diff options
| author | Luca Deri <deri@ntop.org> | 2024-10-18 23:47:34 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-10-18 23:47:34 +0200 |
| commit | 0cc84e4fdd3057826355596fc2cc5a6c783048d5 (patch) | |
| tree | 4e8959e9dd33136847d7606fffcbbf68f2f9fd58 /tests/cfgs/default/result/avast.pcap.out | |
| parent | 819291b7e42afca856ef1a3fa611ddd926da6549 (diff) | |
Improved TCP fingepring calculation
Adde basidc OS detection based on TCP fingerprint
Diffstat (limited to 'tests/cfgs/default/result/avast.pcap.out')
| -rw-r--r-- | tests/cfgs/default/result/avast.pcap.out | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/tests/cfgs/default/result/avast.pcap.out b/tests/cfgs/default/result/avast.pcap.out index 76a487f2f..8fe3861ad 100644 --- a/tests/cfgs/default/result/avast.pcap.out +++ b/tests/cfgs/default/result/avast.pcap.out @@ -24,13 +24,13 @@ AVAST 142 9433 10 Safe 142 9433 10 - 1 TCP 192.168.2.100:62741 <-> 5.62.53.131:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/543 bytes <-> 7 pkts/512 bytes][Goodput ratio: 18/20][569.69 sec][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63304/75961 189840/189839 89445/92978][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/73 150/140 31/28][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 67,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.2.100:64903 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/583 bytes <-> 7 pkts/432 bytes][Goodput ratio: 24/4][1385.80 sec][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171484/205784 356850/356863 172007/168697][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/62 150/70 32/3][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 67,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.2.100:49532 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][797.30 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99700/119575 199551/199551 99662/97621][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.2.100:49758 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][1284.92 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 160593/192744 321174/321337 160514/157360][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 192.168.2.100:57727 <-> 5.62.54.29:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][853.64 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 106683/128066 213347/213516 106625/104544][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 192.168.2.100:58030 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][996.22 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 124526/149430 249046/249046 124489/121997][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 192.168.2.100:64357 <-> 5.62.54.29:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][749.40 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 93674/112408 187336/187342 93637/91768][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP 192.168.2.100:64701 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][792.06 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99006/118807 198003/198005 98970/96994][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 192.168.2.100:58412 <-> 5.62.54.29:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][5 pkts/379 bytes <-> 7 pkts/432 bytes][Goodput ratio: 26/4][587.81 sec][bytes ratio: -0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 46818/139938 187142/372483 81016/154492][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 76/62 150/70 37/3][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 66,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 192.168.2.100:54405 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][4 pkts/324 bytes <-> 6 pkts/372 bytes][Goodput ratio: 30/4][145.35 sec][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 48/95869 109/369424 45/158040][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/62 150/70 40/4][TCP Fingerprint: 128_64240_6bb88f5575fd][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.2.100:62741 <-> 5.62.53.131:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/543 bytes <-> 7 pkts/512 bytes][Goodput ratio: 18/20][569.69 sec][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63304/75961 189840/189839 89445/92978][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/73 150/140 31/28][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 67,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.2.100:64903 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/583 bytes <-> 7 pkts/432 bytes][Goodput ratio: 24/4][1385.80 sec][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171484/205784 356850/356863 172007/168697][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/62 150/70 32/3][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 67,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.2.100:49532 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][797.30 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99700/119575 199551/199551 99662/97621][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.2.100:49758 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][1284.92 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 160593/192744 321174/321337 160514/157360][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 192.168.2.100:57727 <-> 5.62.54.29:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][853.64 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 106683/128066 213347/213516 106625/104544][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.2.100:58030 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][996.22 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 124526/149430 249046/249046 124489/121997][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 192.168.2.100:64357 <-> 5.62.54.29:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][749.40 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 93674/112408 187336/187342 93637/91768][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 192.168.2.100:64701 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][792.06 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99006/118807 198003/198005 98970/96994][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 192.168.2.100:58412 <-> 5.62.54.29:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][5 pkts/379 bytes <-> 7 pkts/432 bytes][Goodput ratio: 26/4][587.81 sec][bytes ratio: -0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 46818/139938 187142/372483 81016/154492][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 76/62 150/70 37/3][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 66,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.2.100:54405 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][4 pkts/324 bytes <-> 6 pkts/372 bytes][Goodput ratio: 30/4][145.35 sec][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 48/95869 109/369424 45/158040][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/62 150/70 40/4][TCP Fingerprint: 32770_128_64240_6bb88f5575fd/Win][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |