diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-01-05 13:02:39 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-05 13:02:39 +0100 |
| commit | 40797521af054032908ca43de0878eda6255db77 (patch) | |
| tree | 48b79d6240c740fff9887b28b880cf9eeca42137 /tests/cfgs/default | |
| parent | 3d09b256532b13b71dd80de1d1843fe226617ccf (diff) | |
ndpiReader: add breed stats on output used for CI (#2236)
Diffstat (limited to 'tests/cfgs/default')
478 files changed, 1114 insertions, 0 deletions
diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index 788add272..2ae143087 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -44,6 +44,12 @@ MpegDash 1 299 1 1kxun 914 1969311 48 Line 30 19034 3 +Safe 124 28754 9 +Acceptable 622 514902 119 +Fun 948 1976493 53 +Dangerous 5 1197 2 +Unrated 24 6428 14 + JA3 Host Stats: IP Address # JA3C 1 192.168.5.16 2 diff --git a/tests/cfgs/default/result/443-chrome.pcap.out b/tests/cfgs/default/result/443-chrome.pcap.out index 73a1ec229..b0abe8f95 100644 --- a/tests/cfgs/default/result/443-chrome.pcap.out +++ b/tests/cfgs/default/result/443-chrome.pcap.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 1 1506 1 +Safe 1 1506 1 + 1 TCP 178.62.197.130:443 -> 192.168.1.13:53059 [proto: 91/TLS][IP: 26/ntop][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/default/result/443-curl.pcap.out b/tests/cfgs/default/result/443-curl.pcap.out index 2775cfc6d..141623187 100644 --- a/tests/cfgs/default/result/443-curl.pcap.out +++ b/tests/cfgs/default/result/443-curl.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 109 73982 1 +Safe 109 73982 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/443-firefox.pcap.out b/tests/cfgs/default/result/443-firefox.pcap.out index 2b24f333b..7ea661d8e 100644 --- a/tests/cfgs/default/result/443-firefox.pcap.out +++ b/tests/cfgs/default/result/443-firefox.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 667 458067 1 +Safe 667 458067 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/443-git.pcap.out b/tests/cfgs/default/result/443-git.pcap.out index 44298176d..42de493bb 100644 --- a/tests/cfgs/default/result/443-git.pcap.out +++ b/tests/cfgs/default/result/443-git.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Github 70 37189 1 +Acceptable 70 37189 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/443-opvn.pcap.out b/tests/cfgs/default/result/443-opvn.pcap.out index 1c8849c3e..91e19cfc1 100644 --- a/tests/cfgs/default/result/443-opvn.pcap.out +++ b/tests/cfgs/default/result/443-opvn.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OpenVPN 46 11573 1 +Acceptable 46 11573 1 + 1 TCP 192.168.1.84:52973 <-> 192.12.192.103:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VPN/2][25 pkts/5636 bytes <-> 21 pkts/5937 bytes][Goodput ratio: 70/77][8.96 sec][bytes ratio: -0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 443/427 3959/4015 926/1024][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 225/283 1506/1506 330/399][PLAIN TEXT (Registro.it)][Plen Bins: 4,41,4,8,0,0,0,0,0,4,4,0,0,0,4,0,0,4,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,8,0,0] diff --git a/tests/cfgs/default/result/443-safari.pcap.out b/tests/cfgs/default/result/443-safari.pcap.out index cc12e1aab..65bd2fcdb 100644 --- a/tests/cfgs/default/result/443-safari.pcap.out +++ b/tests/cfgs/default/result/443-safari.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 41 19929 1 +Safe 41 19929 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/4in4tunnel.pcap.out b/tests/cfgs/default/result/4in4tunnel.pcap.out index a85f40206..0785a2415 100644 --- a/tests/cfgs/default/result/4in4tunnel.pcap.out +++ b/tests/cfgs/default/result/4in4tunnel.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 5 850 1 +Unrated 5 850 1 + Undetected flows: diff --git a/tests/cfgs/default/result/4in6tunnel.pcap.out b/tests/cfgs/default/result/4in6tunnel.pcap.out index f9ddc8827..30f5385e0 100644 --- a/tests/cfgs/default/result/4in6tunnel.pcap.out +++ b/tests/cfgs/default/result/4in6tunnel.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Microsoft 4 2188 1 +Safe 4 2188 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.1 1 diff --git a/tests/cfgs/default/result/6in4tunnel.pcap.out b/tests/cfgs/default/result/6in4tunnel.pcap.out index 80494902d..8bcf004f2 100644 --- a/tests/cfgs/default/result/6in4tunnel.pcap.out +++ b/tests/cfgs/default/result/6in4tunnel.pcap.out @@ -29,6 +29,10 @@ TLS 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 +Safe 32 15913 3 +Acceptable 58 9654 4 +Fun 37 14726 3 + JA3 Host Stats: IP Address # JA3C 1 2001:470:1f17:13f:3e97:eff:fe73:4dec 2 diff --git a/tests/cfgs/default/result/6in6tunnel.pcap.out b/tests/cfgs/default/result/6in6tunnel.pcap.out index b82265671..908db4404 100644 --- a/tests/cfgs/default/result/6in6tunnel.pcap.out +++ b/tests/cfgs/default/result/6in6tunnel.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) Unknown 2 212 1 +Unrated 2 212 1 + Undetected flows: diff --git a/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out b/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out index e494872f8..8a0642003 100644 --- a/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out +++ b/tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BGP 14 969 1 +Acceptable 14 969 1 + 1 TCP 100.16.1.2:18324 <-> 100.16.1.1:179 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][7 pkts/388 bytes <-> 7 pkts/581 bytes][Goodput ratio: 20/46][50.10 sec][bytes ratio: -0.199 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10014/9944 50028/49681 20007/19868][Pkt Len c2s/s2c min/avg/max/stddev: 44/44 55/83 101/195 20/49][Plen Bins: 57,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/BGP_redist.pcap.out b/tests/cfgs/default/result/BGP_redist.pcap.out index b30416cf0..ea063ed9f 100644 --- a/tests/cfgs/default/result/BGP_redist.pcap.out +++ b/tests/cfgs/default/result/BGP_redist.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) BGP 2 322 2 +Acceptable 2 322 2 + 1 TCP 2.2.2.2:179 -> 4.4.4.4:63535 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 2.2.2.2:179 -> 5.5.5.5:49433 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/159 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/EAQ.pcap.out b/tests/cfgs/default/result/EAQ.pcap.out index 6af92afbb..af26d8413 100644 --- a/tests/cfgs/default/result/EAQ.pcap.out +++ b/tests/cfgs/default/result/EAQ.pcap.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found) Google 23 11743 2 EAQ 174 10092 29 +Acceptable 197 21835 31 + 1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Goodput ratio: 23/97][0.51 sec][Hostname/SNI: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 76/114 400/349 146/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/1666 193/2818 45/1240][URL: www.google.com.br/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg][StatusCode: 200][Content-Type: text/html][Server: gws][User-Agent: test][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Suspicious Log4J][PLAIN TEXT (we50oDAAg HTTP/1.1)][Plen Bins: 0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,60] 2 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Goodput ratio: 26/72][0.20 sec][Hostname/SNI: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 51/50 139/89 54/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78/191 154/602 39/237][URL: www.google.com/][StatusCode: 302][Content-Type: text/html][Server: GFE/2.0][User-Agent: test][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Suspicious Log4J][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][86.62 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 21509/21499 21642/21642 21860/21869 132/138][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index ddaff16c9..fe449e252 100644 --- a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -25,6 +25,8 @@ RTP 1330 182702 1 SIP 92 52851 3 Megaco 130 23570 1 +Acceptable 1552 259123 5 + 1 UDP 10.35.60.100:15580 <-> 10.23.1.52:16756 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][159 pkts/33872 bytes <-> 1171 pkts/148830 bytes][Goodput ratio: 80/66][37.44 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/30 81/286 7/49][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 213/127 214/214 12/32][PLAIN TEXT (UUUUUU)][Plen Bins: 0,0,50,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.35.40.25:5060 <-> 10.35.40.200:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/13254 bytes <-> 24 pkts/13218 bytes][Goodput ratio: 93/92][83.79 sec][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3385/1643 27628/17187 8177/4202][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.35.40.22:2944 <-> 10.23.1.42:2944 [proto: 181/Megaco][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][65 pkts/7788 bytes <-> 65 pkts/15782 bytes][Goodput ratio: 65/83][109.25 sec][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1409/1356 4370/4370 1953/1909][Pkt Len c2s/s2c min/avg/max/stddev: 77/101 120/243 583/561 107/94][PLAIN TEXT (555282713)][Plen Bins: 0,48,0,23,0,1,1,21,0,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/IEC104.pcap.out b/tests/cfgs/default/result/IEC104.pcap.out index a57a673bf..73600b741 100644 --- a/tests/cfgs/default/result/IEC104.pcap.out +++ b/tests/cfgs/default/result/IEC104.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) IEC60870 15 1431 2 +Acceptable 15 1431 2 + 1 TCP 10.175.211.1:2404 <-> 10.119.105.26:54768 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: IoT-Scada/31][7 pkts/987 bytes <-> 5 pkts/270 bytes][Goodput ratio: 61/0][2.00 sec][bytes ratio: 0.570 (Upload)][IAT c2s/s2c min/avg/max/stddev: 36/199 360/521 935/935 313/307][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 141/54 306/54 90/0][Plen Bins: 51,0,0,16,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.175.211.3:2404 <-> 10.119.105.26:54769 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: IoT-Scada/31][2 pkts/120 bytes <-> 1 pkts/54 bytes][Goodput ratio: 5/0][0.22 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out index d40c51d9e..8c29af0a3 100644 --- a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out @@ -34,6 +34,10 @@ Facebook 211 51558 11 HTTP_Proxy 26 3926 1 KakaoTalk 55 9990 15 +Safe 37 5258 7 +Acceptable 99 15120 20 +Fun 211 51558 11 + JA3 Host Stats: IP Address # JA3C 1 10.24.82.188 3 diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out index 9be519674..7a0a5498e 100644 --- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out @@ -36,6 +36,10 @@ KakaoTalk 85 20646 2 KakaoTalk_Voice 44 6196 2 AmazonAWS 4 396 1 +Safe 41 5761 8 +Acceptable 3145 428107 10 +Fun 17 1924 2 + JA3 Host Stats: IP Address # JA3C 1 10.24.82.188 2 diff --git a/tests/cfgs/default/result/NTPv2.pcap.out b/tests/cfgs/default/result/NTPv2.pcap.out index 016f10496..295b601da 100644 --- a/tests/cfgs/default/result/NTPv2.pcap.out +++ b/tests/cfgs/default/result/NTPv2.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NTP 1 410 1 +Acceptable 1 410 1 + 1 UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/410 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/NTPv3.pcap.out b/tests/cfgs/default/result/NTPv3.pcap.out index 25d3d1534..06bd8827f 100644 --- a/tests/cfgs/default/result/NTPv3.pcap.out +++ b/tests/cfgs/default/result/NTPv3.