 37/387][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/gc/GCF1DHMH8FDY1434670037434.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] diff --git a/tests/cfgs/default/result/steam.pcap.out b/tests/cfgs/default/result/steam.pcap.out index 6c812c651..e604b78f9 100644 --- a/tests/cfgs/default/result/steam.pcap.out +++ b/tests/cfgs/default/result/steam.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Steam 107 9232 58 +Fun 107 9232 58 + 1 UDP 192.168.188.149:45665 <-> 72.165.61.188:27018 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][5 pkts/846 bytes <-> 6 pkts/608 bytes][Goodput ratio: 75/58][0.69 sec][bytes ratio: 0.164 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/0 149/124 298/289 107/116][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 169/101 366/158 117/28][PLAIN TEXT (H@VS01)][Plen Bins: 0,63,9,9,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.188.149:45665 <-> 68.142.91.34:27017 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.09 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.188.149:45665 <-> 68.142.91.35:27017 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.10 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/steam_datagram_relay_ping.pcapng.out b/tests/cfgs/default/result/steam_datagram_relay_ping.pcapng.out index c73d76cb0..451884cc0 100644 --- a/tests/cfgs/default/result/steam_datagram_relay_ping.pcapng.out +++ b/tests/cfgs/default/result/steam_datagram_relay_ping.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Steam 2 2684 1 +Fun 2 2684 1 + 1 UDP 192.168.2.100:52157 -> 139.45.193.10:27018 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][2 pkts/2684 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.52 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (sdping)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out index 346e34534..04aa0b914 100644 --- a/tests/cfgs/default/result/stun.pcap.out +++ b/tests/cfgs/default/result/stun.pcap.out @@ -30,6 +30,9 @@ ICMP 1 122 1 GoogleMeet 41 7228 2 FacebookVoip 75 10554 1 +Safe 4 766 1 +Acceptable 194 27648 7 + JA3 Host Stats: IP Address # JA3C 1 192.168.43.169 1 diff --git a/tests/cfgs/default/result/stun_classic.pcap.out b/tests/cfgs/default/result/stun_classic.pcap.out index f9d87ca65..904c92789 100644 --- a/tests/cfgs/default/result/stun_classic.pcap.out +++ b/tests/cfgs/default/result/stun_classic.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTP 22 1624 1 +Acceptable 22 1624 1 + 1 UDP 172.16.63.224:55050 <-> 172.16.63.21:13958 [proto: 78.87/STUN.RTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][9 pkts/662 bytes <-> 13 pkts/962 bytes][Goodput ratio: 43/43][0.23 sec][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 32/17 101/42 32/11][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 74/74 74/74 1/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 4,95,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out b/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out index 7046bf501..8934a1956 100644 --- a/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out +++ b/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleMeet 39 8413 1 +Acceptable 39 8413 1 + 1 UDP 192.168.12.156:37967 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][25 pkts/4202 bytes <-> 14 pkts/4211 bytes][Goodput ratio: 75/86][0.88 sec][bytes ratio: -0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/35 203/107 47/36][Pkt Len c2s/s2c min/avg/max/stddev: 103/82 168/301 587/1245 125/320][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (ShSURJhNF)][Plen Bins: 0,5,47,30,2,0,0,0,0,0,0,0,0,2,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out b/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out index cba5624e2..1506ee9e3 100644 --- a/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out +++ b/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) STUN 43 10358 2 +Acceptable 43 10358 2 + 1 UDP 10.1.0.3:5853 -> 10.10.0.1:2808 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][18 pkts/5384 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][7.17 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 386/0 4001/0 979/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/0 299/0 750/0 221/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (Coturn)][Plen Bins: 0,5,5,5,34,22,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.10.0.1:65226 -> 10.1.0.3:57730 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][25 pkts/4974 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][7.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/0 4001/0 904/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 199/0 478/0 92/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (username1)][Plen Bins: 0,8,16,16,32,0,4,8,0,12,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out b/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out index 53e6c5010..279f4d525 100644 --- a/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out +++ b/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 6 1708 1 +Safe 6 1708 1 + JA3 Host Stats: IP Address # JA3C 1 26.83.9.81 1 diff --git a/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out b/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out index ec0744e3d..c783d4a2f 100644 --- a/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out +++ b/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 6 1563 1 +Safe 6 1563 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/stun_google_meet.pcapng.out b/tests/cfgs/default/result/stun_google_meet.pcapng.out index b5887a354..c572c1b1b 100644 --- a/tests/cfgs/default/result/stun_google_meet.pcapng.out +++ b/tests/cfgs/default/result/stun_google_meet.pcapng.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 1/1 (search/found) GoogleMeet 362 74597 7 +Acceptable 362 74597 7 + 1 UDP [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572 <-> [2001:4860:4864:6::81]:19305 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][30 pkts/4693 bytes <-> 118 pkts/36197 bytes][Goodput ratio: 60/80][0.71 sec][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/2 152/74 32/9][Pkt Len c2s/s2c min/avg/max/stddev: 106/99 156/307 608/1265 88/113][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (igoKAAiKAiADEA)][Plen Bins: 0,6,16,5,2,0,0,0,68,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:38152 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][28 pkts/4034 bytes <-> 46 pkts/12188 bytes][Goodput ratio: 71/84][0.87 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/10 205/154 50/29][Pkt Len c2s/s2c min/avg/max/stddev: 87/79 144/265 587/1245 89/180][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (HrRgpad)][Plen Bins: 0,8,37,9,4,0,0,0,38,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:38152 <-> 142.250.82.76:3478 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][55 pkts/7402 bytes <-> 24 pkts/3525 bytes][Goodput ratio: 69/71][6.63 sec][bytes ratio: 0.355 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 109/184 402/761 143/224][Pkt Len c2s/s2c min/avg/max/stddev: 87/82 135/147 423/579 69/115][PLAIN TEXT (HrRgpad)][Plen Bins: 0,39,34,15,0,1,0,0,5,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out b/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out index 110239c4b..6ae9b65d5 100644 --- a/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out +++ b/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Skype_TeamsCall 12 5944 1 +Acceptable 12 5944 1 + 1 UDP 52.115.136.55:3479 -> 10.0.0.1:50006 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][12 pkts/5944 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][4.53 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 453/0 1210/0 379/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 495/0 1257/0 539/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,16,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_signal.pcapng.out b/tests/cfgs/default/result/stun_signal.pcapng.out index 0b9e2b5aa..1be1073a1 100644 --- a/tests/cfgs/default/result/stun_signal.pcapng.out +++ b/tests/cfgs/default/result/stun_signal.pcapng.out @@ -27,6 +27,8 @@ STUN 106 12322 1 ICMP 53 5186 2 SignalVoip 301 30988 20 +Acceptable 460 48496 23 + 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78/STUN][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 ICMP 35.158.183.167:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][30 pkts/2780 bytes <-> 4 pkts/552 bytes][Goodput ratio: 55/69][51.83 sec][bytes ratio: 0.669 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 906/1 7931/1 2120/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 0,88,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_tcp_multiple_msgs_same_pkt.pcap.out b/tests/cfgs/default/result/stun_tcp_multiple_msgs_same_pkt.pcap.out index 3e348be86..e45b4ced0 100644 --- a/tests/cfgs/default/result/stun_tcp_multiple_msgs_same_pkt.pcap.out +++ b/tests/cfgs/default/result/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) STUN 5 506 1 +Acceptable 5 506 1 + 1 TCP 166.172.142.131:3479 <-> 23.183.197.71:42849 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][1 pkts/74 bytes <-> 4 pkts/432 bytes][Goodput ratio: 0/39][10.93 sec][PLAIN TEXT (RXgFYlY)][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_wa_call.pcapng.out b/tests/cfgs/default/result/stun_wa_call.pcapng.out index 5adb04b15..a6e20c44b 100644 --- a/tests/cfgs/default/result/stun_wa_call.pcapng.out +++ b/tests/cfgs/default/result/stun_wa_call.pcapng.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) WhatsAppCall 590 133579 12 ICMP 1 110 1 +Acceptable 591 133689 13 + 1 UDP 192.168.12.156:46652 <-> 93.57.123.227:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][171 pkts/28371 bytes <-> 206 pkts/29803 bytes][Goodput ratio: 75/71][31.78 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 178/151 2505/2463 255/222][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 166/145 434/446 100/85][Plen Bins: 14,41,11,8,2,2,3,2,5,4,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:49526 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][48 pkts/12953 bytes <-> 73 pkts/40083 bytes][Goodput ratio: 84/92][14.68 sec][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 191/164 3009/3009 684/623][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 270/549 542/1155 203/421][PLAIN TEXT (dsUmpy)][Plen Bins: 8,18,19,1,0,0,0,0,3,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,2,4,2,1,2,3,4,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_zoom.pcapng.out b/tests/cfgs/default/result/stun_zoom.pcapng.out index 589f32cc0..7e944c0b2 100644 --- a/tests/cfgs/default/result/stun_zoom.pcapng.out +++ b/tests/cfgs/default/result/stun_zoom.pcapng.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) STUN 40 9877 1 Zoom 30 8381 1 +Acceptable 70 18258 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.43.169 1 diff --git a/tests/cfgs/default/result/syncthing.pcap.out b/tests/cfgs/default/result/syncthing.pcap.out index a7c5909e0..45fe810e7 100644 --- a/tests/cfgs/default/result/syncthing.pcap.out +++ b/tests/cfgs/default/result/syncthing.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 4/0 (search/found) Syncthing 34 15680 4 +Fun 34 15680 4 + 1 UDP [fe80::6238:e0ff:fec5:35a0]:47077 -> [ff12::8384]:21027 [proto: 313/Syncthing][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][15 pkts/7450 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][419.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 29994/0 30000/0 30004/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 267/0 497/0 530/0 85/0][PLAIN TEXT (//192.168.2.100)][Plen Bins: 0,0,0,0,0,0,6,6,0,0,0,0,0,0,87,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:54977 -> 192.168.2.255:21027 [proto: 313/Syncthing][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][15 pkts/7150 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 29994/0 30000/0 30005/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 247/0 477/0 510/0 85/0][PLAIN TEXT (//192.168.2.100)][Plen Bins: 0,0,0,0,0,0,6,6,0,0,0,0,0,0,87,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP [fe80::6238:e0ff:fec5:35a0]:42370 -> [ff12::8384]:21027 [proto: 313/Syncthing][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/560 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][29.99 sec][PLAIN TEXT (//192.168.2.100)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index bb27ebbd7..04a204276 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -84,6 +84,12 @@ NoMachine 2 116 2 Ceph 4 232 4 iSCSI 2 116 2 +Safe 14 812 14 +Acceptable 125 7276 112 +Fun 6 348 6 +Unsafe 8 464 8 +Unrated 1858 107772 1854 + 1 TCP 172.16.0.8:36050 <-> 64.13.134.52:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 5][cat: RemoteAccess/12][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.68 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Network/14][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][::][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.16.0.8:36050 <-> 64.13.134.52:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Web/5][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.27 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/syslog.pcap.out b/tests/cfgs/default/result/syslog.pcap.out index 54e46b775..bc347e1b8 100644 --- a/tests/cfgs/default/result/syslog.pcap.out +++ b/tests/cfgs/default/result/syslog.pcap.out @@ -26,6 +26,9 @@ Patricia protocols IPv6: 2/0 (search/found) Unknown 1 78 1 Syslog 93 20321 21 +Acceptable 93 20321 21 +Unrated 1 78 1 + 1 UDP [2001:470:6c:a1::2]:38159 -> [2001:470:765b::b15:22]:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/2994 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][12.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/0 2400/0 7985/0 3185/0][Pkt Len c2s/s2c min/avg/max/stddev: 480/0 499/0 537/0 27/0][PLAIN TEXT ( NetScreen device)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 172.20.51.54:514 -> 172.31.110.40:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][15 pkts/2925 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][22.45 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8/0 1495/0 5398/0 2274/0][Pkt Len c2s/s2c min/avg/max/stddev: 150/0 195/0 234/0 34/0][PLAIN TEXT (854 08/20/2013)][Plen Bins: 0,0,0,20,40,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 172.26.229.190:514 -> 172.23.80.196:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][20 pkts/2084 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][31.18 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 14/0 1731/0 15022/0 4686/0][Pkt Len c2s/s2c min/avg/max/stddev: 99/0 104/0 112/0 6/0][PLAIN TEXT ( Connection from UDP)][Plen Bins: 0,60,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tailscale.pcap.out b/tests/cfgs/default/result/tailscale.pcap.out index be94cf72e..205715183 100644 --- a/tests/cfgs/default/result/tailscale.pcap.out +++ b/tests/cfgs/default/result/tailscale.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Tailscale 107 16516 1 +Acceptable 107 16516 1 + 1 UDP 192.168.88.3:41641 <-> 18.196.71.179:41641 [proto: 24/Tailscale][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][51 pkts/7842 bytes <-> 56 pkts/8674 bytes][Goodput ratio: 73/73][31.88 sec][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/0 586/517 2000/1880 588/502][Pkt Len c2s/s2c min/avg/max/stddev: 134/134 154/155 170/170 15/16][Plen Bins: 0,0,29,27,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/targusdataspeed_false_positives.pcap.out b/tests/cfgs/default/result/targusdataspeed_false_positives.pcap.out index 6cf9c29a1..3ea17ef62 100644 --- a/tests/cfgs/default/result/targusdataspeed_false_positives.pcap.out +++ b/tests/cfgs/default/result/targusdataspeed_false_positives.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 4 939 2 +Acceptable 4 939 2 + 1 UDP 10.0.2.15:23994 <-> 89.64.45.227:5201 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/140 bytes <-> 1 pkts/345 bytes][Goodput ratio: 70/88][0.72 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (target20)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.0.2.15:23994 <-> 79.164.55.123:5001 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/140 bytes <-> 1 pkts/314 bytes][Goodput ratio: 70/86][0.07 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (target20)][Plen Bins: 0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tcp_scan.pcapng.out b/tests/cfgs/default/result/tcp_scan.pcapng.out index c043935a8..0c297dc97 100644 --- a/tests/cfgs/default/result/tcp_scan.pcapng.out +++ b/tests/cfgs/default/result/tcp_scan.pcapng.out @@ -30,6 +30,10 @@ SMBv23 2 138 1 RDP 2 118 1 TLS 4 272 1 +Safe 4 272 1 +Acceptable 8 528 3 +Unrated 6 342 3 + 1 TCP 192.168.1.178:56272 <-> 192.168.1.2:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 4][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.178:56273 <-> 192.168.1.2:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 4][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.178:56274 <-> 192.168.1.2:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/78 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index 4cae48b32..c1fb9b632 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -44,6 +44,11 @@ Microsoft365 136 52120 6 Teams 595 215358 26 Azure 2 294 1 +Safe 1065 521113 45 +Acceptable 428 155344 36 +Fun 1 82 1 +Unrated 4 456 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.6 6 diff --git a/tests/cfgs/default/result/teamspeak3.pcap.out b/tests/cfgs/default/result/teamspeak3.pcap.out index 44c83d80d..3268f4c6d 100644 --- a/tests/cfgs/default/result/teamspeak3.pcap.out +++ b/tests/cfgs/default/result/teamspeak3.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) TeamSpeak 589 33015 2 +Fun 589 33015 2 + 1 UDP 193.31.25.70:2011 <-> 51.68.181.92:2010 [proto: 162/TeamSpeak][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][288 pkts/14976 bytes <-> 288 pkts/16128 bytes][Goodput ratio: 19/12][85808.12 sec][bytes ratio: -0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 300028/300028 600231/600231 300023/300023][Pkt Len c2s/s2c min/avg/max/stddev: 46/56 52/56 58/56 6/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.0.0.1:53187 -> 10.0.0.2:9987 [proto: 162/TeamSpeak][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][13 pkts/1911 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][37.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 387/0 1301/0 449/0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 147/0 230/0 77/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,53,0,0,0,46,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teamviewer.pcap.out b/tests/cfgs/default/result/teamviewer.pcap.out index bc4fdfda0..6c5194cd7 100644 --- a/tests/cfgs/default/result/teamviewer.pcap.out +++ b/tests/cfgs/default/result/teamviewer.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) TeamViewer 352 172990 2 +Acceptable 352 172990 2 + 1 TCP 10.0.2.15:35732 <-> 162.250.2.170:5938 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][129 pkts/67997 bytes <-> 160 pkts/73349 bytes][Goodput ratio: 89/88][399.56 sec][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3451/2522 50678/50677 9036/8571][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 527/458 1514/1514 537/563][PLAIN TEXT (XDsiBZ)][Plen Bins: 9,4,0,2,0,2,8,0,2,0,0,1,0,1,2,0,0,2,2,0,0,0,2,1,0,0,1,0,0,0,0,0,0,23,1,0,0,2,1,1,1,1,0,0,1,23,0,0] 2 UDP 10.0.2.15:34417 <-> 93.47.224.241:36037 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][1 pkts/138 bytes <-> 62 pkts/31506 bytes][Goodput ratio: 69/92][1.32 sec][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/23 0/442 0/75][Pkt Len c2s/s2c min/avg/max/stddev: 138/58 138/508 138/1066 0/452][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found TeamViewer][PLAIN TEXT (93.47.224.241)][Plen Bins: 11,17,14,3,3,1,3,1,0,0,0,1,0,0,3,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index 1d5ff7d7d..545946bc4 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -37,6 +37,12 @@ Telegram 908 185304 12 Microsoft 2 284 1 GoogleServices 2 186 1 +Safe 7 780 3 +Acceptable 1243 262352 39 +Fun 9 742 2 +Dangerous 1 243 1 +Unrated 306 72708 3 + 1 UDP 192.168.1.77:28150 <-> 91.108.8.1:533 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][DPI packets: 1][cat: Chat/9][12 pkts/1272 bytes <-> 276 pkts/68136 bytes][Goodput ratio: 60/83][16.92 sec][bytes ratio: -0.963 (Download)][IAT c2s/s2c min/avg/max/stddev: 48/0 290/61 504/476 186/43][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/247 138/330 24/41][Plen Bins: 0,2,4,3,0,19,37,21,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.77:28150 <-> 91.108.8.8:529 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][DPI packets: 1][cat: Chat/9][285 pkts/65890 bytes <-> 13 pkts/1522 bytes][Goodput ratio: 82/64][16.92 sec][bytes ratio: 0.955 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/27 59/210 504/472 30/201][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 231/117 314/138 44/16][Plen Bins: 0,2,4,3,8,28,14,37,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP [fe80::4ba:91a:7817:e318]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][120 pkts/27243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17386/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 162/0 227/0 489/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/telegram_videocall.pcapng.out b/tests/cfgs/default/result/telegram_videocall.pcapng.out index 2f4fac437..6a95c52bb 100644 --- a/tests/cfgs/default/result/telegram_videocall.pcapng.out +++ b/tests/cfgs/default/result/telegram_videocall.pcapng.out @@ -36,6 +36,9 @@ Dropbox 2 348 1 AmazonAWS 4 288 1 TelegramVoip 228 41561 16 +Safe 640 339548 9 +Acceptable 247 43569 25 + 1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 91/TLS][IP: 185/Telegram][Encrypted][Confidence: Match by port][DPI packets: 18][cat: Web/5][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 91/TLS][IP: 185/Telegram][Encrypted][Confidence: Match by port][DPI packets: 18][cat: Web/5][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/telnet.pcap.out b/tests/cfgs/default/result/telnet.pcap.out index 89e71b3ba..e61e63322 100644 --- a/tests/cfgs/default/result/telnet.pcap.out +++ b/tests/cfgs/default/result/telnet.