Improved telegram detection

author: Luca Deri <deri@ntop.org> 2024-02-22 22:23:23 +0100
committer: Luca Deri <deri@ntop.org> 2024-02-22 22:23:23 +0100
commit: 31c706c3dbbf0afc4c8e0a6d0bb6f20796296549 (patch)
tree: b76ee62d0aec211d574f3b1d39989233afae7f3d /tests/cfgs/caches_cfg
parent: 2399abd27292774821525c0bd3e27c8cdee26551 (diff)
1 files changed, 7 insertions, 5 deletions
diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out
index 15bf67dec..632cd2fb2 100644
--- a/tests/cfgs/caches_cfg/result/teams.pcap.out
+++ b/tests/cfgs/caches_cfg/result/teams.pcap.out
@@ -4,7 +4,8 @@ DPI Packets (TCP):	337	(8.02 pkts/flow)
 DPI Packets (UDP):	74	(1.85 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Confidence Match by port    : 2 (flows)
+Confidence Match by port    : 1 (flows)
+Confidence DPI (partial)    : 1 (flows)
 Confidence DPI              : 80 (flows)
 Num dissector calls: 536 (6.46 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
@@ -33,18 +34,19 @@ DHCP	7	2323	2
 ntop	40	9816	3
 Skype_TeamsCall	93	19649	12
 ICMP	2	140	1
-TLS	126	55305	7
+TLS	123	55119	6
 Dropbox	2	1054	2
 Skype_Teams	75	34993	4
 Apple	2	231	1
 Spotify	1	82	1
+Telegram	3	186	1
 Microsoft	405	284048	12
 Microsoft365	136	52120	6
 Teams	595	215358	26
 Azure	2	294	1
 
-Safe                          1168 564758        49           
-Acceptable                     325 111699        32           
+Safe                          1165 564572        48           
+Acceptable                     328 111885        33           
 Fun                              1 82            1            
 Unrated                          4 456           1            
 
@@ -132,7 +134,7 @@ JA3 Host Stats:
 	77	UDP 192.168.1.6:62863 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/158 bytes][Goodput ratio: 59/73][0.07 sec][Hostname/SNI: emea.ng.msg.teams-msgapi.trafficmanager.net][52.114.108.8][PLAIN TEXT (msgapi)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	78	UDP 192.168.1.6:56634 <-> 192.168.1.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/142 bytes][Goodput ratio: 52/70][0.03 sec][Hostname/SNI: captive.apple.com.edgekey.net][23.50.158.88][PLAIN TEXT (captive)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	79	UDP 192.168.1.6:60813 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/109 bytes][Goodput ratio: 54/61][0.01 sec][Hostname/SNI: skypedataprdcolneu04.cloudapp.net][52.114.77.33][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	80	TCP 192.168.1.6:58533 -> 149.154.167.91:443 [proto: 91/TLS][IP: 185/Telegram][Encrypted][Confidence: Match by port][DPI packets: 3][cat: Web/5][3 pkts/186 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][4.29 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	80	TCP 192.168.1.6:58533 -> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][DPI packets: 3][cat: Chat/9][3 pkts/186 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][4.29 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	81	ICMP 93.71.110.205:0 -> 192.168.1.6:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	82	UDP 192.168.1.112:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Music/25][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Luca Deri <deri@ntop.org>	2024-02-22 22:23:23 +0100
committer	Luca Deri <deri@ntop.org>	2024-02-22 22:23:23 +0100
commit	31c706c3dbbf0afc4c8e0a6d0bb6f20796296549 (patch)
tree	b76ee62d0aec211d574f3b1d39989233afae7f3d /tests/cfgs/caches_cfg
parent	2399abd27292774821525c0bd3e27c8cdee26551 (diff)