diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2025-06-23 16:03:44 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-06-23 16:03:44 +0200 |
| commit | 5db40f7598fa45d87cb7f7964d90f0bc2e31798f (patch) | |
| tree | e1ce5440fa80e99b250a44622e1dabfe2eca0733 | |
| parent | 6dda4833293cda6a56fc1a5d7e36e890df91cab7 (diff) | |
Classify Tracking/ADS/Analytics traffic only via category (#2900)
See 3a243bb40 for similar work about porn and LLM
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 2 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 231 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 5 | ||||
| -rw-r--r-- | tests/cfgs/default/result/alexa-app.pcapng.out | 16 | ||||
| -rw-r--r-- | tests/cfgs/default/result/pinterest.pcap.out | 14 | ||||
| -rw-r--r-- | tests/cfgs/default/result/reddit.pcap.out | 18 | ||||
| -rw-r--r-- | tests/cfgs/default/result/tumblr.pcap.out | 14 | ||||
| -rw-r--r-- | tests/cfgs/default/result/tunnelbear.pcap.out | 16 | ||||
| -rw-r--r-- | tests/cfgs/default/result/viber.pcap.out | 4 |
10 files changed, 157 insertions, 165 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index c653f1ce0..a4a4fc7fe 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -135,7 +135,7 @@ typedef enum { NDPI_PROTOCOL_ARMAGETRON = 104, NDPI_PROTOCOL_CROSSFIRE = 105, NDPI_PROTOCOL_DOFUS = 106, - NDPI_PROTOCOL_ADS_ANALYTICS_TRACK = 107, /* Generic id for advertisement/analytics/tracking stuff */ + NDPI_PROTOCOL_FREE_107 = 107, /* Free to use */ NDPI_PROTOCOL_FREE = 108, /* Free to use */ NDPI_PROTOCOL_GUILDWARS2 = 109, NDPI_PROTOCOL_AMAZON_ALEXA = 110, diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c4d0b8687..714cdee0d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1135,7 +1135,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_MINING = 99, NDPI_PROTOCOL_CATEGORY_MALWARE = 100, - NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT = 101, + NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT = 101, /* Advertisement, ADS & analytics */ NDPI_PROTOCOL_CATEGORY_BANNED_SITE = 102, NDPI_PROTOCOL_CATEGORY_SITE_UNAVAILABLE = 103, NDPI_PROTOCOL_CATEGORY_ALLOWED_SITE = 104, diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 6746cf291..bf9611181 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1379,7 +1379,7 @@ static ndpi_protocol_match host_match[] = { "cloud.yandex.", "YandexCloud", NDPI_PROTOCOL_YANDEX_CLOUD, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "metrika.yandex.", "YandexMetrika", NDPI_PROTOCOL_YANDEX_METRIKA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "appmetrika.yandex.", "YandexMetrika", NDPI_PROTOCOL_YANDEX_METRIKA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "direct.yandex.", "YandexDirect", NDPI_PROTOCOL_YANDEX_DIRECT, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "direct.yandex.", "YandexDirect", NDPI_PROTOCOL_YANDEX_DIRECT, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "quasar.yandex.", "YandexAlice", NDPI_PROTOCOL_YANDEX_ALICE, NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "scbh.yandex.", "YandexAlice", NDPI_PROTOCOL_YANDEX_ALICE, NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, @@ -1424,122 +1424,6 @@ static ndpi_protocol_match host_match[] = { "mullvad.net", "Mullvad", NDPI_PROTOCOL_MULLVAD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* - ADS/tracking/analytic - */ - /* Chartbeat is a technology company that provides data and analytics to global publishers */ - { "chartbeat.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "chartbeat.net", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Httppool is a global cross-channel advertising network */ - { "httpool.", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Simplifi Holdings is a company that provides online advertising services */ - { "simpli.fi", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Admixer Technologies is a company that develops and maintains products in the field of digital advertising management */ - { "admixer.", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* AppDynamics by Cisco */ - { "appdynamics.", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "eum-appdynamics.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Smaato is a digital ad tech platform and ad server */ - { "smaato.net", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "smaato.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* MoPub, a Twitter company, provides monetization solutions */ - { "mopub.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* AppsFlyer is a SaaS mobile marketing analytics and attribution platform */ - { "appsflyer.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "appsflyersdk.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Adjust is the mobile marketing platform for marketers around the world */ - { "adjust.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "adjust.net.in", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "adjust.world", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Helpshift enables brands to deliver superior digital customer service digital channels*/ - { "helpshift.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* AppLovin is a mobile marketing platform */ - { "applovin.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* AdRight is an innovative online advertising network */ - { "adright.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* MGID: Native Visitors Acquisition for Advertisers */ - { "mgid.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* InMobi is the world's leading mobile marketing and advertising platform provider */ - { "inmobi.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* AdColony - Elevating mobile advertising */ - { "adcolony.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Supersonicads: App monetization done right */ - { "supersonicads.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Criteo is an advertising company that provides online display advertisements */ - { "criteo.net", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "criteo.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Flurry is an American mobile analytics, monetization, and advertising company */ - { "flurry.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Taboola is the world's leading discovery & native advertising platform */ - { "taboola.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Market research community, a leading global market research effort that studies and reports on Internet trends and behavior. */ - { "scorecardresearch.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Magnite Inc. (formerly Rubicon Project) is an American online advertising technology firm */ - { "rubiconproject.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Adnxs.com is run by AppNexus, a company that provides technology, data and analytics to help companies buy and sell online display advertising */ - { "adnxs.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* PubMatic, Inc. is a company that develops and implements online advertising software */ - { "pubmatic.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "pubmatic.co.jp", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* “OpenX’s unified monetization platform */ - { "openx.net", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "openx.