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Telnet 87 7418 1 +Unsafe 87 7418 1 + 1 TCP 192.168.0.2:1550 <-> 192.168.0.1:23 [proto: 77/Telnet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 33][cat: RemoteAccess/12][43 pkts/3135 bytes <-> 44 pkts/4283 bytes][Goodput ratio: 9/32][39.57 sec][Username: fake][bytes ratio: -0.155 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1130/544 14699/8799 2838/1502][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/97 151/554 17/76][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (bam.zing.org)][Plen Bins: 70,6,19,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teredo.pcap.out b/tests/cfgs/default/result/teredo.pcap.out index e493d1f98..cb692b8f2 100644 --- a/tests/cfgs/default/result/teredo.pcap.out +++ b/tests/cfgs/default/result/teredo.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Teredo 24 2574 5 +Acceptable 24 2574 5 + 1 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/930 bytes <-> 4 pkts/374 bytes][Goodput ratio: 55/55][17.48 sec][bytes ratio: 0.426 (Upload)][IAT c2s/s2c min/avg/max/stddev: 42/10 2184/2486 8524/4963 2528/2476][Pkt Len c2s/s2c min/avg/max/stddev: 82/90 93/94 95/95 4/2][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/206 bytes <-> 2 pkts/302 bytes][Goodput ratio: 59/72][38.10 sec][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/151 bytes][Goodput ratio: 59/72][0.05 sec][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out index 7857e4b2a..144e1d7b8 100644 --- a/tests/cfgs/default/result/tftp.pcap.out +++ b/tests/cfgs/default/result/tftp.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) TFTP 109 31453 9 +Acceptable 109 31453 9 + 1 UDP 192.168.0.10:3445 <-> 192.168.0.253:50618 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][49 pkts/26853 bytes <-> 49 pkts/2940 bytes][Goodput ratio: 92/7][< 1 sec][bytes ratio: 0.803 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2 3/3 9/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 69/60 548/60 558/60 69/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Network Working Group )][Plen Bins: 51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 172.28.5.170:62058 <-> 172.28.5.91:44618 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][2 pkts/92 bytes <-> 2 pkts/1116 bytes][Goodput ratio: 9/92][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BCCCCCC)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.45:35840 -> 192.168.2.200:69 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Filename: empty100KB][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (blksize)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/threema.pcap.out b/tests/cfgs/default/result/threema.pcap.out index 2ed7fc4ce..bb2064748 100644 --- a/tests/cfgs/default/result/threema.pcap.out +++ b/tests/cfgs/default/result/threema.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) Threema 83 11578 6 +Fun 83 11578 6 + 1 TCP 192.168.2.100:50484 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][DPI packets: 10][cat: Chat/9][9 pkts/1998 bytes <-> 6 pkts/1066 bytes][Goodput ratio: 70/62][30.23 sec][bytes ratio: 0.304 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/28 347/6958 2277/27743 788/12000][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 222/178 801/534 238/162][Plen Bins: 0,33,22,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:50298 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][DPI packets: 10][cat: Chat/9][10 pkts/2025 bytes <-> 5 pkts/548 bytes][Goodput ratio: 67/38][46.73 sec][bytes ratio: 0.574 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/31 5838/33 46525/38 15378/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 202/110 510/146 167/24][Plen Bins: 0,44,11,0,0,11,0,0,0,11,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:50618 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][DPI packets: 10][cat: Chat/9][9 pkts/879 bytes <-> 6 pkts/1079 bytes][Goodput ratio: 31/62][5.39 sec][bytes ratio: -0.102 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/28 52/1686 209/4996 67/2340][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/180 257/661 59/217][Plen Bins: 0,40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/thrift.pcap.out b/tests/cfgs/default/result/thrift.pcap.out index f30a88265..bed3c7919 100644 --- a/tests/cfgs/default/result/thrift.pcap.out +++ b/tests/cfgs/default/result/thrift.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) Thrift 172 104345 2 +Acceptable 172 104345 2 + 1 TCP 169.254.59.247:53387 <-> 169.254.46.4:11010 [proto: 345/Thrift][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][66 pkts/18026 bytes <-> 104 pkts/77061 bytes][Goodput ratio: 80/93][0.01 sec][bytes ratio: -0.621 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 273/741 6929/1514 1017/585][PLAIN TEXT (devicedriver)][Plen Bins: 0,18,3,2,0,0,1,0,1,0,0,0,0,0,0,0,0,2,31,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,34,0,3] 2 UDP 127.0.0.1:49164 -> 127.0.0.1:6831 [proto: 345/Thrift][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/9258 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][11.73 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (emitBatch)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] diff --git a/tests/cfgs/default/result/tinc.pcap.out b/tests/cfgs/default/result/tinc.pcap.out index 1bbdc6c33..0abe06d3a 100644 --- a/tests/cfgs/default/result/tinc.pcap.out +++ b/tests/cfgs/default/result/tinc.pcap.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found) TINC 317 352291 4 +Acceptable 317 352291 4 + 1 UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VPN/2][29 pkts/30038 bytes <-> 105 pkts/139726 bytes][Goodput ratio: 96/97][35.82 sec][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244/335 1049/2670 434/517][Pkt Len c2s/s2c min/avg/max/stddev: 158/118 1036/1331 1502/1510 544/412][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (E@zUIs1)][Plen Bins: 0,0,2,7,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,2,3,1,0,2,73,0,0] 2 UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VPN/2][101 pkts/136966 bytes <-> 29 pkts/32550 bytes][Goodput ratio: 97/96][42.97 sec][bytes ratio: 0.616 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 442/280 10377/1045 1172/448][Pkt Len c2s/s2c min/avg/max/stddev: 118/158 1356/1122 1510/1502 400/534][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (Cr64lS)][Plen Bins: 0,0,2,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,3,0,0,1,81,0,0] 3 TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: VPN/2][14 pkts/3812 bytes <-> 13 pkts/3098 bytes][Goodput ratio: 80/76][47.37 sec][bytes ratio: 0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4297/19 46927/55 13481/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/238 1093/1091 380/363][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (1 94 64 0 0 5861ABF)][Plen Bins: 21,7,28,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tk.pcap.out b/tests/cfgs/default/result/tk.pcap.out index b2622d788..afb86bea2 100644 --- a/tests/cfgs/default/result/tk.pcap.out +++ b/tests/cfgs/default/result/tk.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 6 566 3 +Acceptable 6 566 3 + 1 UDP 192.168.1.178:53820 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/131 bytes][Goodput ratio: 41/67][0.05 sec][Hostname/SNI: whois.dot.tk][::][Risk: ** Risky Domain Name **][Risk Score: 50][Risk Info: whois.dot.tk][PLAIN TEXT (freenom)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.178:55591 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/131 bytes][Goodput ratio: 41/67][0.06 sec][Hostname/SNI: whois.dot.tk][::][Risk: ** Risky Domain Name **][Risk Score: 50][Risk Info: whois.dot.tk][PLAIN TEXT (freenom)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.178:51954 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.10 sec][Hostname/SNI: whois.dot.tk][104.155.55.158][Risk: ** Risky Domain Name **][Risk Score: 50][Risk Info: whois.dot.tk][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls-appdata.pcap.out b/tests/cfgs/default/result/tls-appdata.pcap.out index 6c207da92..b6bb9fe28 100644 --- a/tests/cfgs/default/result/tls-appdata.pcap.out +++ b/tests/cfgs/default/result/tls-appdata.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 120 119945 2 +Safe 120 119945 2 + 1 TCP 192.168.2.100:58976 <-> 52.223.198.7:443 [proto: 91/TLS][IP: 195/Twitch][Encrypted][Confidence: DPI][DPI packets: 11][cat: Web/5][65 pkts/15286 bytes <-> 49 pkts/103870 bytes][Goodput ratio: 77/97][4470.16 sec][bytes ratio: -0.743 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 86847/10887 1637911/18446744073709505728 325792/64809][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 235/2120 1506/2958 476/1092][Plen Bins: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,33,0,51] 2 TCP 179.60.195.173:443 <-> 192.168.2.100:60636 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][3 pkts/627 bytes <-> 3 pkts/162 bytes][Goodput ratio: 68/0][0.22 sec][bytes ratio: 0.589 (Upload)][IAT c2s/s2c min/avg/max/stddev: 11/0 56/0 101/0 45/0][Pkt Len c2s/s2c min/avg/max/stddev: 201/54 209/54 225/54 11/0][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out b/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out index 791c9a5b6..015321708 100644 --- a/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out +++ b/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 3 2310 3 +Safe 3 2310 3 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.12 1 diff --git a/tests/cfgs/default/result/tls-rdn-extract.pcap.out b/tests/cfgs/default/result/tls-rdn-extract.pcap.out index 186efad52..1bace5db8 100644 --- a/tests/cfgs/default/result/tls-rdn-extract.pcap.out +++ b/tests/cfgs/default/result/tls-rdn-extract.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Microsoft 6 7205 1 +Safe 6 7205 1 + JA3 Host Stats: IP Address # JA3C 1 10.0.0.1 1 diff --git a/tests/cfgs/default/result/tls_2_reasms.pcapng.out b/tests/cfgs/default/result/tls_2_reasms.pcapng.out index 996dad2b4..1527c0f0c 100644 --- a/tests/cfgs/default/result/tls_2_reasms.pcapng.out +++ b/tests/cfgs/default/result/tls_2_reasms.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Instagram 14 6907 1 +Fun 14 6907 1 + JA3 Host Stats: IP Address # JA3C 1 192.91.186.174 1 diff --git a/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out b/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out index ac7859b6b..6a77799fd 100644 --- a/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out +++ b/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) FbookReelStory 15 13455 1 +Fun 15 13455 1 + JA3 Host Stats: IP Address # JA3C 1 88.14.137.195 1 diff --git a/tests/cfgs/default/result/tls_alert.pcap.out b/tests/cfgs/default/result/tls_alert.pcap.out index 159d77935..dbf88e002 100644 --- a/tests/cfgs/default/result/tls_alert.pcap.out +++ b/tests/cfgs/default/result/tls_alert.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 7 533 1 Google 11 952 1 +Safe 7 533 1 +Acceptable 11 952 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.192 1 diff --git a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out index 232c3b424..53145ced5 100644 --- a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out +++ b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out @@ -37,6 +37,10 @@ Apple 2 273 1 Microsoft 121 47561 14 Azure 2 306 1 +Safe 259 102331 20 +Acceptable 43 5081 14 +Unrated 13 5582 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.121 1 diff --git a/tests/cfgs/default/result/tls_cipher_lens.pcap.out b/tests/cfgs/default/result/tls_cipher_lens.pcap.out index 7bf3928c4..7768c4b8c 100644 --- a/tests/cfgs/default/result/tls_cipher_lens.pcap.out +++ b/tests/cfgs/default/result/tls_cipher_lens.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 4 932 4 Google 1 233 1 +Safe 4 932 4 +Acceptable 1 233 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.11.11 2 diff --git a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out index 64c1b84bb..be50172b9 100644 --- a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 8 2093 1 AnyDesk 9 3433 1 +Safe 8 2093 1 +Acceptable 9 3433 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/tls_ech.pcapng.out b/tests/cfgs/default/result/tls_ech.pcapng.out index d523c71e8..7b862be6f 100644 --- a/tests/cfgs/default/result/tls_ech.pcapng.out +++ b/tests/cfgs/default/result/tls_ech.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 1/1 (search/found) Cloudflare 10 4226 1 +Acceptable 10 4226 1 + JA3 Host Stats: IP Address # JA3C 1 2001:b07:a3d:c112:ce16:b409:3d0a:9177 1 diff --git a/tests/cfgs/default/result/tls_esni_sni_both.pcap.out b/tests/cfgs/default/result/tls_esni_sni_both.pcap.out index 95b87a78c..f6fcee58d 100644 --- a/tests/cfgs/default/result/tls_esni_sni_both.pcap.out +++ b/tests/cfgs/default/result/tls_esni_sni_both.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 38 15899 2 +Safe 38 15899 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.21 1 diff --git a/tests/cfgs/default/result/tls_false_positives.pcapng.out b/tests/cfgs/default/result/tls_false_positives.pcapng.out index 0ce3f370e..15605ea47 100644 --- a/tests/cfgs/default/result/tls_false_positives.pcapng.out +++ b/tests/cfgs/default/result/tls_false_positives.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 30 37313 1 +Unrated 30 37313 1 + Undetected flows: diff --git a/tests/cfgs/default/result/tls_invalid_reads.pcap.out b/tests/cfgs/default/result/tls_invalid_reads.pcap.out index 8a175841e..fe7507438 100644 --- a/tests/cfgs/default/result/tls_invalid_reads.pcap.out +++ b/tests/cfgs/default/result/tls_invalid_reads.pcap.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 8 1891 2 Crashlytics 3 560 1 +Safe 8 1891 2 +Acceptable 3 560 1 + JA3 Host Stats: IP Address # JA3C 1 10.191.139.17 1 diff --git a/tests/cfgs/default/result/tls_long_cert.pcap.out b/tests/cfgs/default/result/tls_long_cert.pcap.out index 353894acc..4e9fc5563 100644 --- a/tests/cfgs/default/result/tls_long_cert.pcap.out +++ b/tests/cfgs/default/result/tls_long_cert.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 182 117601 1 +Safe 182 117601 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.126 1 diff --git a/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out b/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out index 134a94739..98a7b5d84 100644 --- a/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out +++ b/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 1/1 (search/found) TLS 22 7204 1 +Safe 22 7204 1 + JA3 Host Stats: IP Address # JA3C 1 2001:b07:a3d:c112:9726:f643:a838:b0c4 1 diff --git a/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out b/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out index e9f123277..8a41aa590 100644 --- a/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out +++ b/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 14 10082 1 +Safe 14 10082 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out b/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out index 47ef91206..c76e6b16c 100644 --- a/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out +++ b/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AmazonAWS 10 6532 1 +Acceptable 10 6532 1 + JA3 Host Stats: IP Address # JA3C 1 10.10.10.1 1 diff --git a/tests/cfgs/default/result/tls_port_80.pcapng.out b/tests/cfgs/default/result/tls_port_80.pcapng.out index 2a1d61926..4666359e1 100644 --- a/tests/cfgs/default/result/tls_port_80.pcapng.out +++ b/tests/cfgs/default/result/tls_port_80.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 13 2439 1 +Safe 13 2439 1 + JA3 Host Stats: IP Address # JA3C 1 57.91.202.194 1 diff --git a/tests/cfgs/default/result/tls_torrent.pcapng.out b/tests/cfgs/default/result/tls_torrent.pcapng.out index f3499a0c9..7d77f2aa5 100644 --- a/tests/cfgs/default/result/tls_torrent.pcapng.out +++ b/tests/cfgs/default/result/tls_torrent.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 7 6308 1 +Acceptable 7 6308 1 + JA3 Host Stats: IP Address # JA3C 1 10.10.10.1 1 diff --git a/tests/cfgs/default/result/tls_unidirectional.pcap.out b/tests/cfgs/default/result/tls_unidirectional.pcap.out index c7815a548..2031a1186 100644 --- a/tests/cfgs/default/result/tls_unidirectional.pcap.out +++ b/tests/cfgs/default/result/tls_unidirectional.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Google 6 6972 1 AnyDesk 27 7693 1 +Acceptable 33 14665 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/tls_verylong_certificate.pcap.out b/tests/cfgs/default/result/tls_verylong_certificate.pcap.out index b4fe2b5c4..dc67b13ee 100644 --- a/tests/cfgs/default/result/tls_verylong_certificate.pcap.out +++ b/tests/cfgs/default/result/tls_verylong_certificate.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Cybersec 48 22229 1 +Safe 48 22229 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.160 1 diff --git a/tests/cfgs/default/result/toca-boca.pcap.out b/tests/cfgs/default/result/toca-boca.pcap.out index fce78ab89..ecc6da9a9 100644 --- a/tests/cfgs/default/result/toca-boca.pcap.out +++ b/tests/cfgs/default/result/toca-boca.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) TocaBoca 77 15576 21 +Fun 77 15576 21 + 1 UDP 192.168.2.100:55544 <-> 92.38.154.49:5055 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1266 bytes <-> 7 pkts/1556 bytes][Goodput ratio: 73/81][1.22 sec][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/11 35/31 48/47 14/15][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/222 458/522 120/185][PLAIN TEXT (HlvlwYJ)][Plen Bins: 13,27,27,0,13,0,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:50173 <-> 91.199.81.225:5055 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1134 bytes <-> 8 pkts/1327 bytes][Goodput ratio: 74/75][2.41 sec][bytes ratio: -0.078 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 46/31 256/383 982/1078 363/465][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 162/166 458/428 127/122][PLAIN TEXT (AstGDGW)][Plen Bins: 13,41,13,0,13,0,0,6,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:44818 <-> 91.199.81.123:5055 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1177 bytes <-> 7 pkts/1167 bytes][Goodput ratio: 71/75][2.29 sec][bytes ratio: 0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 51/15 360/435 985/1007 340/380][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 147/167 478/515 129/147][PLAIN TEXT (82620531)][Plen Bins: 0,61,13,0,13,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tor.pcap.out b/tests/cfgs/default/result/tor.pcap.out index ea41102b1..4f6c88097 100644 --- a/tests/cfgs/default/result/tor.pcap.out +++ b/tests/cfgs/default/result/tor.pcap.out @@ -31,6 +31,11 @@ DHCPV6 6 906 1 Dropbox 10 1860 1 Tor 112 39736 3 +Safe 220 93832 5 +Acceptable 16 2766 2 +Potentially Dangerous 112 39736 3 +Dangerous 1 252 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.252 1 diff --git a/tests/cfgs/default/result/tplink_shp.pcap.out b/tests/cfgs/default/result/tplink_shp.pcap.out index 31572621a..f011471b6 100644 --- a/tests/cfgs/default/result/tplink_shp.pcap.out +++ b/tests/cfgs/default/result/tplink_shp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TPLINK_SHP 251 17821 8 +Acceptable 251 17821 8 + 1 UDP 192.168.242.40:9999 -> 255.255.255.255:9999 [proto: 332/TPLINK_SHP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][32 pkts/2272 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][1860.44 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 58157/0 60014/0 62682/0 801/0][Pkt Len c2s/s2c min/avg/max/stddev: 71/0 71/0 71/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.242.41:9999 -> 255.255.255.255:9999 [proto: 332/TPLINK_SHP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][32 pkts/2272 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][1860.44 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 59941/0 60012/0 60058/0 30/0][Pkt Len c2s/s2c min/avg/max/stddev: 71/0 71/0 71/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.242.99:9999 -> 255.255.255.255:9999 [proto: 332/TPLINK_SHP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][32 pkts/2272 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][1860.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 59882/0 59999/0 60106/0 30/0][Pkt Len c2s/s2c min/avg/max/stddev: 71/0 71/0 71/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/trickbot.pcap.out b/tests/cfgs/default/result/trickbot.pcap.out index 00b958ef1..a826d2eb7 100644 --- a/tests/cfgs/default/result/trickbot.pcap.out +++ b/tests/cfgs/default/result/trickbot.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 74 62002 1 +Acceptable 74 62002 1 + 1 TCP 10.12.29.101:61318 <-> 82.118.225.196:7080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][28 pkts/2801 bytes <-> 46 pkts/59201 bytes][Goodput ratio: 46/96][8.40 sec][Hostname/SNI: 82.118.225.196][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 327/167 1000/1000 339/292][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 100/1287 982/1514 182/426][URL: 82.118.225.196:7080/OK21pqJAtyyGBEo00sk][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: text/html][Server: nginx][User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Content **][Risk Score: 160][Risk Info: Found host 82.118.225.196 / Susp content DF6A56F8][PLAIN TEXT (POST /OK21p)][Plen Bins: 0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,4,0,0,6,2,0,35,0,0,44,0,0] diff --git a/tests/cfgs/default/result/tumblr.pcap.out b/tests/cfgs/default/result/tumblr.pcap.out index 49545eed9..9b16d952e 100644 --- a/tests/cfgs/default/result/tumblr.pcap.out +++ b/tests/cfgs/default/result/tumblr.pcap.out @@ -31,6 +31,11 @@ ADS_Analytic_Track 54 17122 2 Google 107 85437 1 GoogleServices 63 44980 1 +Safe 447 173873 41 +Acceptable 170 130417 2 +Fun 84 38260 2 +Tracker/Ads 54 17122 2 + JA3 Host Stats: IP Address # JA3C 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 2 diff --git a/tests/cfgs/default/result/tunnelbear.pcap.out b/tests/cfgs/default/result/tunnelbear.pcap.out index 96e8739eb..d55e788c3 100644 --- a/tests/cfgs/default/result/tunnelbear.pcap.out +++ b/tests/cfgs/default/result/tunnelbear.pcap.out @@ -31,6 +31,10 @@ Messenger 18 5263 1 GoogleServices 15 2661 1 TunnelBear 325 84150 15 +Safe 24 9110 1 +Acceptable 363 92380 18 +Tracker/Ads 34 13737 2 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 6 diff --git a/tests/cfgs/default/result/tuya_lp.pcap.out b/tests/cfgs/default/result/tuya_lp.pcap.out index 357e3f536..74d84b4c0 100644 --- a/tests/cfgs/default/result/tuya_lp.pcap.out +++ b/tests/cfgs/default/result/tuya_lp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TuyaLP 98 21948 13 +Acceptable 98 21948 13 + 1 UDP 192.168.242.170:49154 -> 255.255.255.255:6667 [proto: 331/TuyaLP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][8 pkts/1840 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][35.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4999/0 5000/0 5001/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 230/0 230/0 230/0 0/0][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.242.172:49154 -> 255.255.255.255:6667 [proto: 331/TuyaLP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][8 pkts/1840 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][35.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4997/0 5000/0 5001/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 230/0 230/0 230/0 0/0][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.242.174:49154 -> 255.255.255.255:6667 [proto: 331/TuyaLP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][8 pkts/1840 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][35.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4998/0 5000/0 5003/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 230/0 230/0 230/0 0/0][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ubntac2.pcap.out b/tests/cfgs/default/result/ubntac2.pcap.out index 46944980c..5503dc9a7 100644 --- a/tests/cfgs/default/result/ubntac2.pcap.out +++ b/tests/cfgs/default/result/ubntac2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) UBNTAC2 8 1736 8 +Safe 8 1736 8 + 1 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/uftp_v4_v5.pcap.out b/tests/cfgs/default/result/uftp_v4_v5.pcap.out index 93c46f0b3..8123ee730 100644 --- a/tests/cfgs/default/result/uftp_v4_v5.pcap.out +++ b/tests/cfgs/default/result/uftp_v4_v5.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) UFTP 260 296340 3 +Acceptable 260 296340 3 + 1 UDP 10.0.0.1:37173 -> 230.5.5.56:1044 [proto: 373/UFTP][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][220 pkts/293060 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.35 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/0 391/0 27/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 1332/0 1366/0 203/0][Plen Bins: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0,0,0,0,0] 2 UDP 10.0.0.1:37173 -> 230.4.4.1:1044 [proto: 373/UFTP][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][20 pkts/1640 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][10.87 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 18/0 602/0 1511/0 718/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.186:37457 -> 230.4.4.1:1044 [proto: 373/UFTP][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][20 pkts/1640 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][2.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 113/0 1513/0 340/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ultrasurf.pcap.out b/tests/cfgs/default/result/ultrasurf.pcap.out index a738882c1..219c3033c 100644 --- a/tests/cfgs/default/result/ultrasurf.pcap.out +++ b/tests/cfgs/default/result/ultrasurf.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 233 106228 2 UltraSurf 100 120543 1 +Safe 233 106228 2 +Acceptable 100 120543 1 + JA3 Host Stats: IP Address # JA3C 1 10.132.0.23 1 diff --git a/tests/cfgs/default/result/umas.pcap.out b/tests/cfgs/default/result/umas.pcap.out index a18de9715..2730c6f2a 100644 --- a/tests/cfgs/default/result/umas.pcap.out +++ b/tests/cfgs/default/result/umas.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) UMAS 191 29046 1 +Acceptable 191 29046 1 + 1 TCP 192.168.63.100:7718 <-> 192.168.63.253:502 [proto: 44.364/Modbus.UMAS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][94 pkts/6876 bytes <-> 97 pkts/22170 bytes][Goodput ratio: 26/76][0.77 sec][bytes ratio: -0.527 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 8/8 183/183 21/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/64 73/229 315/315 36/105][PLAIN TEXT (PU 311 10)][Plen Bins: 57,1,5,2,0,1,0,4,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/upnp.pcap.out b/tests/cfgs/default/result/upnp.pcap.out index 0dcecc1d2..a1c5e519f 100644 --- a/tests/cfgs/default/result/upnp.pcap.out +++ b/tests/cfgs/default/result/upnp.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 2/0 (search/found) WSD 14 9912 2 +Acceptable 14 9912 2 + 1 UDP [fe80::3441:3d24:6d30:a807]:58932 -> [ff02::c]:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][7 pkts/5026 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][5.63 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 118/0 938/0 2000/0 752/0][Pkt Len c2s/s2c min/avg/max/stddev: 718/0 718/0 718/0 0/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.61.66:58931 -> 239.255.255.250:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][7 pkts/4886 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][6.64 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 179/0 1107/0 2004/0 740/0][Pkt Len c2s/s2c min/avg/max/stddev: 698/0 698/0 698/0 0/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index a52619a84..5f7b8d765 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -37,6 +37,11 @@ Google 31 9113 3 Viber 295 105504 12 QUIC 3 194 1 +Safe 102 33446 6 +Acceptable 46 13603 9 +Fun 297 105785 13 +Tracker/Ads 2 377 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.17 2 diff --git a/tests/cfgs/default/result/vk.pcapng.out b/tests/cfgs/default/result/vk.pcapng.out index cc12023d3..8d6c80090 100644 --- a/tests/cfgs/default/result/vk.pcapng.out +++ b/tests/cfgs/default/result/vk.pcapng.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) VK 82 10228 4 TLS 827 116853 6 +Safe 827 116853 6 +Fun 82 10228 4 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.249 1 diff --git a/tests/cfgs/default/result/vnc.pcap.out b/tests/cfgs/default/result/vnc.pcap.out index d65e5bebe..a79fa1493 100644 --- a/tests/cfgs/default/result/vnc.pcap.out +++ b/tests/cfgs/default/result/vnc.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) VNC 4551 329158 2 +Acceptable 4551 329158 2 + 1 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: RemoteAccess/12][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes][Goodput ratio: 32/1][16.52 sec][bytes ratio: 0.552 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 841/845 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/54 89/88 5/3][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found VNC][Plen Bins: 88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: RemoteAccess/12][684 pkts/54893 bytes <-> 324 pkts/17720 bytes][Goodput ratio: 32/1][4.15 sec][bytes ratio: 0.512 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/12 538/501 32/43][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/55 89/88 5/4][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found VNC][Plen Bins: 90,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/vrrp3.pcapng.out b/tests/cfgs/default/result/vrrp3.pcapng.out index 9c3f80e5a..387356fc7 100644 --- a/tests/cfgs/default/result/vrrp3.pcapng.out +++ b/tests/cfgs/default/result/vrrp3.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 4/0 (search/found) VRRP 10 820 2 +Acceptable 10 820 2 + 1 VRRP [fe80::1]:0 -> [ff02::12]:0 [VLAN: 36][proto: 73/VRRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][9 pkts/738 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][73.79 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8603/0 9223/0 10004/0 503/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 VRRP [fe80::2]:0 -> [ff02::12]:0 [VLAN: 36][proto: 73/VRRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/vxlan.pcap.out b/tests/cfgs/default/result/vxlan.pcap.out index e067876e9..171e01703 100644 --- a/tests/cfgs/default/result/vxlan.pcap.out +++ b/tests/cfgs/default/result/vxlan.