Implements JA4 Support (#2191)

author: Luca Deri <deri@ntop.org> 2023-12-22 20:39:44 +0100
committer: Luca Deri <deri@ntop.org> 2023-12-22 20:40:42 +0100
commit: 8285fffdaeda5d2405360719a57f817b4772e6d1 (patch)
tree: 293b33f5c1264f9038988aae9b33e1f0ac7a388c /tests/cfgs/default/result/safari.pcap.out
parent: b90c18e9069cd5b3cfcda718263b910e949d8b57 (diff)
1 files changed, 7 insertions, 7 deletions
diff --git a/tests/cfgs/default/result/safari.pcap.out b/tests/cfgs/default/result/safari.pcap.out
index 15a004c4d..5135a5ad3 100644
--- a/tests/cfgs/default/result/safari.pcap.out
+++ b/tests/cfgs/default/result/safari.pcap.out
@@ -28,10 +28,10 @@ JA3 Host Stats:
 	1	 192.168.1.178            	 2      
 
 
-	1	TCP 192.168.1.178:55267 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][22 pkts/2599 bytes <-> 28 pkts/32520 bytes][Goodput ratio: 44/94][0.30 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 84/77 23/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/1161 508/1506 129/580][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,3,0,0,3,0,3,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,77,0,0]
-	2	TCP 192.168.1.178:55265 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][12 pkts/1906 bytes <-> 13 pkts/10146 bytes][Goodput ratio: 58/91][0.30 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.684 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/11 103/78 32/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 159/780 500/1506 157/684][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,0,8,0,8,0,0,0,0,0,8,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
-	3	TCP 192.168.1.178:55262 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][9 pkts/1293 bytes <-> 11 pkts/8560 bytes][Goodput ratio: 53/91][0.73 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/68 579/550 198/171][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 144/778 425/1506 124/682][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,10,10,0,0,0,0,10,0,0,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
-	4	TCP 192.168.1.178:55266 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1868 bytes <-> 10 pkts/7294 bytes][Goodput ratio: 60/91][0.27 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.592 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/14 106/77 34/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 170/729 503/1506 167/666][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,10,0,0,10,0,10,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
-	5	TCP 192.168.1.178:55269 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1797 bytes <-> 9 pkts/5178 bytes][Goodput ratio: 63/88][0.27 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/16 105/78 33/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/575 500/1506 170/660][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,0,11,11,0,11,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
-	6	TCP 192.168.1.178:55285 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][9 pkts/1312 bytes <-> 9 pkts/5298 bytes][Goodput ratio: 54/89][0.13 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 33/28 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/589 444/1506 129/618][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,12,12,0,0,0,0,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0]
-	7	TCP 192.168.1.178:55268 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/1661 bytes <-> 7 pkts/1958 bytes][Goodput ratio: 67/76][0.29 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 39/51 116/146 38/55][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 208/280 497/1413 179/465][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,0,16,0,16,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0]
+	1	TCP 192.168.1.178:55267 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][22 pkts/2599 bytes <-> 28 pkts/32520 bytes][Goodput ratio: 44/94][0.30 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 84/77 23/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/1161 508/1506 129/580][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA4: t12d200800_2a284e3b0c56_6e2cce1a33e5][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,3,0,0,3,0,3,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,77,0,0]
+	2	TCP 192.168.1.178:55265 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][12 pkts/1906 bytes <-> 13 pkts/10146 bytes][Goodput ratio: 58/91][0.30 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.684 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/11 103/78 32/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 159/780 500/1506 157/684][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA4: t12d200800_2a284e3b0c56_6e2cce1a33e5][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,0,8,0,8,0,0,0,0,0,8,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
+	3	TCP 192.168.1.178:55262 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][9 pkts/1293 bytes <-> 11 pkts/8560 bytes][Goodput ratio: 53/91][0.73 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/68 579/550 198/171][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 144/778 425/1506 124/682][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,10,10,0,0,0,0,10,0,0,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
+	4	TCP 192.168.1.178:55266 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1868 bytes <-> 10 pkts/7294 bytes][Goodput ratio: 60/91][0.27 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.592 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/14 106/77 34/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 170/729 503/1506 167/666][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA4: t12d200800_2a284e3b0c56_6e2cce1a33e5][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,10,0,0,10,0,10,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
+	5	TCP 192.168.1.178:55269 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1797 bytes <-> 9 pkts/5178 bytes][Goodput ratio: 63/88][0.27 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/16 105/78 33/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/575 500/1506 170/660][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA4: t12d200800_2a284e3b0c56_6e2cce1a33e5][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,0,11,11,0,11,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
+	6	TCP 192.168.1.178:55285 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][9 pkts/1312 bytes <-> 9 pkts/5298 bytes][Goodput ratio: 54/89][0.13 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 33/28 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/589 444/1506 129/618][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,12,12,0,0,0,0,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0]
+	7	TCP 192.168.1.178:55268 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/1661 bytes <-> 7 pkts/1958 bytes][Goodput ratio: 67/76][0.29 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 39/51 116/146 38/55][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 208/280 497/1413 179/465][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA4: t12d200800_2a284e3b0c56_6e2cce1a33e5][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,0,16,0,16,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0]
author	Luca Deri <deri@ntop.org>	2023-12-22 20:39:44 +0100
committer	Luca Deri <deri@ntop.org>	2023-12-22 20:40:42 +0100
commit	8285fffdaeda5d2405360719a57f817b4772e6d1 (patch)
tree	293b33f5c1264f9038988aae9b33e1f0ac7a388c /tests/cfgs/default/result/safari.pcap.out
parent	b90c18e9069cd5b3cfcda718263b910e949d8b57 (diff)