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "servedbyopenx.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* AddThis share buttons, targeting tools and content recommendations help you get more likes, shares and followers */ - { "addthis.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "addthisedge.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* NEXAGE offers a mobile advertising platform that provides private and public exchanges */ - { "nexage.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* RadiumOne (formerly GWallet) is a digital advertising company */ - { "gwallet.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Kochava is the industry leader for mobile app attribution and mobile app analytics */ - { "kochava.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Adobe analytics */ - { "assets.adobedtm.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "commerce.adobedtm.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Chartboost is a San Francisco-based mobile game in-app programmatic advertising and monetization platform */ - { "chartboost.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Vungle is an ad network */ - { "vungle.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Adkernel offers technological solutions catering to digital advertising publishers, advertisers, exchanges, and networks */ - { "adkernel.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Adform serves as a unified advertising platform that integrates various aspects of digital advertising */ - { "adform.net", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Lemma develops integrated platforms and solutions for efficient campaign management and high-performance advertising */ - { "lemmatechnologies.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Vidoomy is a company that focuses on Digital Video Advertising expertise. */ - { "vidoomy.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* StackAdapt is a self-serve programmatic advertising platform preferred by top-tier digital marketers */ - { "stackadapt.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Hotjar stands as an all-in-one platform that combines digital experience insights and behavior analytics */ - { "hotjar.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* New Relic is a company headquartered in the United States that specializes in web tracking and analytics. */ - { "newrelic.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Unruly is a London-based ad tech company that maximizes video viewership and sharing across the Open Web. */ - { "unrulymedia.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* TV Squared Inc. offers a TV attribution modeling platform, providing a cloud-based software platform for measuring, optimizing, and enhancing television advertising campaigns. */ - { "tvsquared.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Mixpanel facilitates global data analysis by offering event analytics, enabling valuable insights to be derived from data. */ - { "mixpanel.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Equativ (formerly known as Smart AdServer) is a French advertising technology company */ - { "smartadserver.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Twitter ADS */ - { "ads-twitter.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* TANX (Taobao Ad Network and Exchange) is an advertising and marketing platform based in China */ - { "tanx.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Optimove is a marketing and customer relationship management (CRM) platform that specializes in customer retention and marketing automation. The company acquired Kumulos in 2022. */ - { "optimove.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "optimove.net", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Moloco offers programmatic advertising solutions to help optimize the client's acquisition, retention, and monetization campaigns */ - { "adsmoloco.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "moloco.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* The Unity Ads SDK provides a comprehensive monetization framework for your game, whether you develop in Unity, Xcode, or Android Studio */ - { "unityads.unity3d.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "iads.unity3d.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - /* Amazon Ads helps you reach customers at scale through full-funnel advertising across streaming, shopping, and everything in-between */ - { "amazon-adsystem.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL }, - - { "tesla.services", "TeslaServices", NDPI_PROTOCOL_TESLA_SERVICES, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "digitalassets.tesla.com", "TeslaServices", NDPI_PROTOCOL_TESLA_SERVICES, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, @@ -1841,5 +1725,118 @@ static ndpi_category_match category_match[] = { { "ollama.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE }, { "huggingface.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE }, + /* ADS & Tracking & Analytics */ + /* Chartbeat is a technology company that provides data and analytics to global publishers */ + { "chartbeat.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "chartbeat.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Httppool is a global cross-channel advertising network */ + { "httpool.", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Simplifi Holdings is a company that provides online advertising services */ + { "simpli.fi", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Admixer Technologies is a company that develops and maintains products in the field of digital advertising management */ + { "admixer.", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* AppDynamics by Cisco */ + { "appdynamics.", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "eum-appdynamics.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Smaato is a digital ad tech platform and ad server */ + { "smaato.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "smaato.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* MoPub, a Twitter company, provides monetization solutions */ + { "mopub.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* AppsFlyer is a SaaS mobile marketing analytics and attribution platform */ + { "appsflyer.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "appsflyersdk.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Adjust is the mobile marketing platform for marketers around the world */ + { "adjust.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "adjust.net.in", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "adjust.world", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Helpshift enables brands to deliver superior digital customer service digital channels*/ + { "helpshift.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* AppLovin is a mobile marketing platform */ + { "applovin.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* AdRight is an innovative online advertising network */ + { "adright.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* MGID: Native Visitors Acquisition for Advertisers */ + { "mgid.