diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-10-30 10:28:19 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-30 10:28:19 +0100 |
| commit | 42d24f8799836025e4526ebb30f34750d528b980 (patch) | |
| tree | d542f5c52e1f048c620429f822114dbfd4a29bec /tests/cfgs/default/result/geforcenow.pcapng.out | |
| parent | e399bd7e3d4cb4071e426ecb735084c6577a8644 (diff) | |
STUN: major code rework (#2116)
Try to have a faster classification, on first packet; use standard extra
dissection data path for sub-classification, metadata extraction and
monitoring.
STUN caches:
* use the proper confidence value
* lookup into the caches only once per flow, after having found a proper
STUN classification
Add identification of Telegram VoIP calls.
Diffstat (limited to 'tests/cfgs/default/result/geforcenow.pcapng.out')
| -rw-r--r-- | tests/cfgs/default/result/geforcenow.pcapng.out | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/tests/cfgs/default/result/geforcenow.pcapng.out b/tests/cfgs/default/result/geforcenow.pcapng.out index 0d2033944..3c76f4fbd 100644 --- a/tests/cfgs/default/result/geforcenow.pcapng.out +++ b/tests/cfgs/default/result/geforcenow.pcapng.out @@ -1,20 +1,20 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) -DPI Packets (UDP): 7 (7.00 pkts/flow) +DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 136 (68.00 diss/flow) +Num dissector calls: 9 (4.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) -LRU cache stun: 0/6/0 (insert/search/found) -LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache stun: 0/8/0 (insert/search/found) +LRU cache tls_cert: 1/5/0 (insert/search/found) LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache stun_zoom: 0/0/0 (insert/search/found) Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) -Automa tls cert: 0/0 (search/found) +Automa tls cert: 1/1 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) @@ -24,13 +24,12 @@ Patricia risk IPv6: 0/0 (search/found) Patricia protocols: 2/2 (search/found) Patricia protocols IPv6: 0/0 (search/found) -STUN 54 20349 1 -GeForceNow 54 48651 1 +GeForceNow 108 69000 2 JA3 Host Stats: IP Address # JA3C - 1 192.168.1.245 1 + 1 192.168.1.245 2 1 TCP 192.168.1.245:57490 <-> 80.84.167.206:49100 [proto: 91.341/TLS.GeForceNow][IP: 342/Nvidia][Encrypted][Confidence: DPI][DPI packets: 7][cat: Game/8][27 pkts/8759 bytes <-> 27 pkts/39892 bytes][Goodput ratio: 80/96][1.34 sec][Hostname/SNI: 80-84-167-206.cloudmatchbeta.nvidiagrid.net][(Advertised) ALPNs: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.640 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/12 946/84 200/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/1477 2962/2962 631/1355][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.2][JA3C: 021c7413ddeb0d58973451b0e3b19eca][ServerNames: prod.cloudmatchbeta.nvidiagrid.net,*.cloudmatchbeta.nvidiagrid.net][JA3S: 098e26e2609212ac1bfac552fbe04127][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, CN=prod.cloudmatchbeta.nvidiagrid.net][Certificate SHA-1: 8C:24:BC:2B:01:63:B9:AC:83:90:F3:A9:F9:EA:72:5E:F4:47:A2:77][Chrome][Validity: 2022-08-09 00:00:00 - 2023-08-09 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,23,2,0,0,5,0,0,14,0,2,0,0,0,0,0,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,42] - 2 UDP 192.168.1.245:52441 <-> 80.84.167.206:18452 [proto: 78/STUN][IP: 342/Nvidia][ClearText][Confidence: DPI][DPI packets: 7][cat: Network/14][21 pkts/3455 bytes <-> 33 pkts/16894 bytes][Goodput ratio: 74/92][1.03 sec][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/30 360/689 91/130][Pkt Len c2s/s2c min/avg/max/stddev: 87/67 165/512 582/1222 101/514][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BffATDg/Gz0)][Plen Bins: 1,17,33,9,12,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.1.245:52441 <-> 80.84.167.206:18452 [proto: 30.341/DTLS.GeForceNow][IP: 342/Nvidia][Encrypted][Confidence: DPI][DPI packets: 9][cat: Game/8][21 pkts/3455 bytes <-> 33 pkts/16894 bytes][Goodput ratio: 74/92][1.03 sec][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/30 360/689 91/130][Pkt Len c2s/s2c min/avg/max/stddev: 87/67 165/512 582/1222 101/514][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert Validity Too Long **][Risk Score: 260][Risk Info: No ALPN / TLS Cert lasts 730 days / CN=NVIDIA GameStream][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA3S: a9e0318114bb46bdbeef6d54e42c915f][Issuer: CN=NVIDIA GameStream][Subject: CN=NVIDIA GameStream][Certificate SHA-1: D1:FC:74:AD:A0:6F:11:C1:F4:4D:F9:4C:2B:25:88:A6:2B:6E:65:1E][Validity: 2022-05-21 12:24:31 - 2024-05-20 12:24:31][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (BffATDg/Gz0)][Plen Bins: 1,17,33,9,12,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0] |