aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/wa_voice.pcap.out
diff options
context:
space:
mode:
authorIvan Nardi <12729895+IvanNardi@users.noreply.github.com>2024-04-08 10:24:51 +0200
committerGitHub <noreply@github.com>2024-04-08 10:24:51 +0200
commit1b3ef7d7b2dde9d58cb217d3d7fb6b14d6281153 (patch)
tree868ce2beb4ba9dbfbe40dd05c9a1b200e367439c /tests/cfgs/default/result/wa_voice.pcap.out
parentf5905a62c7fc1922d0b49e9399d56e8cfee69516 (diff)
STUN: improve extraction of Mapped-Address metadata (#2370)
Enable parsing of Mapped-Address attribute for all STUN flows: that means that STUN classification might require more packets. Add a configuration knob to enable/disable this feature. Note that we can have (any) STUN metadata also for flows *not* classified as STUN (because of DTLS). Add support for ipv6. Restore the correct extra dissection logic for Telegram flows.
Diffstat (limited to 'tests/cfgs/default/result/wa_voice.pcap.out')
-rw-r--r--tests/cfgs/default/result/wa_voice.pcap.out16
1 files changed, 8 insertions, 8 deletions
diff --git a/tests/cfgs/default/result/wa_voice.pcap.out b/tests/cfgs/default/result/wa_voice.pcap.out
index 9238b513c..1ef5b2a0e 100644
--- a/tests/cfgs/default/result/wa_voice.pcap.out
+++ b/tests/cfgs/default/result/wa_voice.pcap.out
@@ -1,5 +1,5 @@
DPI Packets (TCP): 20 (3.33 pkts/flow)
-DPI Packets (UDP): 53 (2.52 pkts/flow)
+DPI Packets (UDP): 51 (2.43 pkts/flow)
DPI Packets (other): 1 (1.00 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence DPI (cache) : 2 (flows)
@@ -51,17 +51,17 @@ JA3 Host Stats:
1 TCP 192.168.2.12:50504 <-> 157.240.20.52:443 [proto: 91.142/TLS.WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: DPI][DPI packets: 6][cat: Chat/9][41 pkts/3669 bytes <-> 44 pkts/43871 bytes][Goodput ratio: 27/93][0.41 sec][Hostname/SNI: pps.whatsapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 129/77 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 89/997 583/1454 85/624][TLSv1.3][JA3C: 7a7a639628f0fe5c7e057628a5bbec5a][JA4: t13d2614h2_2802a3db6c62_c5b8c5b1cdcb][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 8,11,4,0,0,2,2,0,2,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,61,0,0,0,0]
2 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][132 pkts/14116 bytes <-> 131 pkts/24439 bytes][Goodput ratio: 38/65][54.73 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 342/421 9349/9387 1279/1420][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/187 393/1454 62/283][PLAIN TEXT (fd.9LTIP9)][Plen Bins: 1,63,2,3,10,10,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0]
- 3 UDP 91.252.56.51:32704 <-> 192.168.2.12:56328 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][87 pkts/14598 bytes <-> 77 pkts/17336 bytes][Goodput ratio: 75/81][11.91 sec][bytes ratio: -0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 136/121 921/265 137/64][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 168/225 318/331 61/68][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (KEXQD/)][Plen Bins: 6,4,7,27,16,4,11,12,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 91.252.56.51:32704 <-> 192.168.2.12:56328 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 5][cat: VoIP/10][87 pkts/14598 bytes <-> 77 pkts/17336 bytes][Goodput ratio: 75/81][11.91 sec][bytes ratio: -0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 136/121 921/265 137/64][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 168/225 318/331 61/68][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (KEXQD/)][Plen Bins: 6,4,7,27,16,4,11,12,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.2.12:50503 <-> 31.13.86.51:443 [proto: 91.242/TLS.WhatsAppFiles][IP: 142/WhatsApp][Encrypted][Confidence: DPI][DPI packets: 6][cat: Download/7][25 pkts/2993 bytes <-> 25 pkts/21759 bytes][Goodput ratio: 44/92][0.39 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 127/126 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/870 583/1454 124/639][TLSv1.3][JA3C: b92a79ed03c3ff5611abb2305370d3e3][JA4: t13d2615h2_2802a3db6c62_0f2fdc61901b][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 7,14,7,0,0,3,0,0,7,0,3,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0]
5 TCP 192.168.2.12:49354 <-> 17.242.60.84:5223 [proto: 238/ApplePush][IP: 140/Apple][Encrypted][Confidence: DPI][DPI packets: 1][cat: Cloud/13][14 pkts/6933 bytes <-> 10 pkts/1074 bytes][Goodput ratio: 87/39][54.11 sec][bytes ratio: 0.732 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4462/757 43773/5113 12515/1779][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 495/107 1506/215 607/44][Plen Bins: 0,42,14,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,21,0,0]
- 6 UDP 192.168.2.12:56328 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 5][cat: VoIP/10][21 pkts/2349 bytes <-> 28 pkts/3668 bytes][Goodput ratio: 62/68][34.51 sec][bytes ratio: -0.219 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1959/1447 12194/12196 2978/2626][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 112/131 249/326 64/101][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 40,20,0,20,0,0,8,4,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 UDP 192.168.2.12:56328 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][21 pkts/2349 bytes <-> 28 pkts/3668 bytes][Goodput ratio: 62/68][34.51 sec][bytes ratio: -0.219 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1959/1447 12194/12196 2978/2626][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 112/131 249/326 64/101][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 40,20,0,20,0,0,8,4,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/1710 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][17.30 sec][Hostname/SNI: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][4 pkts/1528 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][30.05 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 UDP 192.168.2.12:56328 -> 1.60.78.64:64282 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][16 pkts/1376 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 614/0 625/0 643/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 UDP 192.168.2.12:56328 <-> 157.240.193.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6151 22207/12302 9311/6151][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 UDP 192.168.2.12:56328 <-> 157.240.196.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6148 22207/12297 9311/6148][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 UDP 192.168.2.12:56328 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6149 22207/12298 9311/6149][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 13 UDP 192.168.2.12:56328 <-> 185.60.216.51:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 8626/6151 22207/12301 9311/6150][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP 192.168.2.12:56328 -> 1.60.78.64:64282 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 5][cat: VoIP/10][16 pkts/1376 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 614/0 625/0 643/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 UDP 192.168.2.12:56328 <-> 157.240.193.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6151 22207/12302 9311/6151][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 UDP 192.168.2.12:56328 <-> 157.240.196.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6148 22207/12297 9311/6148][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 UDP 192.168.2.12:56328 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6149 22207/12298 9311/6149][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 13 UDP 192.168.2.12:56328 <-> 185.60.216.51:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 8626/6151 22207/12301 9311/6150][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 192.168.2.12:64716 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][4 pkts/671 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][9.04 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 UDP [fe80::414:409d:8afd:9f05]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 UDP 192.168.2.12:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/544 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.