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* InMobi is the world's leading mobile marketing and advertising platform provider */ + { "inmobi.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* AdColony - Elevating mobile advertising */ + { "adcolony.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Supersonicads: App monetization done right */ + { "supersonicads.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Criteo is an advertising company that provides online display advertisements */ + { "criteo.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "criteo.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Flurry is an American mobile analytics, monetization, and advertising company */ + { "flurry.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Taboola is the world's leading discovery & native advertising platform */ + { "taboola.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Market research community, a leading global market research effort that studies and reports on Internet trends and behavior. */ + { "scorecardresearch.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Magnite Inc. (formerly Rubicon Project) is an American online advertising technology firm */ + { "rubiconproject.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Adnxs.com is run by AppNexus, a company that provides technology, data and analytics to help companies buy and sell online display advertising */ + { "adnxs.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* PubMatic, Inc. is a company that develops and implements online advertising software */ + { "pubmatic.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "pubmatic.co.jp", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* “OpenX’s unified monetization platform */ + { "openx.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "openx.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "servedbyopenx.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* AddThis share buttons, targeting tools and content recommendations help you get more likes, shares and followers */ + { "addthis.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "addthisedge.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* NEXAGE offers a mobile advertising platform that provides private and public exchanges */ + { "nexage.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* RadiumOne (formerly GWallet) is a digital advertising company */ + { "gwallet.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Kochava is the industry leader for mobile app attribution and mobile app analytics */ + { "kochava.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Adobe analytics */ + { "assets.adobedtm.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "commerce.adobedtm.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Chartboost is a San Francisco-based mobile game in-app programmatic advertising and monetization platform */ + { "chartboost.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Vungle is an ad network */ + { "vungle.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Adkernel offers technological solutions catering to digital advertising publishers, advertisers, exchanges, and networks */ + { "adkernel.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Adform serves as a unified advertising platform that integrates various aspects of digital advertising */ + { "adform.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Lemma develops integrated platforms and solutions for efficient campaign management and high-performance advertising */ + { "lemmatechnologies.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Vidoomy is a company that focuses on Digital Video Advertising expertise. */ + { "vidoomy.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* StackAdapt is a self-serve programmatic advertising platform preferred by top-tier digital marketers */ + { "stackadapt.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Hotjar stands as an all-in-one platform that combines digital experience insights and behavior analytics */ + { "hotjar.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* New Relic is a company headquartered in the United States that specializes in web tracking and analytics. */ + { "newrelic.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Unruly is a London-based ad tech company that maximizes video viewership and sharing across the Open Web. */ + { "unrulymedia.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* TV Squared Inc. offers a TV attribution modeling platform, providing a cloud-based software platform for measuring, optimizing, and enhancing television advertising campaigns. */ + { "tvsquared.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Mixpanel facilitates global data analysis by offering event analytics, enabling valuable insights to be derived from data. */ + { "mixpanel.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Equativ (formerly known as Smart AdServer) is a French advertising technology company */ + { "smartadserver.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Twitter ADS */ + { "ads-twitter.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* TANX (Taobao Ad Network and Exchange) is an advertising and marketing platform based in China */ + { "tanx.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Optimove is a marketing and customer relationship management (CRM) platform that specializes in customer retention and marketing automation. The company acquired Kumulos in 2022. */ + { "optimove.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "optimove.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Moloco offers programmatic advertising solutions to help optimize the client's acquisition, retention, and monetization campaigns */ + { "adsmoloco.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "moloco.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* The Unity Ads SDK provides a comprehensive monetization framework for your game, whether you develop in Unity, Xcode, or Android Studio */ + { "unityads.unity3d.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { "iads.unity3d.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + /* Amazon Ads helps you reach customers at scale through full-funnel advertising across streaming, shopping, and everything in-between */ + { "amazon-adsystem.