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NTP 1 90 1 +Acceptable 1 90 1 + 1 UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/NTPv4.pcap.out b/tests/cfgs/default/result/NTPv4.pcap.out index 378ec1eba..8a5a16ca6 100644 --- a/tests/cfgs/default/result/NTPv4.pcap.out +++ b/tests/cfgs/default/result/NTPv4.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NTP 1 90 1 +Acceptable 1 90 1 + 1 UDP 85.22.62.120:123 -> 78.46.76.11:123 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/Oscar.pcap.out b/tests/cfgs/default/result/Oscar.pcap.out index 67ab91472..a06a31219 100644 --- a/tests/cfgs/default/result/Oscar.pcap.out +++ b/tests/cfgs/default/result/Oscar.pcap.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 71 9386 1 +Safe 71 9386 1 + 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 21][cat: Web/5][38 pkts/3580 bytes <-> 33 pkts/5806 bytes][Goodput ratio: 42/68][72.45 sec][bytes ratio: -0.237 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2392/2607 58175/58215 10382/11142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/176 369/1414 75/257][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 7,58,5,5,0,0,5,2,2,7,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0] diff --git a/tests/cfgs/default/result/TivoDVR.pcap.out b/tests/cfgs/default/result/TivoDVR.pcap.out index ab95dfebe..1b11a7381 100644 --- a/tests/cfgs/default/result/TivoDVR.pcap.out +++ b/tests/cfgs/default/result/TivoDVR.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) TiVoConnect 2 422 1 +Fun 2 422 1 + 1 UDP 98.245.242.69:2190 -> 255.255.255.255:2190 [proto: 308/TiVoConnect][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/422 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][0.00 sec][UUID: 4d696e69-444c-164e-9d41-1459c099c04][Machine: R7000P][Platform: pc/minidlna][Services: TiVoMediaServer:8200/http][PLAIN TEXT (TiVoConnect)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/WebattackRCE.pcap.out b/tests/cfgs/default/result/WebattackRCE.pcap.out index f0e230483..da4504459 100644 --- a/tests/cfgs/default/result/WebattackRCE.pcap.out +++ b/tests/cfgs/default/result/WebattackRCE.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 797 191003 797 +Acceptable 797 191003 797 + 1 TCP 127.0.0.1:51184 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/ajax/api/hook/de)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:51182 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7D][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vb/ajax/api/hook/decodeArg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 127.0.0.1:50946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/WebattackSQLinj.pcap.out b/tests/cfgs/default/result/WebattackSQLinj.pcap.out index 53759cf77..1c3844030 100644 --- a/tests/cfgs/default/result/WebattackSQLinj.pcap.out +++ b/tests/cfgs/default/result/WebattackSQLinj.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 94 30008 9 +Acceptable 94 30008 9 + 1 TCP 172.16.0.1:36212 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/1070 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 56/92][5.01 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002/3 5000/10 1999/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/897 666/2767 210/1090][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,33] 2 TCP 172.16.0.1:36202 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/1004 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 60/92][5.09 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/80 1017/40 5004/80 1994/40][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 167/897 666/4215 223/1659][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 3 TCP 172.16.0.1:36204 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/937 bytes <-> 5 pkts/2359 bytes][Goodput ratio: 64/86][5.01 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 1251/1 5000/4 2164/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 187/472 665/2087 239/808][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] diff --git a/tests/cfgs/default/result/WebattackXSS.pcap.out b/tests/cfgs/default/result/WebattackXSS.pcap.out index cfc7d0aba..77e0b11c1 100644 --- a/tests/cfgs/default/result/WebattackXSS.pcap.out +++ b/tests/cfgs/default/result/WebattackXSS.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 9374 4721148 661 +Acceptable 9374 4721148 661 + 1 TCP 172.16.0.1:59042 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][214 pkts/62915 bytes <-> 107 pkts/190654 bytes][Goodput ratio: 78/96][68.07 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 340/680 4821/4822 530/629][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/1782 651/1935 251/393][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,49] 2 TCP 172.16.0.1:56306 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][205 pkts/62321 bytes <-> 115 pkts/191204 bytes][Goodput ratio: 78/96][68.15 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.508 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 354/600 4804/4805 540/628][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1663 651/1936 252/500][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,23,0,5,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,42] 3 TCP 172.16.0.1:58360 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][210 pkts/62853 bytes <-> 105 pkts/190635 bytes][Goodput ratio: 78/96][67.29 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 346/635 3808/3809 494/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 299/1816 651/1936 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS Attack **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] diff --git a/tests/cfgs/default/result/activision.pcap.out b/tests/cfgs/default/result/activision.pcap.out index 3c0fe6452..47220a738 100644 --- a/tests/cfgs/default/result/activision.pcap.out +++ b/tests/cfgs/default/result/activision.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Activision 60 3904 4 +Fun 60 3904 4 + 1 UDP 192.168.2.100:3074 <-> 45.63.112.54:34741 [proto: 258/Activision][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/491 bytes <-> 7 pkts/485 bytes][Goodput ratio: 32/39][0.88 sec][bytes ratio: 0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 79/66 130/134 202/202 51/56][Pkt Len c2s/s2c min/avg/max/stddev: 60/69 61/69 71/71 4/1][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:3074 <-> 108.61.235.31:33441 [proto: 258/Activision][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/491 bytes <-> 7 pkts/485 bytes][Goodput ratio: 32/39][1.58 sec][bytes ratio: 0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 198/198 212/214 274/269 28/28][Pkt Len c2s/s2c min/avg/max/stddev: 60/69 61/69 71/71 4/1][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:3074 <-> 148.72.173.162:34311 [proto: 258/Activision][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/491 bytes <-> 7 pkts/485 bytes][Goodput ratio: 32/39][1.42 sec][bytes ratio: 0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 200/198 203/200 213/202 5/1][Pkt Len c2s/s2c min/avg/max/stddev: 60/69 61/69 71/71 4/1][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/adult_content.pcap.out b/tests/cfgs/default/result/adult_content.pcap.out index 09058b8c6..6a0cabc65 100644 --- a/tests/cfgs/default/result/adult_content.pcap.out +++ b/tests/cfgs/default/result/adult_content.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) AdultContent 25 7972 1 +Acceptable 25 7972 1 + 1 UDP 192.168.1.199:42759 <-> 31.220.27.69:80 [proto: 78.108/STUN.AdultContent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: AdultContent/34][11 pkts/3593 bytes <-> 14 pkts/4379 bytes][Goodput ratio: 87/87][0.22 sec][Hostname/SNI: b-eu14.stripcdn.com][bytes ratio: -0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/14 55/54 17/17][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 327/313 1246/1418 350/353][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (NurOKA)][Plen Bins: 8,8,12,24,8,16,0,0,4,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0] diff --git a/tests/cfgs/default/result/afp.pcap.out b/tests/cfgs/default/result/afp.pcap.out index 5868a9bc4..145d7e564 100644 --- a/tests/cfgs/default/result/afp.pcap.out +++ b/tests/cfgs/default/result/afp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) AFP 16 1218 1 +Acceptable 16 1218 1 + 1 TCP 192.168.27.57:64987 <-> 192.168.27.139:548 [proto: 97/AFP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][12 pkts/836 bytes <-> 4 pkts/382 bytes][Goodput ratio: 5/31][1.09 sec][bytes ratio: 0.373 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 109/0 1086/0 326/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 70/96 88/116 8/21][Plen Bins: 60,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/agora-sd-rtn.pcap.out b/tests/cfgs/default/result/agora-sd-rtn.pcap.out index 052dc16cb..4eb3efd95 100644 --- a/tests/cfgs/default/result/agora-sd-rtn.pcap.out +++ b/tests/cfgs/default/result/agora-sd-rtn.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SD-RTN 403 112365 26 +Acceptable 403 112365 26 + 1 UDP 192.168.2.100:55322 <-> 104.166.161.75:8130 [proto: 171/SD-RTN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][24 pkts/5221 bytes <-> 6 pkts/3204 bytes][Goodput ratio: 81/92][730.23 sec][Hostname/SNI: 104-166-161-75.edge.agora.io][bytes ratio: 0.239 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34770/0 730075/0 155475/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/534 218/534 986/534 191/0][PLAIN TEXT (75.edge.agora.ioPDMD)][Plen Bins: 20,0,0,20,3,0,10,20,0,0,0,0,0,3,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:46798 <-> 23.248.186.179:8130 [proto: 171/SD-RTN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][11 pkts/2008 bytes <-> 4 pkts/5044 bytes][Goodput ratio: 77/97][< 1 sec][Hostname/SNI: 23-248-186-179.edge.agora.io][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 92/0 29/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/1261 183/1261 367/1261 98/0][PLAIN TEXT (179.edge.agora.ioPDMD)][Plen Bins: 20,0,0,13,13,0,0,20,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:47805 -> 199.190.44.135:8130 [proto: 171/SD-RTN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][18 pkts/4968 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][904.29 sec][Hostname/SNI: 199-190-44-135.edge.agora.io][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 58186/0 927866/0 224551/0][Pkt Len c2s/s2c min/avg/max/stddev: 276/0 276/0 276/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (135.edge.agora.ioPDMD)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ah.pcapng.out b/tests/cfgs/default/result/ah.pcapng.out index d116ae5ad..de2972b06 100644 --- a/tests/cfgs/default/result/ah.pcapng.out +++ b/tests/cfgs/default/result/ah.pcapng.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) IPSec 6 1768 2 +Safe 6 1768 2 + 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][2 pkts/770 bytes <-> 2 pkts/722 bytes][Goodput ratio: 89/88][0.02 sec][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 AH 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/138 bytes <-> 1 pkts/138 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ajp.pcap.out b/tests/cfgs/default/result/ajp.pcap.out index 86adfdec4..aba8f41bd 100644 --- a/tests/cfgs/default/result/ajp.pcap.out +++ b/tests/cfgs/default/result/ajp.pcap.out @@ -26,6 +26,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 6 2200 2 AJP 26 4446 2 +Acceptable 26 4446 2 +Unrated 6 2200 2 + 1 TCP 172.29.9.146:38856 <-> 172.29.9.147:8009 [VLAN: 7][proto: 139/AJP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][7 pkts/1554 bytes <-> 6 pkts/669 bytes][Goodput ratio: 68/36][0.17 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 222/112 896/300 286/84][PLAIN TEXT (HTTP/1.1)][Plen Bins: 50,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.29.9.146:38856 <-> 172.29.9.147:8010 [VLAN: 7][proto: 139/AJP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][7 pkts/1554 bytes <-> 6 pkts/669 bytes][Goodput ratio: 68/36][< 1 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 222/112 896/300 286/84][PLAIN TEXT (HTTP/1.1)][Plen Bins: 50,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out index ac090dcf0..964e446ac 100644 --- a/tests/cfgs/default/result/alexa-app.pcapng.out +++ b/tests/cfgs/default/result/alexa-app.pcapng.out @@ -40,6 +40,9 @@ PlayStore 21 8064 2 GoogleServices 19 2784 2 AmazonAWS 383 142290 19 +Safe 138 23305 13 +Acceptable 2936 1146440 147 + JA3 Host Stats: IP Address # JA3C 1 172.16.42.216 8 diff --git a/tests/cfgs/default/result/alicloud.pcap.out b/tests/cfgs/default/result/alicloud.pcap.out index 6fc9ba200..b5fb4f2c0 100644 --- a/tests/cfgs/default/result/alicloud.pcap.out +++ b/tests/cfgs/default/result/alicloud.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AliCloud 225 22986 15 +Acceptable 225 22986 15 + 1 TCP 192.168.2.100:45094 <-> 8.209.76.194:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.49 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/1 17/67 23/322 7/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:51774 <-> 8.209.77.36:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.46 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 14/64 20/318 7/114][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:57322 <-> 8.209.107.122:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.33 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 16/41 24/166 9/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/among_us.pcap.out b/tests/cfgs/default/result/among_us.pcap.out index aa53bfa9b..2c37116c3 100644 --- a/tests/cfgs/default/result/among_us.pcap.out +++ b/tests/cfgs/default/result/among_us.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) AmongUs 1 57 1 +Fun 1 57 1 + 1 UDP 10.0.0.1:64260 -> 172.105.251.170:22023 [proto: 69/AmongUs][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/57 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/amqp.pcap.out b/tests/cfgs/default/result/amqp.pcap.out index 16a4a1112..46e8de806 100644 --- a/tests/cfgs/default/result/amqp.pcap.out +++ b/tests/cfgs/default/result/amqp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AMQP 160 23514 3 +Acceptable 160 23514 3 + 1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][54 pkts/10859 bytes <-> 54 pkts/3564 bytes][Goodput ratio: 67/0][4.12 sec][bytes ratio: 0.506 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 85/85 2001/2001 341/341][Pkt Len c2s/s2c min/avg/max/stddev: 103/66 201/66 395/66 103/0][PLAIN TEXT (celeryev)][Plen Bins: 0,33,0,33,0,0,9,0,9,5,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.1.1:5672 <-> 127.0.0.1:44204 [proto: 192/AMQP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: RPC/16][13 pkts/4327 bytes <-> 9 pkts/699 bytes][Goodput ratio: 80/15][4.12 sec][bytes ratio: 0.722 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/3 407/588 2001/2001 623/729][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 333/78 514/87 211/10][PLAIN TEXT (celeryev)][Plen Bins: 38,0,0,0,0,0,0,0,0,0,0,0,0,38,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][15 pkts/3075 bytes <-> 15 pkts/990 bytes][Goodput ratio: 68/0][1.04 sec][bytes ratio: 0.513 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 87/87 540/540 182/182][Pkt Len c2s/s2c min/avg/max/stddev: 97/66 205/66 312/66 88/0][PLAIN TEXT (default)][Plen Bins: 33,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/android.pcap.out b/tests/cfgs/default/result/android.pcap.out index 36ea86288..52330cbd3 100644 --- a/tests/cfgs/default/result/android.pcap.out +++ b/tests/cfgs/default/result/android.pcap.out @@ -44,6 +44,10 @@ Spotify 3 258 1 PlayStore 59 22749 4 GoogleServices 40 10354 7 +Safe 97 27653 11 +Acceptable 262 77875 38 +Fun 116 26426 14 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.16 8 diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index 2581b0850..bd566061c 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -45,6 +45,10 @@ Apple 2 297 1 CiscoVPN 3 198 1 ApplePush 6 966 3 +Safe 359 93320 15 +Acceptable 207 36239 52 +Unrated 19 1054 2 + JA3 Host Stats: IP Address # JA3C 1 10.0.0.227 5 diff --git a/tests/cfgs/default/result/anydesk.pcapng.out b/tests/cfgs/default/result/anydesk.pcapng.out index 5c4c98c20..2eb5a04a9 100644 --- a/tests/cfgs/default/result/anydesk.pcapng.out +++ b/tests/cfgs/default/result/anydesk.pcapng.out @@ -25,6 +25,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 20 1717 1 AnyDesk 154 44400 6 +Safe 20 1717 1 +Acceptable 154 44400 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 1 diff --git a/tests/cfgs/default/result/avast.pcap.out b/tests/cfgs/default/result/avast.pcap.out index c7bd011dc..2389f2684 100644 --- a/tests/cfgs/default/result/avast.pcap.out +++ b/tests/cfgs/default/result/avast.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AVAST 142 9433 10 +Safe 142 9433 10 + 1 TCP 192.168.2.100:62741 <-> 5.62.53.131:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/543 bytes <-> 7 pkts/512 bytes][Goodput ratio: 18/20][569.69 sec][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63304/75961 189840/189839 89445/92978][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/73 150/140 31/28][Plen Bins: 67,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:64903 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/583 bytes <-> 7 pkts/432 bytes][Goodput ratio: 24/4][1385.80 sec][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171484/205784 356850/356863 172007/168697][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/62 150/70 32/3][Plen Bins: 67,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:49532 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][797.30 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99700/119575 199551/199551 99662/97621][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/avast_securedns.pcapng.out b/tests/cfgs/default/result/avast_securedns.pcapng.out index b18a5d93d..658e443f9 100644 --- a/tests/cfgs/default/result/avast_securedns.pcapng.out +++ b/tests/cfgs/default/result/avast_securedns.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AVASTSecureDNS 77 11443 39 +Safe 77 11443 39 + 1 UDP 192.168.2.100:49152 <-> 181.214.35.149:443 [proto: 263/AVASTSecureDNS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][PLAIN TEXT (sEcUREdNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:49704 <-> 181.214.35.149:443 [proto: 263/AVASTSecureDNS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][PLAIN TEXT (SECurEdnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:49737 <-> 181.214.35.149:443 [proto: 263/AVASTSecureDNS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][PLAIN TEXT (sEcUREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bacnet.pcap.out b/tests/cfgs/default/result/bacnet.pcap.out index c9814540c..57cb2658a 100644 --- a/tests/cfgs/default/result/bacnet.pcap.out +++ b/tests/cfgs/default/result/bacnet.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BACnet 23 1373 10 +Safe 23 1373 10 + 1 UDP 204.172.177.255:47808 -> 204.172.177.159:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][14 pkts/833 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][221.21 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1387/0 17424/0 43334/0 13696/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 60/0 67/0 5/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 64.62.197.26:36992 -> 90.147.69.221:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 64.62.197.166:36664 -> 90.147.69.213:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bad-dns-traffic.pcap.out b/tests/cfgs/default/result/bad-dns-traffic.pcap.out index 352adf728..c8233185b 100644 --- a/tests/cfgs/default/result/bad-dns-traffic.pcap.out +++ b/tests/cfgs/default/result/bad-dns-traffic.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 382 99374 3 +Acceptable 382 99374 3 + 1 UDP 192.168.43.91:56354 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][203 pkts/51588 bytes <-> 146 pkts/43285 bytes][Goodput ratio: 83/86][92.47 sec][Hostname/SNI: c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org][::][bytes ratio: 0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/15 482/284 1046/2080 456/471][Pkt Len c2s/s2c min/avg/max/stddev: 95/95 254/296 290/325 74/65][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 250][Risk Info: 244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error Code][PLAIN TEXT (8244300)][Plen Bins: 0,5,5,0,0,0,0,50,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.43.91:35966 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][10 pkts/1125 bytes <-> 9 pkts/1293 bytes][Goodput ratio: 63/71][7.51 sec][Hostname/SNI: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org][::][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 78/49 782/776 1050/1358 405/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 112/144 194/229 31/33][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 250][Risk Info: 05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error Code][PLAIN TEXT (3620001636f)][Plen Bins: 0,36,47,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.43.91:46961 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][7 pkts/926 bytes <-> 7 pkts/1157 bytes][Goodput ratio: 68/75][3.49 sec][Hostname/SNI: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org][::][bytes ratio: -0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 87/56 668/645 1019/1049 428/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 132/165 290/323 66/66][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 250][Risk Info: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error Code][PLAIN TEXT (da83510001636)][Plen Bins: 0,28,42,14,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/beckhoff_ads.pcapng.out b/tests/cfgs/default/result/beckhoff_ads.pcapng.out index c7a1dec6b..1ca6e4781 100644 --- a/tests/cfgs/default/result/beckhoff_ads.pcapng.out +++ b/tests/cfgs/default/result/beckhoff_ads.