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Facebook 127 85322 4 +Fun 127 85322 4 + JA3 Host Stats: IP Address # JA3C 1 10.10.20.4 1 diff --git a/tests/cfgs/default/result/wa_video.pcap.out b/tests/cfgs/default/result/wa_video.pcap.out index dc0b3b497..f98c3634a 100644 --- a/tests/cfgs/default/result/wa_video.pcap.out +++ b/tests/cfgs/default/result/wa_video.pcap.out @@ -33,6 +33,9 @@ Dropbox 2 764 1 WhatsApp 133 20568 1 Spotify 1 86 1 +Acceptable 780 347731 13 +Fun 1 86 1 + 1 UDP 192.168.2.12:53688 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][347 pkts/223797 bytes <-> 146 pkts/24878 bytes][Goodput ratio: 93/75][22.48 sec][bytes ratio: 0.800 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/77 2891/3013 278/400][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 645/170 1181/1095 402/174][PLAIN TEXT (hw3@PydH)][Plen Bins: 11,29,10,5,5,0,0,0,0,0,0,0,0,0,14,0,3,0,0,0,0,0,0,0,0,1,1,0,1,3,2,0,2,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.12:53688 <-> 91.252.56.51:32641 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][72 pkts/48848 bytes <-> 35 pkts/22821 bytes][Goodput ratio: 94/94][3.05 sec][bytes ratio: 0.363 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/19 707/132 139/32][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 678/652 1160/1140 376/376][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (dBXAnF)][Plen Bins: 1,8,0,8,2,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,1,5,5,14,2,5,1,8,4,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: Match by IP][DPI packets: 22][cat: Chat/9][66 pkts/8810 bytes <-> 67 pkts/11758 bytes][Goodput ratio: 50/62][27.94 sec][bytes ratio: -0.143 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 365/429 6456/7033 1181/1216][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/175 1454/1454 183/248][PLAIN TEXT (AaPKuGR)][Plen Bins: 2,50,0,5,13,17,0,0,2,0,0,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] diff --git a/tests/cfgs/default/result/wa_voice.pcap.out b/tests/cfgs/default/result/wa_voice.pcap.out index 1e72de3f5..729b61929 100644 --- a/tests/cfgs/default/result/wa_voice.pcap.out +++ b/tests/cfgs/default/result/wa_voice.pcap.out @@ -39,6 +39,11 @@ Spotify 2 172 1 ApplePush 24 8007 1 WhatsAppFiles 52 24946 2 +Safe 8 542 1 +Acceptable 722 169382 25 +Fun 2 172 1 +Unrated 2 120 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.12 2 diff --git a/tests/cfgs/default/result/waze.pcap.out b/tests/cfgs/default/result/waze.pcap.out index f48408815..3d40dadc5 100644 --- a/tests/cfgs/default/result/waze.pcap.out +++ b/tests/cfgs/default/result/waze.pcap.out @@ -33,6 +33,10 @@ TLS 21 2574 3 Waze 484 289335 19 WhatsApp 15 1341 1 +Safe 21 2574 3 +Acceptable 566 355633 29 +Unrated 10 786 1 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 2 diff --git a/tests/cfgs/default/result/webdav.pcap.out b/tests/cfgs/default/result/webdav.pcap.out index 6987abcd0..ee1c0d84e 100644 --- a/tests/cfgs/default/result/webdav.pcap.out +++ b/tests/cfgs/default/result/webdav.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) WebDAV 14 2742 1 +Acceptable 14 2742 1 + 1 TCP 10.24.8.189:50652 <-> 104.156.149.6:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Collaborative/15][7 pkts/727 bytes <-> 7 pkts/2015 bytes][Goodput ratio: 46/81][5.07 sec][Hostname/SNI: 104.156.149.6][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/8 67/20 24/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 104/288 223/1107 75/390][URL: 104.156.149.6/webdav][StatusCode: 301][Content-Type: text/html][Server: Apache/2.4.52 (Ubuntu)][User-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 104.156.149.6][PLAIN TEXT (PROPFIND /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 0dea74527..0825e890b 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -32,6 +32,9 @@ SIP 22 15356 1 Google 17 6375 1 Webex 790 500686 30 +Safe 259 29507 23 +Acceptable 851 525599 34 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 6 diff --git a/tests/cfgs/default/result/websocket.pcap.out b/tests/cfgs/default/result/websocket.pcap.out index 5e8baf685..d62ea800e 100644 --- a/tests/cfgs/default/result/websocket.pcap.out +++ b/tests/cfgs/default/result/websocket.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) WebSocket 5 441 1 +Acceptable 5 441 1 + 1 TCP 192.168.43.135:12345 <-> 192.168.43.1:50999 [proto: 251/WebSocket][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/294 bytes <-> 2 pkts/147 bytes][Goodput ratio: 45/26][77.63 sec][PLAIN TEXT (Welcome)][Plen Bins: 60,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/wechat.pcap.out b/tests/cfgs/default/result/wechat.pcap.out index 60fae4c7f..f4b948398 100644 --- a/tests/cfgs/default/result/wechat.pcap.out +++ b/tests/cfgs/default/result/wechat.pcap.out @@ -43,6 +43,11 @@ LLMNR 12 944 6 WeChat 989 520787 32 GoogleDocs 15 5114 2 +Safe 305 89209 22 +Acceptable 349 47161 46 +Fun 1015 530189 34 +Dangerous 3 751 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.103 3 diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index bac6e9cf9..ebbf6b3df 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -33,6 +33,10 @@ Sina 335 220149 11 Alibaba 8 877 3 SinaWeibo 84 37928 5 +Safe 23 1578 15 +Acceptable 56 7900 13 +Fun 419 258077 16 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.105 1 diff --git a/tests/cfgs/default/result/whatsapp.pcap.out b/tests/cfgs/default/result/whatsapp.pcap.out index 9f8d7b221..fa8ed0f8f 100644 --- a/tests/cfgs/default/result/whatsapp.pcap.out +++ b/tests/cfgs/default/result/whatsapp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) WhatsApp 679 96293 86 +Acceptable 679 96293 86 + 1 TCP 192.168.2.100:49026 -> 179.60.195.33:5222 [proto: 142/WhatsApp][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][8 pkts/3049 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][0.19 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/0 125/0 41/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 381/0 1315/0 539/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:44804 -> 179.60.195.49:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][9 pkts/2139 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][0.33 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/0 131/0 41/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 238/0 1090/0 319/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 40,0,0,0,0,0,20,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:40108 -> 179.60.195.33:5222 [proto: 142/WhatsApp][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][9 pkts/1919 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.28 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/0 224/0 72/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 213/0 1324/0 393/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 60,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/whatsapp_login_call.pcap.out b/tests/cfgs/default/result/whatsapp_login_call.pcap.out index 562493461..e1cf3fbc0 100644 --- a/tests/cfgs/default/result/whatsapp_login_call.pcap.out +++ b/tests/cfgs/default/result/whatsapp_login_call.pcap.out @@ -41,6 +41,10 @@ Spotify 3 258 1 AppleStore 85 28087 2 ApplePush 22 5926 1 +Safe 198 50852 23 +Acceptable 1050 141996 33 +Fun 3 258 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.4 1 diff --git a/tests/cfgs/default/result/whatsapp_login_chat.pcap.out b/tests/cfgs/default/result/whatsapp_login_chat.pcap.out index 9f7aca2f3..ee6b59add 100644 --- a/tests/cfgs/default/result/whatsapp_login_chat.pcap.out +++ b/tests/cfgs/default/result/whatsapp_login_chat.pcap.out @@ -29,6 +29,10 @@ Dropbox 2 1088 1 WhatsApp 32 3243 2 Spotify 1 86 1 +Safe 50 23466 2 +Acceptable 42 6585 6 +Fun 1 86 1 + 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][24 pkts/15117 bytes <-> 20 pkts/6254 bytes][Goodput ratio: 91/83][3.89 sec][bytes ratio: 0.415 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 180/27 2803/212 622/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 630/313 1494/1002 544/370][Plen Bins: 0,0,4,0,0,0,0,0,0,0,16,0,0,0,8,4,0,16,0,0,0,0,4,0,0,0,0,0,0,16,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,16,0,0] 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes][Goodput ratio: 37/26][19.72 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 1371/2066 10513/10479 2988/3556][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/90 267/144 68/22][PLAIN TEXT (iPhone)][Plen Bins: 21,50,7,0,0,14,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/2095 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][20.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 659/0 4000/0 10199/0 3476/0][Pkt Len c2s/s2c min/avg/max/stddev: 220/0 349/0 375/0 58/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,16,0,0,0,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/whatsapp_voice_and_message.pcap.out b/tests/cfgs/default/result/whatsapp_voice_and_message.pcap.out index df917e37a..7bb7856a2 100644 --- a/tests/cfgs/default/result/whatsapp_voice_and_message.pcap.out +++ b/tests/cfgs/default/result/whatsapp_voice_and_message.pcap.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found) WhatsAppCall 44 5916 8 WhatsApp 217 22139 5 +Acceptable 261 28055 13 + 1 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][30 pkts/2539 bytes <-> 32 pkts/3070 bytes][Goodput ratio: 35/44][47.83 sec][bytes ratio: -0.095 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1858/1709 28667/28718 5783/5581][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 85/96 299/559 55/94][PLAIN TEXT (Android)][Plen Bins: 47,21,7,3,7,7,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][24 pkts/3029 bytes <-> 22 pkts/1961 bytes][Goodput ratio: 57/39][13.49 sec][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 681/812 10696/10748 2366/2570][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126/89 590/469 124/92][PLAIN TEXT (Android)][Plen Bins: 21,10,37,5,0,10,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes][Goodput ratio: 69/60][8.61 sec][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 717/767 8044/4043 2210/1535][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 179/135 590/1022 203/241][PLAIN TEXT (Android)][Plen Bins: 36,0,0,9,9,9,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/whatsappfiles.pcap.out b/tests/cfgs/default/result/whatsappfiles.pcap.out index 9cc51d849..0c22d6aeb 100644 --- a/tests/cfgs/default/result/whatsappfiles.pcap.out +++ b/tests/cfgs/default/result/whatsappfiles.