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT }, + { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a36243e75..2858085ca 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2909,6 +2909,11 @@ static void init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_str ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */, 0); + ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE_107, + "FREE_107", NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_QOE_CATEGORY_UNSPECIFIED, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */, + 0); #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main.c" diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out index dc125d5d2..0a088ff43 100644 --- a/tests/cfgs/default/result/alexa-app.pcapng.out +++ b/tests/cfgs/default/result/alexa-app.pcapng.out @@ -9,13 +9,13 @@ Num dissector calls: 534 (3.34 diss/flow) LRU cache ookla: 0/5/0 (insert/search/found) LRU cache bittorrent: 0/42/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/12/0 (insert/search/found) +LRU cache tls_cert: 0/14/0 (insert/search/found) LRU cache mining: 0/14/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) -LRU cache fpc_dns: 52/121/116 (insert/search/found) -Automa host: 166/166 (search/found) +LRU cache fpc_dns: 51/121/115 (insert/search/found) +Automa host: 166/163 (search/found) Automa domain: 166/0 (search/found) -Automa tls cert: 0/0 (search/found) +Automa tls cert: 1/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 150/150 (search/found) Patricia risk mask: 20/0 (search/found) @@ -30,9 +30,8 @@ HTTP 9 548 1 DHCP 3 1056 2 ICMP 2 188 1 IGMP 2 92 1 -TLS 117 15241 11 +TLS 136 21337 12 ICMPV6 12 936 4 -ADS_Analytic_Track 19 6096 1 AmazonAlexa 1038 318979 47 Google 14 1498 2 HTTP_Proxy 27 1930 5 @@ -41,9 +40,8 @@ PlayStore 19 7852 1 GoogleServices 17 2587 1 AmazonAWS 373 141134 14 -Safe 136 23093 12 +Safe 155 29189 13 Acceptable 2919 1140556 147 -Tracker_Ads 19 6096 1 Web 1530 685327 56 Cloud 373 141134 14 @@ -127,7 +125,7 @@ JA Host Stats: 67 TCP 172.16.42.216:45694 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 7][cat: VirtAssistant/32][11 pkts/1845 bytes <-> 9 pkts/4385 bytes][Goodput ratio: 67/88][4.64 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 515/26 4284/78 1333/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/487 752/1514 212/577][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 68 TCP 172.16.42.216:34053 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: DNS][DPI packets: 7][cat: Cloud/13][11 pkts/4927 bytes <-> 9 pkts/1231 bytes][Goodput ratio: 88/57][2.15 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/131 950/512 322/198][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 448/137 1514/449 584/126][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,25,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,12,0,0] 69 TCP 172.16.42.216:50800 <-> 54.239.28.178:443 [proto: 91.110/TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 7][cat: VirtAssistant/32][9 pkts/1769 bytes <-> 8 pkts/4341 bytes][Goodput ratio: 71/90][0.63 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/41 233/155 85/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/543 784/1514 236/591][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 70 TCP 172.16.42.216:33556 <-> 52.94.232.0:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 107/ADS_Analytic_Track, Confidence: DNS][DPI packets: 9][cat: Advertisement/101][10 pkts/1505 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 63/89][141.56 sec][Hostname/SNI: mads.amazon-adsystem.com][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/52 174/172 68/74][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 150/510 642/1514 180/582][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: mads.amazon-adsystem.com,mads.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com][Certificate SHA-1: E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB][Firefox][Validity: 2016-09-23 00:00:00 - 2017-10-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,12,0,0,0,12,0,0,0,0,12,0,0,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 70 TCP 172.16.42.216:33556 <-> 52.94.232.0:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 9][cat: Advertisement/101][10 pkts/1505 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 63/89][141.56 sec][Hostname/SNI: mads.amazon-adsystem.com][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/52 174/172 68/74][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 150/510 642/1514 180/582][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: mads.amazon-adsystem.com,mads.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com][Certificate SHA-1: E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB][Firefox][Validity: 2016-09-23 00:00:00 - 2017-10-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,12,0,0,0,12,0,0,0,0,12,0,0,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 71 TCP 172.16.42.216:45695 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 5][cat: VirtAssistant/32][13 pkts/4352 bytes <-> 10 pkts/1702 bytes][Goodput ratio: 83/66][4.61 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.438 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/36 165/70 55/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 335/170 1514/555 510/190][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,20,10,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 72 TCP 172.16.42.216:45688 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 5][cat: VirtAssistant/32][12 pkts/4484 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 85/68][0.83 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.514 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 82/34 462/65 131/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 374/180 1514/891 537/270][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 73 TCP 172.16.42.216:42144 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 7][cat: Web/5][12 pkts/4652 bytes <-> 11 pkts/1197 bytes][Goodput ratio: 86/46][1.06 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/17 110/64 38/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/109 1514/445 525/115][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] diff --git a/tests/cfgs/default/result/pinterest.pcap.out b/tests/cfgs/default/result/pinterest.pcap.out index 9007f0d8b..88b469a74 100644 --- a/tests/cfgs/default/result/pinterest.pcap.out +++ b/tests/cfgs/default/result/pinterest.pcap.out @@ -7,13 +7,13 @@ Num dissector calls: 21 (0.57 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/48/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/4/0 (insert/search/found) +LRU cache tls_cert: 0/6/0 (insert/search/found) LRU cache mining: 0/16/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache fpc_dns: 0/36/0 (insert/search/found) -Automa host: 21/18 (search/found) +Automa host: 21/17 (search/found) Automa domain: 21/0 (search/found) -Automa tls cert: 1/0 (search/found) +Automa tls cert: 2/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 40/40 (search/found) Patricia risk mask: 0/0 (search/found) @@ -23,17 +23,15 @@ Patricia risk IPv6: 37/0 (search/found) Patricia protocols: 0/0 (search/found) Patricia protocols IPv6: 54/20 (search/found) -TLS 157 68609 19 -ADS_Analytic_Track 48 23075 1 +TLS 205 91684 20 Facebook 84 77604 2 Google 328 150112 5 Pinterest 239 115791 9 GoogleServices 55 11104 1 -Safe 157 68609 19 +Safe 205 91684 20 Acceptable 383 161216 6 Fun 323 193395 11 -Tracker_Ads 48 23075 1 Media 34 17966 1 Web 445 181748 23 @@ -51,7 +49,7 @@ JA Host Stats: 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43562 <-> [2a00:1450:4007:805::2003]:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][17 pkts/1782 bytes <-> 33 pkts/34703 bytes][Goodput ratio: 18/92][0.20 sec][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/6 28/173 8/32][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 105/1052 244/1294 46/464][Plen Bins: 0,6,0,6,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,75,0,0,0,0,0,0,0,0,0,0] 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38546 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: SocialNetwork/6][23 pkts/3137 bytes <-> 29 pkts/28329 bytes][Goodput ratio: 37/91][0.38 sec][Hostname/SNI: assets.pinterest.