diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-07-03 18:02:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-03 18:02:07 +0200 |
| commit | 843e4872706b07b9e78418986d35fc86bc156d60 (patch) | |
| tree | 6198692542842324200ff783d5daf5398b5c92d0 /tests/cfgs/default/result/dcerpc.pcap.out | |
| parent | e5661337d07fb1f7b2d55318bfef0929e3ca6e61 (diff) | |
Add infrastructure for explicit support of Fist Packet Classification (#2488)
Let's start with some basic helpers and with FPC based on flow addresses.
See: #2322
Diffstat (limited to 'tests/cfgs/default/result/dcerpc.pcap.out')
| -rw-r--r-- | tests/cfgs/default/result/dcerpc.pcap.out | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/tests/cfgs/default/result/dcerpc.pcap.out b/tests/cfgs/default/result/dcerpc.pcap.out index 81beee18b..35a71259f 100644 --- a/tests/cfgs/default/result/dcerpc.pcap.out +++ b/tests/cfgs/default/result/dcerpc.pcap.out @@ -23,7 +23,7 @@ PROFINET_IO 16 6866 4 Acceptable 16 6866 4 - 1 UDP 192.168.1.11:49155 -> 192.168.1.20:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/3706 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/0 32/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 618/0 995/0 338/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (mrpdomain)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.1.20:49161 -> 192.168.1.11:49155 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/2464 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 37/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 411/0 846/0 308/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.1.11:49154 -> 192.168.1.20:49162 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 192.168.1.20:49162 -> 192.168.1.11:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.11:49155 -> 192.168.1.20:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: IoT-Scada/31][6 pkts/3706 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/0 32/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 618/0 995/0 338/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (mrpdomain)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.1.20:49161 -> 192.168.1.11:49155 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: IoT-Scada/31][6 pkts/2464 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 37/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 411/0 846/0 308/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.1.11:49154 -> 192.168.1.20:49162 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.1.20:49162 -> 192.168.1.11:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |