diff options
| author | Luca Deri <deri@ntop.org> | 2024-10-18 23:47:34 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-10-18 23:47:34 +0200 |
| commit | 0cc84e4fdd3057826355596fc2cc5a6c783048d5 (patch) | |
| tree | 4e8959e9dd33136847d7606fffcbbf68f2f9fd58 /tests/cfgs/default/result/firefox.pcap.out | |
| parent | 819291b7e42afca856ef1a3fa611ddd926da6549 (diff) | |
Improved TCP fingepring calculation
Adde basidc OS detection based on TCP fingerprint
Diffstat (limited to 'tests/cfgs/default/result/firefox.pcap.out')
| -rw-r--r-- | tests/cfgs/default/result/firefox.pcap.out | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/tests/cfgs/default/result/firefox.pcap.out b/tests/cfgs/default/result/firefox.pcap.out index b9bb61356..718ced7f1 100644 --- a/tests/cfgs/default/result/firefox.pcap.out +++ b/tests/cfgs/default/result/firefox.pcap.out @@ -29,9 +29,9 @@ JA3 Host Stats: 1 192.168.1.178 2 - 1 TCP 192.168.1.178:51600 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][12 pkts/1934 bytes <-> 14 pkts/13015 bytes][Goodput ratio: 58/93][0.10 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.741 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 28/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 161/930 746/1506 204/671][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (GA84fCSUcnr.it)][Plen Bins: 0,0,7,0,0,0,0,0,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0] - 2 TCP 192.168.1.178:51601 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][13 pkts/2379 bytes <-> 13 pkts/10415 bytes][Goodput ratio: 63/92][0.12 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.628 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/8 31/37 11/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/801 746/1506 210/662][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,0,0,7,7,7,15,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0] - 3 TCP 192.168.1.178:51599 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/1868 bytes <-> 12 pkts/10003 bytes][Goodput ratio: 60/92][0.12 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.685 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/9 28/45 11/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 170/834 746/1506 210/679][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (c/GYojt.cnr.it)][Plen Bins: 0,0,9,0,0,0,0,0,9,9,0,9,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0] - 4 TCP 192.168.1.178:51577 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1589 bytes <-> 11 pkts/7806 bytes][Goodput ratio: 62/91][0.87 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/68 31/575 14/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 177/710 583/1506 186/634][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA4: t13d1814h2_e8a523a41297_d267a5f792d4][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,10,0,0,0,0,0,0,20,0,0,10,0,0,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] - 5 TCP 192.168.1.178:51583 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/2097 bytes <-> 10 pkts/5087 bytes][Goodput ratio: 71/87][0.35 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 45/39 203/231 66/74][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 233/509 746/1506 232/574][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,11,0,0,0,0,0,11,11,11,11,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] - 6 TCP 192.168.1.178:51588 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/1667 bytes <-> 7 pkts/2373 bytes][Goodput ratio: 68/80][0.33 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.175 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 50/16 195/42 65/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 208/339 746/1406 235/453][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,16,0,0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0] + 1 TCP 192.168.1.178:51600 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][12 pkts/1934 bytes <-> 14 pkts/13015 bytes][Goodput ratio: 58/93][0.10 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.741 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 28/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 161/930 746/1506 204/671][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (GA84fCSUcnr.it)][Plen Bins: 0,0,7,0,0,0,0,0,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0] + 2 TCP 192.168.1.178:51601 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][13 pkts/2379 bytes <-> 13 pkts/10415 bytes][Goodput ratio: 63/92][0.12 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.628 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/8 31/37 11/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/801 746/1506 210/662][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,0,0,7,7,7,15,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0] + 3 TCP 192.168.1.178:51599 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/1868 bytes <-> 12 pkts/10003 bytes][Goodput ratio: 60/92][0.12 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.685 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/9 28/45 11/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 170/834 746/1506 210/679][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (c/GYojt.cnr.it)][Plen Bins: 0,0,9,0,0,0,0,0,9,9,0,9,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0] + 4 TCP 192.168.1.178:51577 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1589 bytes <-> 11 pkts/7806 bytes][Goodput ratio: 62/91][0.87 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/68 31/575 14/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 177/710 583/1506 186/634][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA4: t13d1814h2_e8a523a41297_d267a5f792d4][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,10,0,0,0,0,0,0,20,0,0,10,0,0,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 5 TCP 192.168.1.178:51583 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/2097 bytes <-> 10 pkts/5087 bytes][Goodput ratio: 71/87][0.35 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 45/39 203/231 66/74][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 233/509 746/1506 232/574][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,11,0,0,0,0,0,11,11,11,11,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] + 6 TCP 192.168.1.178:51588 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/1667 bytes <-> 7 pkts/2373 bytes][Goodput ratio: 68/80][0.33 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.175 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 50/16 195/42 65/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 208/339 746/1406 235/453][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA4: t13d1813h2_e8a523a41297_84e5d5db657c][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,16,0,0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0] |