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.801 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/14 111/135 29/35][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 136/977 603/1474 118/629][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,7,3,3,0,0,3,7,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,63,0,0,0,0] 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:45126 <-> [2a00:1450:4007:80a::200e]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][26 pkts/3664 bytes <-> 35 pkts/26447 bytes][Goodput ratio: 39/89][0.43 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/6 157/112 39/22][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/756 603/1294 126/544][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,9,12,0,0,0,2,0,2,0,0,5,2,0,2,0,2,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,2,0,50,0,0,0,0,0,0,0,0,0,0] - 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40114 <-> [64:ff9b::9765:7a6e]:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Advertisement/101][22 pkts/2917 bytes <-> 26 pkts/20158 bytes][Goodput ratio: 35/89][0.13 sec][Hostname/SNI: js-agent.newrelic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/3 45/37 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 133/775 603/1134 119/476][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net][Certificate SHA-1: BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0][Chrome][Validity: 2020-10-23 11:03:25 - 2021-05-07 20:27:49][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,8,4,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40114 <-> [64:ff9b::9765:7a6e]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Advertisement/101][22 pkts/2917 bytes <-> 26 pkts/20158 bytes][Goodput ratio: 35/89][0.13 sec][Hostname/SNI: js-agent.newrelic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/3 45/37 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 133/775 603/1134 119/476][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net][Certificate SHA-1: BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0][Chrome][Validity: 2020-10-23 11:03:25 - 2021-05-07 20:27:49][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,8,4,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38512 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][18 pkts/4393 bytes <-> 21 pkts/18564 bytes][Goodput ratio: 65/90][0.12 sec][Hostname/SNI: s.pinimg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/2 32/30 11/7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 244/884 1040/1474 244/663][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,8,4,0,0,0,0,13,8,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,48,0,0,0,0] 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57050 <-> [2a04:4e42:1d::720]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Media/1][17 pkts/2547 bytes <-> 17 pkts/15419 bytes][Goodput ratio: 42/90][0.12 sec][Hostname/SNI: images.unsplash.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.716 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 50/32 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 150/907 603/1474 144/652][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net][Certificate SHA-1: 1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6][Chrome][Validity: 2020-11-12 16:39:14 - 2021-07-07 17:15:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,6,0,0,0,0,6,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,57,0,0,0,0] 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33262 <-> [64:ff9b::9765:7854]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: SocialNetwork/6][15 pkts/2410 bytes <-> 20 pkts/12882 bytes][Goodput ratio: 46/87][0.32 sec][Hostname/SNI: www.pinterest.fr][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.685 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/16 41/172 12/42][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 161/644 603/1134 150/483][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,15,5,0,0,0,0,5,0,0,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/reddit.pcap.out b/tests/cfgs/default/result/reddit.pcap.out index e2b2d2d12..a1ba4719c 100644 --- a/tests/cfgs/default/result/reddit.pcap.out +++ b/tests/cfgs/default/result/reddit.pcap.out @@ -7,13 +7,13 @@ Num dissector calls: 59 (0.98 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/12/0 (insert/search/found) +LRU cache tls_cert: 0/18/0 (insert/search/found) LRU cache mining: 0/1/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache fpc_dns: 0/60/0 (insert/search/found) -Automa host: 70/53 (search/found) +Automa host: 70/50 (search/found) Automa domain: 70/0 (search/found) -Automa tls cert: 2/0 (search/found) +Automa tls cert: 3/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 118/118 (search/found) Patricia risk mask: 0/0 (search/found) @@ -23,18 +23,16 @@ Patricia risk IPv6: 60/0 (search/found) Patricia protocols: 0/0 (search/found) Patricia protocols IPv6: 94/26 (search/found) -TLS 175 62439 7 -ADS_Analytic_Track 127 68146 3 +TLS 302 130585 10 Twitter 108 33623 3 YouTube 103 37264 3 Google 567 201496 19 Reddit 522 181584 20 GoogleServices 340 129444 5 -Safe 175 62439 7 +Safe 302 130585 10 Acceptable 907 330940 24 Fun 733 252471 26 -Tracker_Ads 127 68146 3 Media 103 37264 3 Web 758 282706 21 @@ -48,7 +46,7 @@ JA Host Stats: 1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50960 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][63 pkts/9382 bytes <-> 101 pkts/50108 bytes][Goodput ratio: 42/83][11.54 sec][Hostname/SNI: www.googletagservices.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.685 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 175/97 3298/3291 595/448][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/496 1254/2419 170/528][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,27,7,4,3,9,1,3,4,0,0,1,1,0,1,2,1,0,1,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,24,0,0,0,0,0,0,0,0,0,1] 2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56594 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][56 pkts/6579 bytes <-> 56 pkts/43995 bytes][Goodput ratio: 27/89][10.00 sec][Hostname/SNI: b.thumbs.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 223/78 6000/1288 917/258][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/786 603/1134 85/450][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.thumbs.redditmedia.com,thumbs.redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com][Certificate SHA-1: FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75][Chrome][Validity: 2020-02-18 00:00:00 - 2021-05-14 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,1,15,3,0,0,0,0,3,0,1,0,0,1,3,0,1,3,0,1,0,0,0,0,0,0,0,0,0,1,1,0,63,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43492 <-> [64:ff9b::df9:21c6]:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][32 pkts/4130 bytes <-> 41 pkts/43404 bytes][Goodput ratio: 33/92][3.33 sec][Hostname/SNI: c.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.826 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/83 2442/2482 493/425][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1059 603/2862 111/716][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,0,7,2,2,0,0,2,2,5,2,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,5] + 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43492 <-> [64:ff9b::df9:21c6]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][32 pkts/4130 bytes <-> 41 pkts/43404 bytes][Goodput ratio: 33/92][3.33 sec][Hostname/SNI: c.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.826 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/83 2442/2482 493/425][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1059 603/2862 111/716][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,0,7,2,2,0,0,2,2,5,2,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,5] 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36964 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][32 pkts/4373 bytes <-> 53 pkts/40038 bytes][Goodput ratio: 37/89][0.36 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/138 11/21][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/755 603/2556 117/617][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,8,3,0,8,3,1,6,1,3,1,0,1,1,1,0,1,0,1,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,41,0,0,0,0,0,0,0,0,0,3] 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39520 <-> [2a00:1450:4007:816::2008]:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][33 pkts/3852 bytes <-> 36 pkts/38105 bytes][Goodput ratio: 26/92][0.21 sec][Hostname/SNI: www.googletagmanager.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.816 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 43/38 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/1058 603/2502 99/724][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,2,5,0,0,0,0,0,2,0,0,0,0,0,5,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0,0,0,0,0,0,0,14] 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58122 <-> [2a00:1450:4007:805::2001]:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Media/1][34 pkts/4406 bytes <-> 37 pkts/20521 bytes][Goodput ratio: 33/84][9.61 sec][Hostname/SNI: yt3.ggpht.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 352/8 9266/68 1748/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 130/555 603/1294 104/520][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,17,5,17,0,0,0,0,2,0,2,0,2,2,0,2,5,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0] @@ -59,7 +57,7 @@ JA Host Stats: 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40028 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][25 pkts/5078 bytes <-> 28 pkts/7828 bytes][Goodput ratio: 57/69][14.15 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.213 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/634 75/13857 21/2886][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 203/280 910/1294 240/323][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,27,15,3,0,0,3,0,0,11,3,0,0,0,0,3,3,0,3,7,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56782 <-> [64:ff9b::68f4:2ac8]:443 [proto: 91.120/TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][23 pkts/5030 bytes <-> 22 pkts/7292 bytes][Goodput ratio: 61/74][4.33 sec][Hostname/SNI: syndication.twitter.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 216/228 2512/2545 565/587][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 219/331 854/1474 227/405][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com][Certificate SHA-1: 09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F][Chrome][Validity: 2020-01-02 00:00:00 - 2020-12-24 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,15,0,20,0,0,4,4,4,15,0,0,4,0,4,0,4,0,0,0,4,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0] 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56640 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][23 pkts/3696 bytes <-> 22 pkts/8527 bytes][Goodput ratio: 46/78][0.57 sec][Hostname/SNI: gateway.reddit.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.395 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/30 307/307 76/75][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 161/388 603/1134 157/388][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,20,4,4,0,0,0,4,0,0,4,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46646 <-> [64:ff9b::345f:7ca5]:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Advertisement/101][14 pkts/3201 bytes <-> 13 pkts/8450 bytes][Goodput ratio: 62/87][0.22 sec][Hostname/SNI: aax-eu.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/17 60/42 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 229/650 762/1446 254/571][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com][JA3S: 49b45fc1ab090aa3a159778313fc9b9e][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=aax-eu.amazon-adsystem.com][Certificate SHA-1: 5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B][Chrome][Validity: 2020-06-15 00:00:00 - 2021-06-15 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,8,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,8,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0] + 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46646 <-> [64:ff9b::345f:7ca5]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Advertisement/101][14 pkts/3201 bytes <-> 13 pkts/8450 bytes][Goodput ratio: 62/87][0.22 sec][Hostname/SNI: aax-eu.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/17 60/42 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 229/650 762/1446 254/571][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com][JA3S: 49b45fc1ab090aa3a159778313fc9b9e][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=aax-eu.amazon-adsystem.com][Certificate SHA-1: 5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B][Chrome][Validity: 2020-06-15 00:00:00 - 2021-06-15 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,8,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,8,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0] 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59624 <-> [2a00:1450:4007:80b::2001]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][18 pkts/2649 bytes <-> 17 pkts/8456 bytes][Goodput ratio: 41/83][0.15 sec][Hostname/SNI: 8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 34/33 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/497 603/1294 137/490][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,0,0,0,6,0,6,0,6,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0] 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46808 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 32/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 32/32 11/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46810 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9100 bytes][Goodput ratio: 32/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 31/34 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] @@ -74,7 +72,7 @@ JA Host Stats: 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38166 <-> [2a00:1450:4007:811::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][18 pkts/2582 bytes <-> 17 pkts/6805 bytes][Goodput ratio: 40/78][0.19 sec][Hostname/SNI: fonts.