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BeckhoffADS 50 6032 1 +Acceptable 50 6032 1 + 1 TCP 192.168.1.99:49201 <-> 192.168.1.8:48898 [proto: 365/BeckhoffADS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][26 pkts/2788 bytes <-> 24 pkts/3244 bytes][Goodput ratio: 49/60][26.29 sec][bytes ratio: -0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1250/1381 25613/25812 5448/5759][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 107/135 150/762 31/139][PLAIN TEXT (Device 5 )][Plen Bins: 0,76,15,4,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bets.pcapng.out b/tests/cfgs/default/result/bets.pcapng.out index 63b867832..6c4b299c4 100644 --- a/tests/cfgs/default/result/bets.pcapng.out +++ b/tests/cfgs/default/result/bets.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 33 9228 1 +Safe 33 9228 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.10.2 1 diff --git a/tests/cfgs/default/result/bitcoin.pcap.out b/tests/cfgs/default/result/bitcoin.pcap.out index 0a1ff4450..c23ff87c2 100644 --- a/tests/cfgs/default/result/bitcoin.pcap.out +++ b/tests/cfgs/default/result/bitcoin.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BITCOIN 637 581074 6 +Acceptable 637 581074 6 + 1 TCP 192.168.1.142:55328 <-> 69.118.54.122:8333 [proto: 343/BITCOIN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][2 pkts/281 bytes <-> 137 pkts/191029 bytes][Goodput ratio: 53/95][330.56 sec][bytes ratio: -0.997 (Download)][IAT c2s/s2c min/avg/max/stddev: 141657/0 141657/2644 141657/76010 0/11325][Pkt Len c2s/s2c min/avg/max/stddev: 110/86 140/1394 171/1514 30/378][PLAIN TEXT (version)][Plen Bins: 0,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,92,0,0] 2 TCP 192.168.1.142:55348 <-> 74.89.181.229:8333 [proto: 343/BITCOIN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][55 pkts/28663 bytes <-> 117 pkts/134830 bytes][Goodput ratio: 87/94][1491.26 sec][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21789/4882 100110/64236 26995/11546][Pkt Len c2s/s2c min/avg/max/stddev: 110/86 521/1152 1514/1514 578/589][PLAIN TEXT (version)][Plen Bins: 0,32,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0] 3 TCP 192.168.1.142:55383 <-> 66.68.83.22:8333 [proto: 343/BITCOIN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][65 pkts/45271 bytes <-> 96 pkts/70339 bytes][Goodput ratio: 91/91][1337.01 sec][bytes ratio: -0.217 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18993/12001 134322/105866 27575/21527][Pkt Len c2s/s2c min/avg/max/stddev: 110/86 696/733 1514/1514 637/653][PLAIN TEXT (version)][Plen Bins: 0,47,0,4,0,0,0,0,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] diff --git a/tests/cfgs/default/result/bittorrent.pcap.out b/tests/cfgs/default/result/bittorrent.pcap.out index f53459299..680936c92 100644 --- a/tests/cfgs/default/result/bittorrent.pcap.out +++ b/tests/cfgs/default/result/bittorrent.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 299 305728 24 +Acceptable 299 305728 24 + 1 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][Goodput ratio: 59/95][5.77 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 12/0 319/30 779/919 241/95][Pkt Len c2s/s2c min/avg/max/stddev: 83/80 161/1463 242/1506 58/218][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 2,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0] 2 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/583 bytes <-> 4 pkts/975 bytes][Goodput ratio: 55/73][4.11 sec][bytes ratio: -0.252 (Download)][IAT c2s/s2c min/avg/max/stddev: 132/72 959/2027 1966/3982 760/1955][Pkt Len c2s/s2c min/avg/max/stddev: 80/73 146/244 198/648 44/235][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,12,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][Goodput ratio: 59/78][3.54 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 489/661 1178/883 1943/1105 596/222][Pkt Len c2s/s2c min/avg/max/stddev: 75/113 160/303 241/650 62/246][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 14,14,28,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out b/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out index d44896325..1894c7500 100644 --- a/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out +++ b/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 100 96898 1 +Acceptable 100 96898 1 + 1 TCP 192.168.122.34:48987 <-> 178.71.206.1:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: Download/7][33 pkts/2895 bytes <-> 67 pkts/94003 bytes][Goodput ratio: 38/96][0.31 sec][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/4 33/64 11/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 88/1403 525/1494 98/324][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][BT Hash: 0f6b9cd2b7da4de9b6c846203920e3da49cdb795][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,4,1,0,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0] diff --git a/tests/cfgs/default/result/bittorrent_utp.pcap.out b/tests/cfgs/default/result/bittorrent_utp.pcap.out index 271a520a3..729216256 100644 --- a/tests/cfgs/default/result/bittorrent_utp.pcap.out +++ b/tests/cfgs/default/result/bittorrent_utp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 86 41489 1 +Acceptable 86 41489 1 + 1 UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][47 pkts/36653 bytes <-> 39 pkts/4836 bytes][Goodput ratio: 95/66][19.22 sec][bytes ratio: 0.767 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 223/425 4392/4641 701/934][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 780/124 1514/519 609/123][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (hash20)][Plen Bins: 52,1,2,4,0,1,1,1,0,0,5,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,6,0,0,0,6,0,0,0,8,0] diff --git a/tests/cfgs/default/result/bjnp.pcap.out b/tests/cfgs/default/result/bjnp.pcap.out index 4fb1f93e5..66e6c8f75 100644 --- a/tests/cfgs/default/result/bjnp.pcap.out +++ b/tests/cfgs/default/result/bjnp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BJNP 10 460 10 +Acceptable 10 460 10 + 1 UDP 192.168.185.141:50087 -> 192.168.1.17:8612 [proto: 204/BJNP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.185.141:50089 -> 192.168.1.1:8612 [proto: 204/BJNP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.185.141:50089 -> 192.168.1.2:8612 [proto: 204/BJNP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bot.pcap.out b/tests/cfgs/default/result/bot.pcap.out index 87878602a..808706e8c 100644 --- a/tests/cfgs/default/result/bot.pcap.out +++ b/tests/cfgs/default/result/bot.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 402 431124 1 +Acceptable 402 431124 1 + 1 TCP 40.77.167.36:64768 <-> 89.31.72.220:80 [VLAN: 77][proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][115 pkts/7672 bytes <-> 287 pkts/423452 bytes][Goodput ratio: 4/96][5.66 sec][Hostname/SNI: atlanteditorino.it][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/3 4532/106 489/16][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 67/1475 374/1498 29/171][URL: atlanteditorino.it/quartieri/img/S.Donato_M.Vittoria1930_B.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)][Risk: ** Crawler/Bot **][Risk Score: 10][Risk Info: UA Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/b][PLAIN TEXT (GET /quartieri/im)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/default/result/bt-dns.pcap.out b/tests/cfgs/default/result/bt-dns.pcap.out index 2c53745ca..5ddb293de 100644 --- a/tests/cfgs/default/result/bt-dns.pcap.out +++ b/tests/cfgs/default/result/bt-dns.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 2 160 1 +Acceptable 2 160 1 + 1 UDP 10.0.2.15:59751 <-> 10.0.2.3:53 [proto: 5.37/DNS.BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.00 sec][Hostname/SNI: utorrent.com][98.143.146.7][PLAIN TEXT (utorrent)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bt-http.pcapng.out b/tests/cfgs/default/result/bt-http.pcapng.out index b47d1356d..5407751c0 100644 --- a/tests/cfgs/default/result/bt-http.pcapng.out +++ b/tests/cfgs/default/result/bt-http.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 14 1492 1 +Acceptable 14 1492 1 + 1 TCP 192.168.1.128:46882 <-> 176.31.225.118:80 [proto: 7.37/HTTP.BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Download/7][12 pkts/1038 bytes <-> 2 pkts/454 bytes][Goodput ratio: 36/75][57.56 sec][Hostname/SNI: tracker.trackerfix.com][bytes ratio: 0.391 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5384/0 28927/0 8989/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/227 424/394 102/167][URL: tracker.trackerfix.com/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started][User-Agent: Transmission/2.94][PLAIN TEXT (GET /announce)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bt_search.pcap.out b/tests/cfgs/default/result/bt_search.pcap.out index cb1328980..c1072ecc6 100644 --- a/tests/cfgs/default/result/bt_search.pcap.out +++ b/tests/cfgs/default/result/bt_search.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 2 322 1 +Acceptable 2 322 1 + 1 UDP 192.168.0.102:6771 -> 239.192.152.143:6771 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/322 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][300.03 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/cachefly.pcapng.out b/tests/cfgs/default/result/cachefly.pcapng.out index e43f0abb3..c897e2f60 100644 --- a/tests/cfgs/default/result/cachefly.pcapng.out +++ b/tests/cfgs/default/result/cachefly.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Cachefly 6 6163 1 +Acceptable 6 6163 1 + JA3 Host Stats: IP Address # JA3C 1 10.10.10.1 1 diff --git a/tests/cfgs/default/result/can.pcap.out b/tests/cfgs/default/result/can.pcap.out index 9f6e3ec50..26496d70e 100644 --- a/tests/cfgs/default/result/can.pcap.out +++ b/tests/cfgs/default/result/can.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Controller_Area_Network 8 696 8 +Safe 8 696 8 + 1 UDP 55.97.32.36:56551 -> 61.40.63.42:25353 [proto: 352/Controller_Area_Network][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 103.183.191.240:46565 -> 73.121.85.123:63575 [proto: 352/Controller_Area_Network][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 128.244.36.46:34952 -> 196.77.109.252:11898 [proto: 352/Controller_Area_Network][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/capwap.pcap.out b/tests/cfgs/default/result/capwap.pcap.out index 90be3ab2a..daf942bbb 100644 --- a/tests/cfgs/default/result/capwap.pcap.out +++ b/tests/cfgs/default/result/capwap.pcap.out @@ -28,6 +28,8 @@ IGMP 1 122 1 ICMPV6 5 790 3 CAPWAP 379 94439 4 +Acceptable 392 97607 10 + 1 UDP 192.168.10.9:5246 <-> 192.168.10.10:12380 [proto: 247/CAPWAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][106 pkts/26144 bytes <-> 111 pkts/37530 bytes][Goodput ratio: 83/88][169.10 sec][bytes ratio: -0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1421/1619 21349/21721 3881/4475][Pkt Len c2s/s2c min/avg/max/stddev: 106/115 247/338 1499/1499 292/381][PLAIN TEXT (Cisco Systems)][Plen Bins: 0,0,30,47,2,6,0,0,2,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,0,0] 2 UDP 192.168.10.10:12380 <-> 192.168.10.9:5247 [proto: 247/CAPWAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][156 pkts/29830 bytes <-> 1 pkts/168 bytes][Goodput ratio: 78/75][157.99 sec][bytes ratio: 0.989 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 1036/0 4999/0 902/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/168 191/168 470/168 70/0][Plen Bins: 0,0,21,27,11,19,5,9,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: CAPWAP:18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/2090 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][59.44 sec][Hostname/SNI: kawai-ipad3][DHCP Fingerprint: 1,3,6,15,119,252][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/capwap_data.pcapng.out b/tests/cfgs/default/result/capwap_data.pcapng.out index 47baf31cd..8de01565c 100644 --- a/tests/cfgs/default/result/capwap_data.pcapng.out +++ b/tests/cfgs/default/result/capwap_data.