diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-07-23 08:50:27 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-23 08:50:27 +0200 |
| commit | 85501c9aaabf207b04e3fe961825385f9519f633 (patch) | |
| tree | 9aa1bc85e61707ac7ed17570c076f341bcb89e1b /tests/cfgs/default/result/tls-rdn-extract.pcap.out | |
| parent | b15337a32bcff7a0b0734cb60c6984229f07a7e5 (diff) | |
FPC: add DPI information (#2514)
If the flow is classified (via DPI) after the first packet, we should
use this information as FPC
Diffstat (limited to 'tests/cfgs/default/result/tls-rdn-extract.pcap.out')
| -rw-r--r-- | tests/cfgs/default/result/tls-rdn-extract.pcap.out | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/cfgs/default/result/tls-rdn-extract.pcap.out b/tests/cfgs/default/result/tls-rdn-extract.pcap.out index 4c35d87ee..36fb55526 100644 --- a/tests/cfgs/default/result/tls-rdn-extract.pcap.out +++ b/tests/cfgs/default/result/tls-rdn-extract.pcap.out @@ -7,7 +7,7 @@ LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/2/0 (insert/search/found) LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) -LRU cache fpc_dns: 0/1/0 (insert/search/found) +LRU cache fpc_dns: 0/0/0 (insert/search/found) Automa host: 2/1 (search/found) Automa domain: 2/0 (search/found) Automa tls cert: 0/0 (search/found) @@ -29,4 +29,4 @@ JA3 Host Stats: 1 10.0.0.1 1 - 1 TCP 10.0.0.1:31337 <-> 213.199.149.251:443 [proto: 91.212/TLS.Microsoft][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][1 pkts/181 bytes <-> 5 pkts/7024 bytes][Goodput ratio: 70/96][< 1 sec][Hostname/SNI: ads1.msads.net][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 181/968 181/1405 181/1514 0/218][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** TLS Cert Expired **][Risk Score: 300][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA / 21/Oct/2011 16:42:03 - 20/Oct/2013 16:42:03][TLSv1][JA3C: 2201d8e006f8f005a6b415f61e677532][JA4: t10d120500_d94e65cdb899_c35b4a14be45][ServerNames: *.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: CN=Microsoft Secure Server Authority][Subject: C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net][Certificate SHA-1: FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B][Validity: 2011-10-21 16:42:03 - 2013-10-20 16:42:03][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0] + 1 TCP 10.0.0.1:31337 <-> 213.199.149.251:443 [proto: 91.212/TLS.Microsoft][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 6][cat: Web/5][1 pkts/181 bytes <-> 5 pkts/7024 bytes][Goodput ratio: 70/96][< 1 sec][Hostname/SNI: ads1.msads.net][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 181/968 181/1405 181/1514 0/218][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** TLS Cert Expired **][Risk Score: 300][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA / 21/Oct/2011 16:42:03 - 20/Oct/2013 16:42:03][TLSv1][JA3C: 2201d8e006f8f005a6b415f61e677532][JA4: t10d120500_d94e65cdb899_c35b4a14be45][ServerNames: *.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: CN=Microsoft Secure Server Authority][Subject: C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net][Certificate SHA-1: FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B][Validity: 2011-10-21 16:42:03 - 2013-10-20 16:42:03][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0] |