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 43/43 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 143/400 603/1294 130/409][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,6,0,12,0,0,0,0,0,6,6,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0] 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39626 <-> [64:ff9b::2278:cf94]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/2444 bytes <-> 15 pkts/6941 bytes][Goodput ratio: 43/81][0.43 sec][Hostname/SNI: id.rlcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/33 104/221 29/63][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/463 603/1474 135/553][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,7,0,0,0,0,7,0,0,0,0,0,0,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0] 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56578 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][15 pkts/2848 bytes <-> 13 pkts/6172 bytes][Goodput ratio: 54/82][0.14 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.369 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 38/48 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 190/475 603/1134 167/462][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,14,7,0,0,0,0,7,0,0,7,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0] + 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0] 30 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51006 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][16 pkts/2404 bytes <-> 15 pkts/5962 bytes][Goodput ratio: 42/78][0.15 sec][Hostname/SNI: adservice.google.fr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 52/37 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 150/397 603/1294 135/433][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,0,0,0,7,0,7,0,0,0,0,0,0,0,7,0,7,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0] 31 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38320 <-> [64:ff9b::6853:b3b6]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][13 pkts/2124 bytes <-> 13 pkts/6140 bytes][Goodput ratio: 47/82][0.19 sec][Hostname/SNI: c.aaxads.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.486 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 72/37 22/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 163/472 603/1474 147/558][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 8,0,25,0,0,0,0,8,25,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0] 32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54726 <-> [2a00:1450:4007:808::2006]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][16 pkts/2391 bytes <-> 15 pkts/5296 bytes][Goodput ratio: 42/75][0.22 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/9 66/45 24/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/353 603/1294 134/414][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,21,14,0,0,0,0,0,7,0,0,0,7,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tumblr.pcap.out b/tests/cfgs/default/result/tumblr.pcap.out index 60f749392..89dff8508 100644 --- a/tests/cfgs/default/result/tumblr.pcap.out +++ b/tests/cfgs/default/result/tumblr.pcap.out @@ -7,11 +7,11 @@ Num dissector calls: 19 (0.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/84/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/4/0 (insert/search/found) +LRU cache tls_cert: 0/8/0 (insert/search/found) LRU cache mining: 0/28/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache fpc_dns: 0/40/0 (insert/search/found) -Automa host: 9/7 (search/found) +Automa host: 9/5 (search/found) Automa domain: 9/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) @@ -25,15 +25,13 @@ Patricia protocols IPv6: 73/21 (search/found) Yahoo 31 9933 1 Tumblr 84 38260 2 -TLS 416 163940 40 -ADS_Analytic_Track 54 17122 2 +TLS 470 181062 42 Google 107 85437 1 GoogleServices 63 44980 1 -Safe 447 173873 41 +Safe 501 190995 43 Acceptable 170 130417 2 Fun 84 38260 2 -Tracker_Ads 54 17122 2 Web 617 304290 43 SocialNetwork 84 38260 2 @@ -53,10 +51,10 @@ JA Host Stats: 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56794 <-> [64:ff9b::c000:4d03]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 13][cat: Web/5][19 pkts/2795 bytes <-> 24 pkts/15989 bytes][Goodput ratio: 42/87][0.06 sec][bytes ratio: -0.702 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 26/10 7/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/666 340/1486 72/675][Plen Bins: 26,10,3,10,10,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,33,0,0,0,0] 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:42908 <-> [64:ff9b::98c7:1593]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 7][cat: Web/5][16 pkts/1983 bytes <-> 18 pkts/15822 bytes][Goodput ratio: 31/90][1.30 sec][bytes ratio: -0.777 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108/76 700/700 209/196][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 124/879 468/1486 93/651][Plen Bins: 5,22,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0] 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43420 <-> [64:ff9b::c000:4d28]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][15 pkts/1601 bytes <-> 16 pkts/13434 bytes][Goodput ratio: 19/90][0.05 sec][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/2 37/10 10/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 107/840 246/1486 53/668][Plen Bins: 25,6,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] - 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_0ece2fe8a3fb][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0] + 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_0ece2fe8a3fb][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0] 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47118 <-> [2001:4998:14:800::1001]:443 [proto: 91.70/TLS.Yahoo][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/2550 bytes <-> 15 pkts/7383 bytes][Goodput ratio: 46/82][0.57 sec][Hostname/SNI: cookiex.ngd.yahoo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/48 315/282 83/84][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 159/492 603/1474 154/531][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,14,14,0,0,0,0,0,14,0,0,0,0,7,0,0,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,14,0,0,0,0] 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56842 <-> [64:ff9b::c000:4d03]:443 [proto: 91.90/TLS.Tumblr][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][12 pkts/2375 bytes <-> 10 pkts/6485 bytes][Goodput ratio: 56/87][0.15 sec][Hostname/SNI: 64.media.tumblr.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.464 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/18 59/70 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 198/648 603/1486 170/664][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,20,10,0,0,0,0,0,0,20,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,30,0,0,0,0] - 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_0ece2fe8a3fb][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_0ece2fe8a3fb][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51874 <-> [64:ff9b::c000:4c03]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][14 pkts/1971 bytes <-> 14 pkts/1808 bytes][Goodput ratio: 39/33][17.08 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1544/33 16623/194 4769/64][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/129 243/205 64/49][Plen Bins: 0,28,0,42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57286 <-> [64:ff9b::8fcc:d927]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][5 pkts/1152 bytes <-> 4 pkts/910 bytes][Goodput ratio: 63/62][0.20 sec][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 50/4 113/9 49/4][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 230/228 730/613 250/223][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:41266 <-> [2620:116:800d:21:8c6e:cf2c:8d6:9fb5]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][5 pkts/1186 bytes <-> 4 pkts/790 bytes][Goodput ratio: 64/56][0.21 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 52/8 121/15 49/6][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 237/198 750/486 257/168][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tunnelbear.pcap.out b/tests/cfgs/default/result/tunnelbear.pcap.out index 34863db7e..3263f75ec 100644 --- a/tests/cfgs/default/result/tunnelbear.pcap.out +++ b/tests/cfgs/default/result/tunnelbear.pcap.out @@ -8,13 +8,13 @@ Num dissector calls: 171 (7.77 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/2/0 (insert/search/found) +LRU cache tls_cert: 0/6/0 (insert/search/found) LRU cache mining: 0/1/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache fpc_dns: 0/22/0 (insert/search/found) -Automa host: 22/19 (search/found) +Automa host: 22/17 (search/found) Automa domain: 22/0 (search/found) -Automa tls cert: 1/0 (search/found) +Automa tls cert: 3/0 (search/found) Automa risk mask: 1/0 (search/found) Automa common alpns: 32/32 (search/found) Patricia risk mask: 4/0 (search/found) @@ -25,15 +25,13 @@ Patricia protocols: 24/20 (search/found) Patricia protocols IPv6: 0/0 (search/found) DNS 5 306 1 -TLS 24 9110 1 -ADS_Analytic_Track 34 13737 2 +TLS 58 22847 3 FacebookMessenger 18 5263 1 GoogleServices 15 2661 1 TunnelBear 337 86766 16 -Safe 24 9110 1 +Safe 58 22847 3 Acceptable 375 94996 19 -Tracker_Ads 34 13737 2 VPN 337 86766 16 Web 39 11771 2 @@ -52,8 +50,8 @@ JA Host Stats: 3 TCP 10.8.0.1:50178 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][13 pkts/2849 bytes <-> 12 pkts/7134 bytes][Goodput ratio: 75/91][0.68 sec][Hostname/SNI: api.tunnelbear.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/74 393/449 118/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 219/594 590/5527 219/1499][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,27,9,0,0,0,0,0,0,0,9,9,0,0,0,0,27,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] 4 TCP 10.8.0.1:50904 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][10 pkts/2689 bytes <-> 10 pkts/6997 bytes][Goodput ratio: 79/92][0.84 sec][Hostname/SNI: api.tunnelbear.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 105/97 383/336 151/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 269/700 590/5527 236/1622][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,11,0,0,0,0,0,0,0,11,0,11,0,0,0,33,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11] 5 TCP 10.8.0.1:47594 <-> 99.83.135.170:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][11 pkts/2035 bytes <-> 13 pkts/7075 bytes][Goodput ratio: 70/90][2.41 sec][Hostname/SNI: capi.grammarly.com][bytes ratio: -0.553 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/225 445/907 178/264][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 185/544 590/4080 163/1089][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d140700_c866b44c5a26_036209cd1ead][ServerNames: capi.grammarly.com,capi-msdk.grammarly.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=capi.grammarly.com][Certificate SHA-1: 1F:4A:0B:A6:60:01:94:7D:3D:94:03:14:5A:30:AF:64:D5:EC:58:DD][Safari][Validity: 2022-03-22 00:00:00 - 2023-04-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,8,8,0,0,0,8,8,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8] - 6 TCP 10.8.0.1:48222 <-> 162.247.243.188:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][9 pkts/1985 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 74/91][1.54 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.426 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212/256 1145/1199 391/431][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 221/616 590/3918 217/1255][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410ht_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,14,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14] - 7 TCP 10.8.0.1:47496 <-> 162.247.243.188:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][9 pkts/1892 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 73/91][0.51 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 290/290 100/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 210/616 590/3918 211/1255][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410ht_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,14,14,0,0,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14] + 6 TCP 10.8.0.1:48222 <-> 162.247.243.188:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][9 pkts/1985 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 74/91][1.54 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.426 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212/256 1145/1199 391/431][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 221/616 590/3918 217/1255][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410ht_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,14,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14] + 7 TCP 10.8.0.1:47496 <-> 162.247.243.188:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][9 pkts/1892 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 73/91][0.51 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 290/290 100/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 210/616 590/3918 211/1255][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410ht_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,14,14,0,0,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14] 8 TCP 10.8.0.1:45108 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][10 pkts/1309 bytes <-> 7 pkts/4360 bytes][Goodput ratio: 57/91][0.20 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/39 135/132 44/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/623 571/3709 151/1265][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,34,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16] 9 TCP 10.8.0.1:45114 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][7 pkts/1147 bytes <-> 6 pkts/4309 bytes][Goodput ratio: 65/92][0.25 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/51 39/61 135/132 53/47][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3712 174/1344][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] 10 TCP 10.8.0.1:45106 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][7 pkts/1147 bytes <-> 6 pkts/4308 bytes][Goodput ratio: 65/92][0.26 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.579 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 40/62 133/131 52/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3711 174/1344][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index 86c0a1673..258846cbc 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -12,8 +12,8 @@ LRU cache stun: 3/6/0 (insert/search/found) LRU cache tls_cert: 0/6/0 (insert/search/found) LRU cache mining: 0/4/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) -LRU cache fpc_dns: 15/13/3 (insert/search/found) -Automa host: 31/15 (search/found) +LRU cache fpc_dns: 11/13/3 (insert/search/found) +Automa host: 31/13 (search/found) Automa domain: 31/0 (search/found) Automa tls cert: 2/0 (search/found) Automa risk mask: 1/0 (search/found) |