aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/cloudflare-warp.pcap.out
diff options
context:
space:
mode:
authorLuca <deri@ntop.org>2024-05-22 18:04:33 +0200
committerLuca <deri@ntop.org>2024-05-22 18:04:33 +0200
commit44a290286b298a461b3a88a0bfdc4e0361a247f3 (patch)
tree8fb52896c1c62153b5953f20e86cde65ae6b0187 /tests/cfgs/default/result/cloudflare-warp.pcap.out
parent74d3843ebe0d181072acc6700e6c41595ce75f0d (diff)
More NDPI_PROBING_ATTEMPT changes
Diffstat (limited to 'tests/cfgs/default/result/cloudflare-warp.pcap.out')
-rw-r--r--tests/cfgs/default/result/cloudflare-warp.pcap.out10
1 files changed, 5 insertions, 5 deletions
diff --git a/tests/cfgs/default/result/cloudflare-warp.pcap.out b/tests/cfgs/default/result/cloudflare-warp.pcap.out
index eb8b90f1b..b7fa70b7b 100644
--- a/tests/cfgs/default/result/cloudflare-warp.pcap.out
+++ b/tests/cfgs/default/result/cloudflare-warp.pcap.out
@@ -17,7 +17,7 @@ Automa domain: 4/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 3/3 (search/found)
-Patricia risk mask: 2/0 (search/found)
+Patricia risk mask: 6/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
@@ -43,7 +43,7 @@ JA3 Host Stats:
2 TCP 10.8.0.1:45610 <-> 104.18.47.234:443 [proto: 91.300/TLS.CloudflareWarp][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 6][cat: VPN/2][6 pkts/623 bytes <-> 5 pkts/3108 bytes][Goodput ratio: 45/91][0.15 sec][Hostname/SNI: api.cloudflareclient.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/50 29/48 143/93 57/38][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 104/622 240/2854 69/1116][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][JA4: t12d1209ht_d34a8e72043a_b39be8c56a14][ServerNames: cloudflareclient.com,*.cloudflareclient.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com][Certificate SHA-1: E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98][Safari][Validity: 2022-05-19 00:00:00 - 2023-05-19 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
3 TCP 10.8.0.1:40214 <-> 157.240.16.32:443 [proto: 91.157/TLS.Messenger][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 6][cat: Chat/9][9 pkts/1498 bytes <-> 8 pkts/871 bytes][Goodput ratio: 66/50][0.90 sec][Hostname/SNI: mqtt-mini.facebook.com][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: 0.265 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/6 113/132 238/257 88/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/109 576/290 191/89][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 159db30fc8fac7fb58bcaeee8785a687][JA4: t00d010800_0f2cb44170f4_759b0bad1464][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 28,14,0,0,0,14,0,14,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 10.8.0.1:42344 <-> 159.138.85.48:5223 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: Web/5][6 pkts/567 bytes <-> 5 pkts/323 bytes][Goodput ratio: 39/16][0.37 sec][bytes ratio: 0.274 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/50 56/79 122/101 56/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 94/65 208/91 56/15][Plen Bins: 25,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 TCP 10.8.0.1:51296 <-> 142.250.183.163:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][3 pkts/384 bytes <-> 2 pkts/108 bytes][Goodput ratio: 52/0][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][(Advertised) ALPNs: http/1.1][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][JA4: t12d1409ht_c866b44c5a26_b39be8c56a14][Safari][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 TCP 10.158.134.93:40454 <-> 216.58.196.68:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 4][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 10.8.0.1:43600 <-> 172.217.194.188:5228 [proto: 126/Google][IP: 126/Google][Encrypted][Confidence: Match by IP][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 TCP 10.158.134.93:55512 -> 142.251.42.106:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 TCP 10.8.0.1:51296 <-> 142.250.183.163:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][3 pkts/384 bytes <-> 2 pkts/108 bytes][Goodput ratio: 52/0][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][(Advertised) ALPNs: http/1.1][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][JA4: t12d1409ht_c866b44c5a26_b39be8c56a14][Safari][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 TCP 10.158.134.93:40454 <-> 216.58.196.68:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 4][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 TCP 10.8.0.1:43600 <-> 172.217.194.188:5228 [proto: 126/Google][IP: 126/Google][Encrypted][Confidence: Match by IP][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 TCP 10.158.134.93:55512 -> 142.251.42.106:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.