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleServices 14 2624 3 +Acceptable 14 2624 3 + JA3 Host Stats: IP Address # JA3C 1 10.1.3.68 1 diff --git a/tests/cfgs/default/result/cassandra.pcap.out b/tests/cfgs/default/result/cassandra.pcap.out index 22eeb16e1..08abe1da5 100644 --- a/tests/cfgs/default/result/cassandra.pcap.out +++ b/tests/cfgs/default/result/cassandra.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) Cassandra 286 126016 2 +Acceptable 286 126016 2 + 1 TCP 127.0.0.1:46536 <-> 127.0.0.1:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Database/11][75 pkts/9730 bytes <-> 69 pkts/78014 bytes][Goodput ratio: 49/94][200.04 sec][bytes ratio: -0.778 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3063/2427 32715/30000 8555/7658][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/1131 462/25214 82/4102][PLAIN TEXT (COMPRESSION)][Plen Bins: 8,16,44,9,5,0,6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2] 2 TCP 127.0.0.1:46537 <-> 127.0.0.1:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Database/11][74 pkts/9855 bytes <-> 68 pkts/28417 bytes][Goodput ratio: 50/84][200.00 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2835/2737 33012/33012 6521/6804][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/418 399/11512 80/1399][PLAIN TEXT (COMPRESSION)][Plen Bins: 13,13,32,12,5,2,1,6,0,1,1,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,3,0,0,0,1,0,0,0,0,0,1] diff --git a/tests/cfgs/default/result/ceph.pcap.out b/tests/cfgs/default/result/ceph.pcap.out index 3eb7e2bc1..865cef8fd 100644 --- a/tests/cfgs/default/result/ceph.pcap.out +++ b/tests/cfgs/default/result/ceph.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Ceph 39 13379 1 +Acceptable 39 13379 1 + 1 TCP 10.0.3.249:35556 <-> 10.0.3.67:6789 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][20 pkts/2479 bytes <-> 19 pkts/10900 bytes][Goodput ratio: 46/88][0.10 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 59/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/574 345/3533 77/1032][PLAIN TEXT (machine2)][Plen Bins: 20,8,12,12,16,0,0,0,8,4,0,0,0,0,4,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8] diff --git a/tests/cfgs/default/result/check_mk_new.pcap.out b/tests/cfgs/default/result/check_mk_new.pcap.out index 260937660..74e8612a6 100644 --- a/tests/cfgs/default/result/check_mk_new.pcap.out +++ b/tests/cfgs/default/result/check_mk_new.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) CHECKMK 98 20242 1 +Acceptable 98 20242 1 + 1 TCP 192.168.100.22:58998 <-> 192.168.100.50:6556 [proto: 138/CHECKMK][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][49 pkts/3242 bytes <-> 49 pkts/17000 bytes][Goodput ratio: 0/81][0.04 sec][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 4/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/347 74/4162 1/758][PLAIN TEXT (k@Version)][Plen Bins: 73,0,4,0,0,4,0,2,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,6] diff --git a/tests/cfgs/default/result/chrome.pcap.out b/tests/cfgs/default/result/chrome.pcap.out index e9f05398b..ba6a78919 100644 --- a/tests/cfgs/default/result/chrome.pcap.out +++ b/tests/cfgs/default/result/chrome.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 127 68131 6 +Safe 127 68131 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/citrix.pcap.out b/tests/cfgs/default/result/citrix.pcap.out index dec291ff0..c4220b89e 100644 --- a/tests/cfgs/default/result/citrix.pcap.out +++ b/tests/cfgs/default/result/citrix.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Citrix 100 11332 1 +Acceptable 100 11332 1 + 1 TCP 21.0.0.8:45225 <-> 22.0.0.7:1494 [proto: 132/Citrix][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Network/14][75 pkts/8236 bytes <-> 25 pkts/3096 bytes][Goodput ratio: 47/52][1.60 sec][bytes ratio: 0.454 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/58 108/222 22/81][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 110/124 913/595 117/118][PLAIN TEXT (32.EXE)][Plen Bins: 64,22,3,2,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/cloudflare-warp.pcap.out b/tests/cfgs/default/result/cloudflare-warp.pcap.out index 7fbc5e8a5..61a990902 100644 --- a/tests/cfgs/default/result/cloudflare-warp.pcap.out +++ b/tests/cfgs/default/result/cloudflare-warp.pcap.out @@ -32,6 +32,9 @@ Messenger 17 2369 1 GoogleServices 5 492 1 CloudflareWarp 22 7762 2 +Safe 5 294 2 +Acceptable 58 11695 6 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 3 diff --git a/tests/cfgs/default/result/coap_mqtt.pcap.out b/tests/cfgs/default/result/coap_mqtt.pcap.out index 357ec5be4..b68a63c61 100644 --- a/tests/cfgs/default/result/coap_mqtt.pcap.out +++ b/tests/cfgs/default/result/coap_mqtt.pcap.out @@ -26,6 +26,9 @@ COAP 19 1614 8 Dropbox 800 80676 4 MQTT 261 20211 4 +Safe 19 1614 8 +Acceptable 1061 100887 8 + 1 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes][Goodput ratio: 70/33][11.19 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 113/112 150/151 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 140/63 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,13,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes][Goodput ratio: 70/33][11.09 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 111/111 154/150 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,11,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes][Goodput ratio: 70/32][10.92 sec][bytes ratio: 0.382 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 110/110 172/164 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,15,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/collectd.pcap.out b/tests/cfgs/default/result/collectd.pcap.out index f00f56b4e..f5fc89da4 100644 --- a/tests/cfgs/default/result/collectd.pcap.out +++ b/tests/cfgs/default/result/collectd.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) collectd 81 109386 8 +Acceptable 81 109386 8 + 1 UDP 127.0.0.1:35988 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][49 pkts/66012 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][406.49 sec][Hostname/SNI: devlap.fritz.box][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8783/0 10000/0 3188/0][Pkt Len c2s/s2c min/avg/max/stddev: 193/0 1347/0 1388/0 167/0][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,83,10,0,0,0,0,0] 2 UDP 127.0.0.1:36832 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][17 pkts/22755 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][134.67 sec][Hostname/SNI: devlap.fritz.box][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8311/0 10000/0 3518/0][Pkt Len c2s/s2c min/avg/max/stddev: 924/0 1339/0 1384/0 104/0][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,89,0,0,0,0,0,0] 3 UDP 192.168.178.35:39576 -> 239.192.74.66:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 6][cat: System/18][6 pkts/8363 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][708570048.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 907/0 141714014208/0 708570000000/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 1274/0 1394/0 1434/0 54/0][PLAIN TEXT (RmBJSP)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,33,50,0,0,0,0] diff --git a/tests/cfgs/default/result/corba.pcap.out b/tests/cfgs/default/result/corba.pcap.out index c25e0f122..e9ee3ea7f 100644 --- a/tests/cfgs/default/result/corba.pcap.out +++ b/tests/cfgs/default/result/corba.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) Corba 28 26656 2 +Acceptable 28 26656 2 + 1 TCP 127.0.1.1:42717 <-> 127.0.1.1:56899 [proto: 168/Corba][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][11 pkts/19044 bytes <-> 7 pkts/4592 bytes][Goodput ratio: 96/90][2.27 sec][bytes ratio: 0.611 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/30 247/444 1024/1047 412/491][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1731/656 4162/4095 1891/1404][PLAIN TEXT (pIGIOP)][Plen Bins: 0,0,22,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66] 2 UDP 10.95.28.46:34477 -> 10.95.28.46:15984 [proto: 168/Corba][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][10 pkts/3020 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.06 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 49/0 15/0][Pkt Len c2s/s2c min/avg/max/stddev: 302/0 302/0 302/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.95.28.46)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/cpha.pcap.out b/tests/cfgs/default/result/cpha.pcap.out index 4225046b8..dac7fd234 100644 --- a/tests/cfgs/default/result/cpha.pcap.out +++ b/tests/cfgs/default/result/cpha.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) CPHA 1 96 1 +Fun 1 96 1 + 1 UDP 0.0.0.0:8116 -> 172.21.3.0:8116 [VLAN: 21][proto: 53/CPHA][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/crawler_false_positive.pcapng.out b/tests/cfgs/default/result/crawler_false_positive.pcapng.out index a2c298386..823da364c 100644 --- a/tests/cfgs/default/result/crawler_false_positive.pcapng.out +++ b/tests/cfgs/default/result/crawler_false_positive.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OCSP 12 1842 1 +Safe 12 1842 1 + 1 TCP 192.168.12.156:38291 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/705 bytes <-> 5 pkts/1137 bytes][Goodput ratio: 33/70][0.04 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.235 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 8/10 4/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/227 284/865 75/319][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CF7)][User-Agent: zbtls http][PLAIN TEXT (ConnectionTP/1.1)][Plen Bins: 33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/crynet.pcap.out b/tests/cfgs/default/result/crynet.pcap.out index dd7c2449e..97a623726 100644 --- a/tests/cfgs/default/result/crynet.pcap.out +++ b/tests/cfgs/default/result/crynet.