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) WhatsAppFiles 620 452233 2 +Acceptable 620 452233 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.29 2 diff --git a/tests/cfgs/default/result/whois.pcapng.out b/tests/cfgs/default/result/whois.pcapng.out index a4c4204e9..4b60f0fa2 100644 --- a/tests/cfgs/default/result/whois.pcapng.out +++ b/tests/cfgs/default/result/whois.pcapng.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 7 2046 1 Whois-DAS 16 4294 2 +Safe 7 2046 1 +Acceptable 16 4294 2 + JA3 Host Stats: IP Address # JA3C 1 10.17.34.139 1 diff --git a/tests/cfgs/default/result/windowsupdate_over_http.pcap.out b/tests/cfgs/default/result/windowsupdate_over_http.pcap.out index 201d3a352..2b4e7472c 100644 --- a/tests/cfgs/default/result/windowsupdate_over_http.pcap.out +++ b/tests/cfgs/default/result/windowsupdate_over_http.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) WindowsUpdate 20 15975 1 +Safe 20 15975 1 + 1 TCP 10.0.2.15:49815 <-> 151.99.72.125:80 [proto: 7.147/HTTP.WindowsUpdate][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][8 pkts/923 bytes <-> 12 pkts/15052 bytes][Goodput ratio: 52/96][0.02 sec][Hostname/SNI: 151.99.72.125][bytes ratio: -0.884 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 9/8 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/1254 533/1514 158/536][URL: 151.99.72.125/data/0783dedfb62fa709/msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVp][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: Microsoft-Delivery-Optimization/10.0][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 160][Risk Info: Found host 151.99.72.125 / Found mime exe octet-stream][PLAIN TEXT (GET /data/0783dedfb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,72,0,0] diff --git a/tests/cfgs/default/result/wireguard.pcap.out b/tests/cfgs/default/result/wireguard.pcap.out index 4f8af14b5..b921a6abf 100644 --- a/tests/cfgs/default/result/wireguard.pcap.out +++ b/tests/cfgs/default/result/wireguard.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) WireGuard 52 12740 2 +Acceptable 52 12740 2 + 1 UDP 139.162.192.157:51820 <-> 192.168.0.14:36116 [proto: 206/WireGuard][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: VPN/2][18 pkts/5428 bytes <-> 12 pkts/2568 bytes][Goodput ratio: 86/80][9.40 sec][bytes ratio: 0.358 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 414/661 5525/5525 1367/1721][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 302/214 842/314 223/80][Plen Bins: 0,0,0,41,23,0,0,0,16,3,3,0,0,0,0,0,3,0,0,3,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.9.0.1:43462 <-> 10.9.0.2:51820 [proto: 206/WireGuard][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: VPN/2][12 pkts/3100 bytes <-> 10 pkts/1644 bytes][Goodput ratio: 84/74][140.28 sec][bytes ratio: 0.307 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1369/17528 10176/138081 3139/45567][Pkt Len c2s/s2c min/avg/max/stddev: 74/122 258/164 1494/330 375/58][Plen Bins: 0,9,22,18,41,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] diff --git a/tests/cfgs/default/result/wow.pcap.out b/tests/cfgs/default/result/wow.pcap.out index cbd458f60..d29d6fe6e 100644 --- a/tests/cfgs/default/result/wow.pcap.out +++ b/tests/cfgs/default/result/wow.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) WorldOfWarcraft 95 10688 5 +Fun 95 10688 5 + 1 TCP 192.168.178.20:39329 <-> 12.129.228.153:3724 [proto: 76/WorldOfWarcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Game/8][10 pkts/2788 bytes <-> 6 pkts/898 bytes][Goodput ratio: 76/55][1.83 sec][bytes ratio: 0.513 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/125 121/183 537/222 182/38][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/150 569/467 238/143][PLAIN TEXT (WORLD OF WARCRAFT CONNECTION )][Plen Bins: 0,44,0,0,0,0,0,0,0,0,0,0,11,0,0,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.178.20:39309 <-> 12.129.222.53:80 [proto: 7.76/HTTP.WorldOfWarcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Game/8][18 pkts/1350 bytes <-> 6 pkts/950 bytes][Goodput ratio: 13/57][11.01 sec][Hostname/SNI: us.scan.worldofwarcraft.com][bytes ratio: 0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/219 733/298 8393/378 2077/80][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/158 151/339 28/128][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][Content-Type: text/plain][Server: Apache/2.2.3 (CentOS)][Risk: ** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 150][Risk Info: Empty or missing User-Agent / Obsolete Apache server 2.2.3][PLAIN TEXT (FGET /update/Launcher.t)][Plen Bins: 0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.178.20:39312 <-> 24.105.29.21:80 [proto: 7.76/HTTP.WorldOfWarcraft][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 9][cat: Game/8][18 pkts/1156 bytes <-> 6 pkts/876 bytes][Goodput ratio: 12/62][11.13 sec][Hostname/SNI: launcher.worldofwarcraft.com][bytes ratio: 0.138 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/157 741/904 8457/1650 2112/746][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 64/146 126/598 23/202][URL: launcher.worldofwarcraft.com/alert][StatusCode: 200][Content-Type: text/plain][Server: Apache][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /alert HTTP/1.1)][Plen Bins: 0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/xdmcp.pcap.out b/tests/cfgs/default/result/xdmcp.pcap.out index 1bf4890ab..1de312539 100644 --- a/tests/cfgs/default/result/xdmcp.pcap.out +++ b/tests/cfgs/default/result/xdmcp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) XDMCP 6 598 1 +Acceptable 6 598 1 + 1 UDP 10.1.2.2:61426 <-> 10.1.2.4:177 [proto: 15/XDMCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RemoteAccess/12][4 pkts/433 bytes <-> 2 pkts/165 bytes][Goodput ratio: 59/49][3.02 sec][bytes ratio: 0.448 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/144 1006/144 1992/144 811/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/71 108/82 231/94 71/12][PLAIN TEXT (COOKIEg to manag)][Plen Bins: 67,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/xiaomi.pcap.out b/tests/cfgs/default/result/xiaomi.pcap.out index d485377e7..88f2404d6 100644 --- a/tests/cfgs/default/result/xiaomi.pcap.out +++ b/tests/cfgs/default/result/xiaomi.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Xiaomi 52 11467 7 +Acceptable 52 11467 7 + 1 TCP 192.168.2.100:45106 <-> 18.193.233.122:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][8 pkts/2061 bytes <-> 7 pkts/1063 bytes][Goodput ratio: 74/56][359.14 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com][bytes ratio: 0.319 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/1 59816/100 358553/211 133599/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 258/152 1014/488 311/142][User-Agent: Redmi Note 8T][PLAIN TEXT (xiaomi.com)][Plen Bins: 14,0,14,14,0,0,14,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:37708 <-> 3.127.176.74:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][8 pkts/1983 bytes <-> 7 pkts/641 bytes][Goodput ratio: 73/27][455.15 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 75808/90740 453408/453409 168869/181335][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/92 999/171 303/39][User-Agent: Redmi Note 9 Pro][PLAIN TEXT (xiaomi.com)][Plen Bins: 16,0,16,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 115.164.74.232:5222 <-> 192.168.247.13:38018 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/456 bytes <-> 3 pkts/1283 bytes][Goodput ratio: 40/85][149.32 sec][Hostname/SNI: 47.241.35.73][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 143/153 49772/74586 149015/149020 70175/74434][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 114/428 172/980 41/395][User-Agent: M2010J19SG][PLAIN TEXT (xiaomi.com)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/xss.pcap.out b/tests/cfgs/default/result/xss.pcap.out index 6c8822e50..999189f91 100644 --- a/tests/cfgs/default/result/xss.pcap.out +++ b/tests/cfgs/default/result/xss.pcap.out @@ -26,5 +26,7 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 11 3209 2 +Acceptable 11 3209 2 + 1 TCP 192.168.3.109:53514 <-> 192.168.3.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][4 pkts/880 bytes <-> 4 pkts/2115 bytes][Goodput ratio: 69/87][0.01 sec][Hostname/SNI: 192.168.3.107][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 5/4 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/529 674/1514 262/591][URL: 192.168.3.107/DVWA-master/vulnerabilities/xss_d/?default=English%3Cscript%3Ealert(1)%3C/script%3E][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36][Risk: ** XSS Attack **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 160][Risk Info: Found host 192.168.3.107][PLAIN TEXT (FGET /DVWA)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] 2 TCP 192.168.3.109:53516 <-> 192.168.3.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/yandex.pcapng.out b/tests/cfgs/default/result/yandex.pcapng.out index 4b724f106..e14d19b25 100644 --- a/tests/cfgs/default/result/yandex.pcapng.out +++ b/tests/cfgs/default/result/yandex.pcapng.out @@ -30,6 +30,10 @@ YandexCloud 18 11310 1 YandexMetrika 16 9241 1 YandexDirect 18 8718 1 +Safe 94 40622 7 +Fun 18 8243 1 +Tracker/Ads 18 8718 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.249 1 diff --git a/tests/cfgs/default/result/youtube_quic.pcap.out b/tests/cfgs/default/result/youtube_quic.pcap.out index 4636cd18e..98e935215 100644 --- a/tests/cfgs/default/result/youtube_quic.pcap.out +++ b/tests/cfgs/default/result/youtube_quic.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) YouTube 258 178495 1 Google 31 13144 2 +Acceptable 31 13144 2 +Fun 258 178495 1 + 1 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][113 pkts/16111 bytes <-> 145 pkts/162384 bytes][Goodput ratio: 71/96][3.12 sec][Hostname/SNI: yt3.ggpht.