aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/imap-starttls.pcap.out
diff options
context:
space:
mode:
authorLuca Deri <lucaderi@users.noreply.github.com>2024-04-18 23:21:40 +0200
committerGitHub <noreply@github.com>2024-04-18 23:21:40 +0200
commitad117bfaabd3bc75dc70d0ddbc4ba18c86c40dbd (patch)
tree3b1fb6016da1e114bca190ed6a868421fd9c32f1 /tests/cfgs/default/result/imap-starttls.pcap.out
parent108b8331d5b345e110c9ef110a6aa95a2767a640 (diff)
Domain Classification Improvements (#2396)
* Added size_t ndpi_compress_str(const char * in, size_t len, char * out, size_t bufsize); size_t ndpi_decompress_str(const char * in, size_t len, char * out, size_t bufsize); used to compress short strings such as domain names. This code is based on https://github.com/Ed-von-Schleck/shoco * Major code rewrite for ndpi_hash and ndpi_domain_classify * Improvements to make sure custom categories are loaded and enabled * Fixed string encoding * Extended SalesForce/Cloudflare domains list
Diffstat (limited to 'tests/cfgs/default/result/imap-starttls.pcap.out')
-rw-r--r--tests/cfgs/default/result/imap-starttls.pcap.out2
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/cfgs/default/result/imap-starttls.pcap.out b/tests/cfgs/default/result/imap-starttls.pcap.out
index ea615b4c5..9090418cf 100644
--- a/tests/cfgs/default/result/imap-starttls.pcap.out
+++ b/tests/cfgs/default/result/imap-starttls.pcap.out
@@ -30,4 +30,4 @@ JA3 Host Stats:
1 192.168.17.53 1
- 1 TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
+ 1 TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN / SNI should always be present][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
Powered by cgit, Themed by Ted Yin.