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) CryNetwork 105 14077 7 +Fun 105 14077 7 + 1 UDP 192.168.2.100:55460 <-> 78.159.118.143:21931 [proto: 314/CryNetwork][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][12 pkts/1562 bytes <-> 3 pkts/525 bytes][Goodput ratio: 68/76][0.94 sec][bytes ratio: 0.497 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 88/48 266/48 102/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/175 130/175 267/175 62/0][Plen Bins: 0,33,33,0,20,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:56970 <-> 84.16.230.222:28665 [proto: 314/CryNetwork][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/1901 bytes <-> 1 pkts/175 bytes][Goodput ratio: 69/76][0.77 sec][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 61/0 262/0 85/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/175 136/175 267/175 69/0][Plen Bins: 0,40,33,0,6,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:55645 <-> 78.159.98.94:28375 [proto: 314/CryNetwork][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/1881 bytes <-> 1 pkts/175 bytes][Goodput ratio: 69/76][0.49 sec][bytes ratio: 0.830 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/0 201/0 51/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/175 134/175 267/175 70/0][Plen Bins: 0,46,26,0,6,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_categories.pcapng.out b/tests/cfgs/default/result/custom_categories.pcapng.out index ff8f4c91b..7aae3564e 100644 --- a/tests/cfgs/default/result/custom_categories.pcapng.out +++ b/tests/cfgs/default/result/custom_categories.pcapng.out @@ -25,6 +25,9 @@ Patricia protocols IPv6: 4/0 (search/found) IPSec 1 346 1 SSH 84 14188 2 +Safe 1 346 1 +Acceptable 84 14188 2 + 1 TCP [2001:db8:1::1]:64720 <-> [2001:db8:200::1]:20868 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 16][cat: Malware/100][32 pkts/3639 bytes <-> 30 pkts/6335 bytes][Goodput ratio: 24/59][5.34 sec][Hostname/SNI: SSH-1.5-1.2.26][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 13/74 184/193 1212/1436 234/283][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 114/211 250/1294 47/257][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Server: SSH-1.5-1.2.26][Plen Bins: 69,6,0,0,11,2,0,0,2,0,0,0,0,0,2,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.26.219.44:58639 <-> 172.30.69.103:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 10][cat: Malware/100][11 pkts/2011 bytes <-> 11 pkts/2203 bytes][Goodput ratio: 63/67][0.11 sec][Hostname/SNI: SSH-1.99-OpenSSH_4.3][bytes ratio: -0.046 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 39/41 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/200 1026/770 270/223][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **** Client contacted a malware host **][Risk Score: 300][Risk Info: Client contacted malware host / Found cipher arcfour128 / Found cipher arcfour128][HASSH-C: D6593B3202A30B2AA9793A00F8647A0A][Server: SSH-2.0-OpenSSH_6.1][HASSH-S: 500033A73A293E7C36743693D0D4596B][Plen Bins: 31,15,15,0,15,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 ESP [2a01:e34:ef6f:4340:94be:5dac:c20a:d2a0]:0 -> [2001:1670:8:40a6:a08e:332b:aa69:18dc]:0 [VLAN: 121][proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Malware/100][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Client contacted a malware host **][Risk Score: 160][Risk Info: No server to client traffic / Client contacted malware host][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_risk_mask.pcapng.out b/tests/cfgs/default/result/custom_risk_mask.pcapng.out index 1bfc07184..461f82571 100644 --- a/tests/cfgs/default/result/custom_risk_mask.pcapng.out +++ b/tests/cfgs/default/result/custom_risk_mask.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 4/0 (search/found) LLMNR 2 184 2 +Acceptable 2 184 2 + 1 UDP [fe80::356b:e047:3695:f741]:16765 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: ????????????][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP [fe80::7c0:e74e:87c3:5d93]:6741 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: ????????????][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out index 1ead1c007..ff5e07f7b 100644 --- a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out @@ -27,6 +27,8 @@ CustomProtocolF 1 1287 1 CustomProtocolG 1 318 1 CustomProtocolH 1 318 1 +Acceptable 6 3810 5 + 1 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 392/CustomProtocolE][IP: 392/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 2 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 393/CustomProtocolF][IP: 393/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 3 UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 391/CustomProtocolD][IP: 391/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out index 6ad025458..141a00e41 100644 --- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out @@ -25,6 +25,9 @@ CustomProtocolA 3 222 1 CustomProtocolB 2 148 1 Unknown 3 222 1 +Acceptable 5 370 2 +Unrated 3 222 1 + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.388/TLS.CustomProtocolA][IP: 388/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 390/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 389/CustomProtocolB][IP: 389/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dazn.pcapng.out b/tests/cfgs/default/result/dazn.pcapng.out index 4efa29d9a..aed5dff34 100644 --- a/tests/cfgs/default/result/dazn.pcapng.out +++ b/tests/cfgs/default/result/dazn.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Dazn 12 6675 3 +Fun 12 6675 3 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/dcerpc.pcap.out b/tests/cfgs/default/result/dcerpc.pcap.out index bc8d37cd8..387a2af84 100644 --- a/tests/cfgs/default/result/dcerpc.pcap.out +++ b/tests/cfgs/default/result/dcerpc.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) PROFINET_IO 16 6866 4 +Acceptable 16 6866 4 + 1 UDP 192.168.1.11:49155 -> 192.168.1.20:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/3706 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/0 32/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 618/0 995/0 338/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (mrpdomain)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.20:49161 -> 192.168.1.11:49155 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/2464 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 37/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 411/0 846/0 308/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.11:49154 -> 192.168.1.20:49162 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out index d2b417a7e..63c176898 100644 --- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out +++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) DHCP 1 342 1 +Acceptable 1 342 1 + 1 UDP 192.168.155.104:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][PLAIN TEXT (MK03862)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/diameter.pcap.out b/tests/cfgs/default/result/diameter.pcap.out index 2137d2a48..2111b556e 100644 --- a/tests/cfgs/default/result/diameter.pcap.out +++ b/tests/cfgs/default/result/diameter.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Diameter 6 1980 1 +Acceptable 6 1980 1 + 1 TCP 10.201.9.245:50957 <-> 10.201.9.11:3868 [proto: 237/Diameter][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/1174 bytes <-> 3 pkts/806 bytes][Goodput ratio: 86/80][0.09 sec][bytes ratio: 0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13/12 39/32 65/51 26/20][Pkt Len c2s/s2c min/avg/max/stddev: 362/226 391/269 414/290 22/30][PLAIN TEXT (1263278878147)][Plen Bins: 0,0,0,0,0,16,0,34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out index cf3dd4665..2c45fd440 100644 --- a/tests/cfgs/default/result/discord.pcap.out +++ b/tests/cfgs/default/result/discord.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Discord 411 98410 34 +Fun 411 98410 34 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/discord_mid_flow.pcap.out b/tests/cfgs/default/result/discord_mid_flow.pcap.out index 598d41941..4498f0f3d 100644 --- a/tests/cfgs/default/result/discord_mid_flow.pcap.out +++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Discord 40 4040 1 +Fun 40 4040 1 + 1 UDP 66.22.242.132:50001 <-> 5.36.141.228:54935 [VLAN: 1][proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][DPI packets: 3][cat: Collaborative/15][30 pkts/3110 bytes <-> 10 pkts/930 bytes][Goodput ratio: 43/37][24.00 sec][bytes ratio: 0.540 (Upload)][IAT c2s/s2c min/avg/max/stddev: 42/77 846/1740 1000/4217 343/1555][Pkt Len c2s/s2c min/avg/max/stddev: 72/68 104/93 110/118 14/25][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dlms.pcap.out b/tests/cfgs/default/result/dlms.pcap.out index 5c1c08755..170054ca6 100644 --- a/tests/cfgs/default/result/dlms.pcap.out +++ b/tests/cfgs/default/result/dlms.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) IEC62056 27 4247 2 +Acceptable 27 4247 2 + 1 TCP 192.168.137.20:60797 <-> 192.168.137.189:4060 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][10 pkts/2942 bytes <-> 8 pkts/520 bytes][Goodput ratio: 77/6][0.03 sec][bytes ratio: 0.700 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 13/5 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 294/65 1514/98 458/14][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] 2 UDP 10.1.1.1:0 -> 10.2.2.2:4059 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][9 pkts/785 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][< 1 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 87/0 181/0 37/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (01234567)][Plen Bins: 55,22,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dlt_ppp.pcap.out b/tests/cfgs/default/result/dlt_ppp.pcap.out index 53dac9981..0cea13e1d 100644 --- a/tests/cfgs/default/result/dlt_ppp.pcap.out +++ b/tests/cfgs/default/result/dlt_ppp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 1 1230 1 +Acceptable 1 1230 1 + JA3 Host Stats: IP Address # JA3C 1 193.167.0.252 1 diff --git a/tests/cfgs/default/result/dnp3.pcap.out b/tests/cfgs/default/result/dnp3.pcap.out index 48bdfc366..a98633f55 100644 --- a/tests/cfgs/default/result/dnp3.pcap.out +++ b/tests/cfgs/default/result/dnp3.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNP3 543 38754 8 +Acceptable 543 38754 8 + 1 TCP 10.0.0.8:2828 <-> 10.0.0.3:20000 [proto: 244/DNP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: IoT-Scada/31][60 pkts/4041 bytes <-> 78 pkts/7164 bytes][Goodput ratio: 17/38][121.83 sec][bytes ratio: -0.279 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 421/302 13044/8439 1926/1115][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 67/92 79/145 5/37][Plen Bins: 64,3,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.0.0.9:1080 <-> 10.0.0.3:20000 [proto: 244/DNP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: IoT-Scada/31][72 pkts/4659 bytes <-> 63 pkts/4692 bytes][Goodput ratio: 10/27][384.60 sec][bytes ratio: -0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4732/3049 75028/40127 13787/9968][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 65/74 81/147 7/16][Plen Bins: 96,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.0.0.8:1086 <-> 10.0.0.3:20000 [proto: 244/DNP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: IoT-Scada/31][57 pkts/3891 bytes <-> 36 pkts/2760 bytes][Goodput ratio: 17/28][70.37 sec][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1467/2686 45001/45233 7093/9611][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 68/77 81/147 8/22][Plen Bins: 95,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-exf.pcap.out b/tests/cfgs/default/result/dns-exf.pcap.out index 6b0946332..f2de61f11 100644 --- a/tests/cfgs/default/result/dns-exf.pcap.out +++ b/tests/cfgs/default/result/dns-exf.