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 70/69 15/12][Pkt Len c2s/s2c min/avg/max/stddev: 77/73 143/1120 1392/1392 176/437][User-Agent: beta Chrome/57.0.2987.98 Intel Mac OS X 10_12_3][QUIC ver: Q035][PLAIN TEXT (yt3.ggpht.com)][Plen Bins: 0,31,1,12,8,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,41,0,0,0,0,0] 2 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Advertisement/101][9 pkts/3929 bytes <-> 9 pkts/4736 bytes][Goodput ratio: 90/92][0.44 sec][Hostname/SNI: googleads.g.doubleclick.net][bytes ratio: -0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 36/37 114/158 48/52][Pkt Len c2s/s2c min/avg/max/stddev: 80/69 437/526 1392/1392 524/546][User-Agent: beta Chrome/57.0.2987.98 Intel Mac OS X 10_12_3][QUIC ver: Q035][PLAIN TEXT (googleads.g.doubleclick.net)][Plen Bins: 16,39,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0] 3 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Advertisement/101][7 pkts/2312 bytes <-> 6 pkts/2167 bytes][Goodput ratio: 87/88][0.56 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: 0.032 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/8 40/17 89/44 35/17][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 330/361 1392/1392 449/479][User-Agent: beta Chrome/57.0.2987.98 Intel Mac OS X 10_12_3][QUIC ver: Q035][PLAIN TEXT (pagead2.googlesyndication.com)][Plen Bins: 23,30,7,0,7,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0] diff --git a/tests/cfgs/default/result/youtubeupload.pcap.out b/tests/cfgs/default/result/youtubeupload.pcap.out index f8ff136ce..f2ee85a09 100644 --- a/tests/cfgs/default/result/youtubeupload.pcap.out +++ b/tests/cfgs/default/result/youtubeupload.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) YouTubeUpload 137 127038 3 +Fun 137 127038 3 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.27 1 diff --git a/tests/cfgs/default/result/z3950.pcapng.out b/tests/cfgs/default/result/z3950.pcapng.out index 57f7469a2..0de430071 100644 --- a/tests/cfgs/default/result/z3950.pcapng.out +++ b/tests/cfgs/default/result/z3950.pcapng.out @@ -26,5 +26,7 @@ Patricia protocols IPv6: 0/0 (search/found) Z3950 31 6308 2 +Acceptable 31 6308 2 + 1 TCP 192.168.2.100:58921 <-> 193.174.240.93:210 [proto: 260/Z3950][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 15][cat: Network/14][7 pkts/623 bytes <-> 8 pkts/4374 bytes][Goodput ratio: 37/90][1.55 sec][bytes ratio: -0.751 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 293/29 1341/73 524/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/547 170/1506 44/623][PLAIN TEXT (p.5.4.1 12b)][Plen Bins: 25,0,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 2 TCP 192.168.0.20:46524 <-> 129.187.139.43:9991 [proto: 260/Z3950][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Network/14][10 pkts/764 bytes <-> 6 pkts/547 bytes][Goodput ratio: 28/36][76.54 sec][bytes ratio: 0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 1539/3022 9007/9037 3003/4253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 76/91 138/167 32/37][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (p/5.27.1 872b)][Plen Bins: 0,50,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/zabbix.pcap.out b/tests/cfgs/default/result/zabbix.pcap.out index 7e9b1b264..6a1c7eb82 100644 --- a/tests/cfgs/default/result/zabbix.pcap.out +++ b/tests/cfgs/default/result/zabbix.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Zabbix 236 24571 24 +Acceptable 236 24571 24 + 1 TCP 192.168.7.16:36699 <-> 192.168.7.17:10051 [proto: 248/Zabbix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/429 bytes <-> 5 pkts/1083 bytes][Goodput ratio: 21/69][0.00 sec][bytes ratio: -0.433 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 2/2 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86/217 157/811 36/297][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.7.16:60217 <-> 192.168.7.17:10051 [proto: 248/Zabbix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/429 bytes <-> 5 pkts/1083 bytes][Goodput ratio: 21/69][0.00 sec][bytes ratio: -0.433 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 2/2 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86/217 157/811 36/297][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.7.16:50639 <-> 192.168.7.17:10051 [proto: 248/Zabbix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/669 bytes <-> 5 pkts/436 bytes][Goodput ratio: 49/22][0.00 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 134/87 397/164 132/39][Plen Bins: 0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/zattoo.pcap.out b/tests/cfgs/default/result/zattoo.pcap.out index 63b207f08..7ce3c0ab8 100644 --- a/tests/cfgs/default/result/zattoo.pcap.out +++ b/tests/cfgs/default/result/zattoo.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Zattoo 32 13467 2 +Fun 32 13467 2 + JA3 Host Stats: IP Address # JA3C 1 10.101.0.2 1 diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out index ae1454ba8..d0863243e 100644 --- a/tests/cfgs/default/result/zoom.pcap.out +++ b/tests/cfgs/default/result/zoom.pcap.out @@ -40,6 +40,10 @@ Spotify 1 86 1 Zoom 635 354005 19 GoogleServices 4 1060 1 +Safe 40 11444 4 +Acceptable 656 357338 28 +Fun 1 86 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.117 4 diff --git a/tests/cfgs/default/result/zoom2.pcap.out b/tests/cfgs/default/result/zoom2.pcap.out index f000bb544..c106b7a91 100644 --- a/tests/cfgs/default/result/zoom2.pcap.out +++ b/tests/cfgs/default/result/zoom2.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) ICMP 6 420 1 Zoom 2508 652095 4 +Acceptable 2514 652515 5 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 1 diff --git a/tests/cfgs/default/result/zoom_p2p.pcapng.out b/tests/cfgs/default/result/zoom_p2p.pcapng.out index 98930cc82..d8d8c9e02 100644 --- a/tests/cfgs/default/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out @@ -30,6 +30,8 @@ ICMP 53 6042 2 Dropbox 16 2784 1 Zoom 691 262429 8 +Acceptable 763 271804 12 + 1 UDP 192.168.12.156:39065 <-> 192.168.1.226:46757 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 13][cat: Video/26][148 pkts/108673 bytes <-> 174 pkts/110457 bytes][Goodput ratio: 94/93][1.67 sec][bytes ratio: -0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 88/71 15/12][Pkt Len c2s/s2c min/avg/max/stddev: 127/98 734/635 1269/1302 277/371][PLAIN TEXT (192.168.1.226)][Plen Bins: 0,0,9,1,0,0,0,6,1,0,0,0,0,2,5,11,10,5,4,4,2,0,0,1,2,2,0,0,0,0,0,1,16,0,0,0,3,1,5,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:49579 -> 10.78.14.178:49586 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 13][cat: Video/26][154 pkts/19404 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][4.51 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/0 82/0 14/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:42208 -> 10.78.14.178:47312 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 13][cat: Video/26][130 pkts/16380 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][2.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/0 82/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out b/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out index a92c1e2a1..9ec6cc126 100644 --- a/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out +++ b/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out @@ -27,6 +27,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 29 23166 1 Ookla 84 15245 5 +Safe 113 38411 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 2 diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out index 97289a8a4..2e185a07f 100644 --- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) Google 2 262 1 +Acceptable 2 262 1 + 1 UDP 192.168.1.168:65311 <-> 8.8.8.8:53 [proto: 126/Google][IP: 126/Google][Encrypted][Confidence: Match by IP][DPI packets: 2][cat: Web/5][1 pkts/103 bytes <-> 1 pkts/159 bytes][Goodput ratio: 59/73][0.02 sec][PLAIN TEXT (fhkfhsdkfhsk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_protocols/result/pluralsight.pcap.out b/tests/cfgs/disable_protocols/result/pluralsight.pcap.out index d12e740d9..f8bf592cb 100644 --- a/tests/cfgs/disable_protocols/result/pluralsight.pcap.out +++ b/tests/cfgs/disable_protocols/result/pluralsight.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 44 29652 6 +Safe 44 29652 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out index 090d96775..bfe981af0 100644 --- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) Facebook 20 11399 1 +Fun 20 11399 1 + 1 UDP 10.0.2.15:35957 <-> 69.171.250.15:443 [proto: 119/Facebook][IP: 119/Facebook][Encrypted][Confidence: Match by IP][DPI packets: 13][cat: SocialNetwork/6][7 pkts/3196 bytes <-> 13 pkts/8203 bytes][Goodput ratio: 79/85][8.96 sec][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1782/811 8808/8827 3513/2535][Pkt Len c2s/s2c min/avg/max/stddev: 128/115 457/631 1326/1346 492/540][PLAIN TEXT (Xic gcl)][Plen Bins: 20,25,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,5,20,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_protocols/result/soap.pcap.out b/tests/cfgs/disable_protocols/result/soap.pcap.out index 6ae3e63b5..b5a75cf50 100644 --- a/tests/cfgs/disable_protocols/result/soap.pcap.out +++ b/tests/cfgs/disable_protocols/result/soap.pcap.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 19 9442 2 Microsoft 1 1506 1 +Safe 1 1506 1 +Acceptable 19 9442 2 + 1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 14][cat: Web/5][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] 2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Web/5][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out b/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out index 9bd908eb3..cadb0b147 100644 --- a/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out +++ b/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 120 14592 1 +Safe 120 14592 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.253 1 diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out index 03f0bc80a..af5a095d2 100644 --- a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out +++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out @@ -44,6 +44,12 @@ MpegDash 1 299 1 1kxun 914 1969311 48 Line 30 19034 3 +Safe 124 28754 9 +Acceptable 622 514902 119 +Fun 948 1976493 53 +Dangerous 5 1197 2 +Unrated 24 6428 14 + Payload Analysis [....] [2E 2E 2E 2E] [len: 4][num_occurrencies: 437][flowId: 0 7 9 10 12 13 3 15 17 18 19 23 25 32 33 38 42 46 47 48 51 52 54 61 62 63 66 67 68 71 72 75 77 79 80 81 84 89 90 91 94 95 96 97 98 99 100 101 102 103 107 110 111 113 114 117 119 120 121 122 123 124 125 126 127 128 146 159][packetIds: 1 2 11 14 15 17 18 19 20 21 29 30 32 35 36 39 40 41 42 43 44 48 49 52 53 54 55 56 59 69 70 71 84 85 198 199 387 388 472 473 474 507 539 547 554 555 563 564 583 589 591 592 594 595 597 598 602 642 643 645 646 648 651 654 657 658 662 665 666 667 669 670 671 672 673 682 684 686 687 688 690 691 696 703 706 730 731 733 734 738 740 743 755 756 761 773 774 775 777 778 780 781 787 788 798 799 800 801 803 814 820 822 827 828 829 830 831 835 836 858 859 901 902 903 904 930 931 932 941 985 986 991 994 995 996 1008 1009 1011 1012 1015 1016 1017 1018 1021 1023 1024 1025 1026 1304 1383] |