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 2 342 1 +Acceptable 2 342 1 + 1 UDP 192.168.2.225:45290 <-> 192.168.2.134:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/163 bytes <-> 1 pkts/179 bytes][Goodput ratio: 74/76][0.00 sec][Hostname/SNI: 4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt][::][Risk: ** Susp DNS Traffic **** Non-Printable/Invalid Chars Detected **** Minor Issues **][Risk Score: 210][Risk Info: DNS Record with zero TTL][PLAIN TEXT (sICN03)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-google-nsid.pcapng.out b/tests/cfgs/default/result/dns-google-nsid.pcapng.out index 70c5e4fee..0e30ed9a7 100644 --- a/tests/cfgs/default/result/dns-google-nsid.pcapng.out +++ b/tests/cfgs/default/result/dns-google-nsid.pcapng.out @@ -25,6 +25,9 @@ DNS 6 952 3 ntop 4 514 2 Wikipedia 4 704 2 +Safe 8 1218 4 +Acceptable 6 952 3 + 1 UDP [2001:b07:a3d:c112:b332:20d:89ab:105e]:41624 <-> [2001:4860:4860::8844]:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/106 bytes <-> 1 pkts/314 bytes][Goodput ratio: 41/80][0.01 sec][::][GeoLocation: mil][PLAIN TEXT (servers)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP [2a03:b0c0:2:d0::360:4001]:44924 <-> [2001:4860:4860::8888]:53 [proto: 5.176/DNS.Wikipedia][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/123 bytes <-> 1 pkts/256 bytes][Goodput ratio: 49/75][0.20 sec][Hostname/SNI: www.wikipedia.it][18.67.39.58][GeoLocation: ams][PLAIN TEXT (wikipedia)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.29:62500 <-> 8.8.4.4:53 [proto: 5.176/DNS.Wikipedia][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/234 bytes][Goodput ratio: 53/82][0.27 sec][Hostname/SNI: www.wikipedia.it][108.157.194.28][PLAIN TEXT (wikipedia)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-invalid-chars.pcap.out b/tests/cfgs/default/result/dns-invalid-chars.pcap.out index 663bc9a12..296fb68f6 100644 --- a/tests/cfgs/default/result/dns-invalid-chars.pcap.out +++ b/tests/cfgs/default/result/dns-invalid-chars.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 2 196 1 +Acceptable 2 196 1 + 1 UDP 127.0.0.1:35980 <-> 127.0.0.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.00 sec][Hostname/SNI: www.allyourbasesare???ongto.cn][19.185.141.241][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][PLAIN TEXT (allyourba)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out b/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out index c7b7bd677..2463c5230 100644 --- a/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out +++ b/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 434 70252 1 +Acceptable 434 70252 1 + 1 UDP 10.0.2.30:44639 <-> 10.0.2.20:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][222 pkts/26136 bytes <-> 212 pkts/44116 bytes][Goodput ratio: 64/80][24.49 sec][Hostname/SNI: vaaaakardli.pirate.sea][::][bytes ratio: -0.256 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/88 4005/4005 543/524][Pkt Len c2s/s2c min/avg/max/stddev: 82/93 118/208 323/1512 67/175][Risk: ** Susp DNS Traffic **** Minor Issues **][Risk Score: 110][Risk Info: DNS Record with zero TTL / Obsolete DNS record type][PLAIN TEXT (vaaaakardli)][Plen Bins: 0,40,1,15,29,3,0,1,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out index 128fa336e..5cb17d4cf 100644 --- a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out +++ b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 50 8960 1 +Safe 50 8960 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.20.211 1 diff --git a/tests/cfgs/default/result/dns_ambiguous_names.pcap.out b/tests/cfgs/default/result/dns_ambiguous_names.pcap.out index afabfe15b..4fbfdd460 100644 --- a/tests/cfgs/default/result/dns_ambiguous_names.pcap.out +++ b/tests/cfgs/default/result/dns_ambiguous_names.pcap.out @@ -30,6 +30,10 @@ GoogleServices 2 235 1 Teams 6 790 3 AppleSiri 2 234 1 +Safe 8 1264 4 +Acceptable 8 1091 4 +Fun 4 432 2 + 1 UDP 10.200.2.11:57632 <-> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/377 bytes][Goodput ratio: 56/89][0.03 sec][Hostname/SNI: android.clients.google.com][108.177.14.101][PLAIN TEXT (android)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.200.2.11:48375 <-> 8.8.8.8:53 [proto: 5.238/DNS.ApplePush][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/318 bytes][Goodput ratio: 56/87][0.04 sec][Hostname/SNI: 41-courier.push.apple.com][17.57.146.139][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.200.2.11:57051 <-> 8.8.8.8:53 [proto: 5.250/DNS.Teams][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/221 bytes][Goodput ratio: 53/81][0.03 sec][Hostname/SNI: api.teams.skype.com][52.113.194.131][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns_doh.pcap.out b/tests/cfgs/default/result/dns_doh.pcap.out index c02b47385..2e2deb0ef 100644 --- a/tests/cfgs/default/result/dns_doh.pcap.out +++ b/tests/cfgs/default/result/dns_doh.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 142 20362 1 +Acceptable 142 20362 1 + JA3 Host Stats: IP Address # JA3C 1 172.20.10.4 1 diff --git a/tests/cfgs/default/result/dns_dot.pcap.out b/tests/cfgs/default/result/dns_dot.pcap.out index b6c9e5f5f..14d0b6e08 100644 --- a/tests/cfgs/default/result/dns_dot.pcap.out +++ b/tests/cfgs/default/result/dns_dot.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 24 5869 1 +Acceptable 24 5869 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.185 1 diff --git a/tests/cfgs/default/result/dns_exfiltration.pcap.out b/tests/cfgs/default/result/dns_exfiltration.pcap.out index fa102bddf..5a152d9e9 100644 --- a/tests/cfgs/default/result/dns_exfiltration.pcap.out +++ b/tests/cfgs/default/result/dns_exfiltration.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 300 73545 1 +Acceptable 300 73545 1 + 1 UDP 192.168.220.56:56373 <-> 192.168.203.167:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][150 pkts/32419 bytes <-> 150 pkts/41126 bytes][Goodput ratio: 81/85][59.99 sec][Hostname/SNI: e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02][::][bytes ratio: -0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 398/397 1035/1015 491/489][Pkt Len c2s/s2c min/avg/max/stddev: 101/148 216/274 300/386 97/97][Risk: ** Susp DGA Domain name **** Risky Domain Name **][Risk Score: 150][Risk Info: e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02 / DGA Name Query with no Error Code][PLAIN TEXT (dnscat)][Plen Bins: 0,24,0,23,0,0,0,0,26,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns_fragmented.pcap.out b/tests/cfgs/default/result/dns_fragmented.pcap.out index 9e3ca92fc..0d9146465 100644 --- a/tests/cfgs/default/result/dns_fragmented.pcap.out +++ b/tests/cfgs/default/result/dns_fragmented.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 28/8 (search/found) DNS 59 21695 21 +Acceptable 59 21695 21 + 1 TCP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:57089 <-> [2001:470:1f0b:16b0::a26:53]:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/578 bytes <-> 4 pkts/2084 bytes][Goodput ratio: 9/83][0.00 sec][Hostname/SNI: weberlab.de][::][bytes ratio: -0.566 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 96/521 140/1818 20/749][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 2 TCP 194.247.5.6:39005 <-> 194.247.5.14:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/458 bytes <-> 4 pkts/2004 bytes][Goodput ratio: 12/86][0.00 sec][Hostname/SNI: weberlab.de][::][bytes ratio: -0.628 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/501 120/1798 20/749][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 3 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:55729 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/228 bytes <-> 1 pkts/1494 bytes][Goodput ratio: 45/95][5.01 sec][Hostname/SNI: weberlab.de][::][Risk: ** Large DNS Packet (512+ bytes) **** Fragmented DNS Message **][Risk Score: 100][Risk Info: 1424 Bytes DNS Packet][PLAIN TEXT (weberlab)][Plen Bins: 0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0] diff --git a/tests/cfgs/default/result/dns_invert_query.pcapng.out b/tests/cfgs/default/result/dns_invert_query.pcapng.out index b531c931f..514efb7ae 100644 --- a/tests/cfgs/default/result/dns_invert_query.pcapng.out +++ b/tests/cfgs/default/result/dns_invert_query.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 2 134 1 +Acceptable 2 134 1 + 1 UDP 173.147.108.174:18427 <-> 244.187.95.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/56 bytes][Goodput ratio: 46/21][0.00 sec][Hostname/SNI: 216.58.202.4][::][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dns_long_domainname.pcap.out b/tests/cfgs/default/result/dns_long_domainname.pcap.out index 36b4cc4a7..a51004215 100644 --- a/tests/cfgs/default/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/default/result/dns_long_domainname.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 2 262 1 +Acceptable 2 262 1 + 1 UDP 192.168.1.168:65311 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/159 bytes][Goodput ratio: 59/73][0.02 sec][Hostname/SNI: gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (fhkfhsdkfhsk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out index 1c63e6eb9..0b1e52a6a 100644 --- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNScrypt 488 309562 245 +Acceptable 488 309562 245 + 1 UDP 10.0.0.1:35228 <-> 149.56.228.45:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 2 UDP 10.0.0.1:35495 <-> 149.56.228.45:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 3 UDP 10.0.0.1:45722 <-> 149.56.228.45:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/3028 bytes <-> 2 pkts/452 bytes][Goodput ratio: 97/81][3600.11 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] diff --git a/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out b/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out index c0890733b..234b84943 100644 --- a/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 577 216583 34 +Acceptable 577 216583 34 + JA3 Host Stats: IP Address # JA3C 1 10.0.0.1 1 diff --git a/tests/cfgs/default/result/dnscrypt-v2.pcap.out b/tests/cfgs/default/result/dnscrypt-v2.pcap.out index 99f6193f3..28e2556e7 100644 --- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNScrypt 6 4300 3 +Acceptable 6 4300 3 + 1 UDP 127.0.0.1:50893 <-> 127.0.0.2:5353 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1130 bytes <-> 1 pkts/410 bytes][Goodput ratio: 96/90][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 127.0.0.1:38650 <-> 127.0.0.2:5353 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1130 bytes <-> 1 pkts/282 bytes][Goodput ratio: 96/85][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 127.0.0.1:42883 <-> 127.0.0.2:5353 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1130 bytes <-> 1 pkts/218 bytes][Goodput ratio: 96/80][0.01 sec][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out index 09d61dd09..04a877676 100644 --- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNScrypt 6 2380 1 +Acceptable 6 2380 1 + 1 UDP 192.168.2.100:46858 <-> 212.47.228.136:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Network/14][3 pkts/1662 bytes <-> 3 pkts/718 bytes][Goodput ratio: 92/82][5137.13 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 300005/300005 2568548/2568547 4837091/4837089 2268543/2268542][Pkt Len c2s/s2c min/avg/max/stddev: 554/154 554/239 554/282 0/60][PLAIN TEXT (OYy Tp)][Plen Bins: 0,0,0,16,0,0,0,33,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/doh.pcapng.out b/tests/cfgs/default/result/doh.pcapng.out index 3eaefa520..2e4f74efe 100644 --- a/tests/cfgs/default/result/doh.pcapng.out +++ b/tests/cfgs/default/result/doh.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 120 14592 1 +Safe 120 14592 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.253 1 diff --git a/tests/cfgs/default/result/doq.pcapng.out b/tests/cfgs/default/result/doq.pcapng.out index d262a20fc..e5fe6f49d 100644 --- a/tests/cfgs/default/result/doq.pcapng.out +++ b/tests/cfgs/default/result/doq.pcapng.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 4/0 (search/found) ICMPV6 6 1170 1 DoH_DoT 14 4788 1 +Acceptable 20 5958 2 + JA3 Host Stats: IP Address # JA3C 1 ::1 1 diff --git a/tests/cfgs/default/result/doq_adguard.pcapng.out b/tests/cfgs/default/result/doq_adguard.pcapng.out index a30ecec46..ab3666fd0 100644 --- a/tests/cfgs/default/result/doq_adguard.pcapng.out +++ b/tests/cfgs/default/result/doq_adguard.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 296 44445 1 +Acceptable 296 44445 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.12.169 1 diff --git a/tests/cfgs/default/result/dos_win98_smb_netbeui.pcap.out b/tests/cfgs/default/result/dos_win98_smb_netbeui.pcap.out index 7a6f57788..2ba46c240 100644 --- a/tests/cfgs/default/result/dos_win98_smb_netbeui.pcap.out +++ b/tests/cfgs/default/result/dos_win98_smb_netbeui.pcap.out @@ -26,6 +26,9 @@ NetBIOS 46 5060 2 SMBv1 15 3447 1 ICMP 1 60 1 +Acceptable 47 5120 3 +Dangerous 15 3447 1 + 1 UDP 192.168.239.129:137 -> 192.168.239.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][32 pkts/3520 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][131.29 sec][Hostname/SNI: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1218/0 22000/0 4015/0][Pkt Len c2s/s2c min/avg/max/stddev: 110/0 110/0 110/0 0/0][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.239.129:138 -> 192.168.239.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][15 pkts/3447 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][115.76 sec][Hostname/SNI: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8826/0 43984/0 11228/0][Pkt Len c2s/s2c min/avg/max/stddev: 219/0 230/0 249/0 10/0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,0,0,0,73,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.239.129:137 -> 192.168.239.2:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][14 pkts/1540 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][130.51 sec][Hostname/SNI: mdjr98][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10750/0 98690/0 27314/0][Pkt Len c2s/s2c min/avg/max/stddev: 110/0 110/0 110/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT ( ENEEEKFCDJ)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/drda_db2.pcap.out b/tests/cfgs/default/result/drda_db2.pcap.out index c4e2a027a..7e955588e 100644 --- a/tests/cfgs/default/result/drda_db2.pcap.out +++ b/tests/cfgs/default/result/drda_db2.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DRDA 38 6691 1 +Acceptable 38 6691 1 + 1 TCP 192.168.106.1:4847 <-> 192.168.106.128:50000 [proto: 227/DRDA][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][20 pkts/3169 bytes <-> 18 pkts/3522 bytes][Goodput ratio: 66/72][38.46 sec][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2371/2905 17828/17986 5833/6422][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 158/196 717/684 169/193][PLAIN TEXT (@@@@@@@@@@@)][Plen Bins: 25,20,4,4,0,4,0,8,8,0,4,0,8,0,4,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dropbox.pcap.out b/tests/cfgs/default/result/dropbox.pcap.out index 6e9861b0a..033cde4d4 100644 --- a/tests/cfgs/default/result/dropbox.pcap.out +++ b/tests/cfgs/default/result/dropbox.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Dropbox 848 90532 15 +Acceptable 848 90532 15 + 1 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes][Goodput ratio: 70/33][11.19 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 113/112 150/151 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 140/63 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,13,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes][Goodput ratio: 70/33][11.09 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 111/111 154/150 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,11,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes][Goodput ratio: 70/32][10.92 sec][bytes ratio: 0.382 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 110/110 172/164 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,15,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls.pcap.out b/tests/cfgs/default/result/dtls.pcap.out index 3c1b43c51..86afcd6f3 100644 --- a/tests/cfgs/default/result/dtls.pcap.out +++ b/tests/cfgs/default/result/dtls.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 2 394 1 +Safe 2 394 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.13.203 1 diff --git a/tests/cfgs/default/result/dtls2.pcap.out b/tests/cfgs/default/result/dtls2.pcap.out index 26834b732..72d4db96f 100644 --- a/tests/cfgs/default/result/dtls2.pcap.out +++ b/tests/cfgs/default/result/dtls2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 30 4991 1 +Safe 30 4991 1 + JA3 Host Stats: IP Address # JA3C 1 61.68.110.153 1 diff --git a/tests/cfgs/default/result/dtls_certificate.pcapng.out b/tests/cfgs/default/result/dtls_certificate.pcapng.out index d48829622..3d39b7892 100644 --- a/tests/cfgs/default/result/dtls_certificate.pcapng.out +++ b/tests/cfgs/default/result/dtls_certificate.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) WindowsUpdate 1 1486 1 +Safe 1 1486 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out index c177affae..df1441695 100644 --- a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out +++ b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 20 5978 1 Discord 6 4215 1 +Safe 20 5978 1 +Fun 6 4215 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.26 1 diff --git a/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out b/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out index 6afb761fa..12295944a 100644 --- a/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out +++ b/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 91 37868 4 +Safe 91 37868 4 + 1 UDP 170.151.105.215:443 <-> 121.152.255.238:8460 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][17 pkts/16320 bytes <-> 13 pkts/2086 bytes][Goodput ratio: 96/74][0.55 sec][bytes ratio: 0.773 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/24 152/154 51/46][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 960/160 1495/352 623/62][Plen Bins: 0,0,44,6,3,0,3,0,3,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,30,0,0] 2 UDP 170.151.105.215:443 <-> 72.102.179.218:62811 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][13 pkts/6283 bytes <-> 17 pkts/3803 bytes][Goodput ratio: 91/81][3.28 sec][bytes ratio: 0.246 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 240/212 1725/941 499/287][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 483/224 1495/833 556/172][Plen Bins: 0,0,34,20,13,0,6,3,3,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] 3 UDP 135.215.56.198:443 -> 124.73.140.89:61189 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][30 pkts/9241 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.27 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/0 28/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 308/0 1381/0 280/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (q/SCmS.)][Plen Bins: 0,0,20,3,13,0,41,0,3,0,3,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls_old_version.pcapng.out b/tests/cfgs/default/result/dtls_old_version.pcapng.out index b63b33fbd..d08f3cf0c 100644 --- a/tests/cfgs/default/result/dtls_old_version.pcapng.out +++ b/tests/cfgs/default/result/dtls_old_version.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 7 994 1 +Safe 7 994 1 + JA3 Host Stats: IP Address # JA3C 1 37.188.4.115 1 diff --git a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out index 0fbeb98f5..b5e08e925 100644 --- a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out +++ b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 4 604 1 +Safe 4 604 1 + JA3 Host Stats: IP Address # JA3C 1 185.196.113.239 1 diff --git a/tests/cfgs/default/result/edonkey.pcap.out b/tests/cfgs/default/result/edonkey.pcap.out index ba2e51cf5..bc8257434 100644 --- a/tests/cfgs/default/result/edonkey.pcap.out +++ b/tests/cfgs/default/result/edonkey.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) eDonkey 17 2016 1 +Unsafe 17 2016 1 + 1 TCP 201.15.177.227:1754 <-> 135.192.214.240:7551 [proto: 36/eDonkey][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][6 pkts/598 bytes <-> 11 pkts/1418 bytes][Goodput ratio: 41/56][57.40 sec][bytes ratio: -0.407 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/91 5347/4749 12107/12106 5400/4962][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 100/129 178/186 55/63][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (VeryCD)][Plen Bins: 0,0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/elasticsearch.pcap.out b/tests/cfgs/default/result/elasticsearch.pcap.out index bf0d29f0e..0840d65ec 100644 --- a/tests/cfgs/default/result/elasticsearch.pcap.out +++ b/tests/cfgs/default/result/elasticsearch.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Elasticsearch 47 12739 7 +Acceptable 47 12739 7 + 1 TCP 172.16.16.107:33288 <-> 172.16.17.102:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][13 pkts/3821 bytes <-> 2 pkts/140 bytes][Goodput ratio: 77/0][16.06 sec][bytes ratio: 0.929 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/16030 1460/16030 16003/16030 4599/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/70 335/74 95/4][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.17.102:48038 <-> 172.16.16.106:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/2596 bytes <-> 7 pkts/1323 bytes][Goodput ratio: 79/64][760.45 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 26/1 126431/145462 725343/725412 268113/289976][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/189 930/441 348/155][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,16,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.16.16.107:9300 -> 172.16.17.102:40342 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/1824 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] diff --git a/tests/cfgs/default/result/emotet.pcap.out b/tests/cfgs/default/result/emotet.pcap.out index f7e7cfa5f..60c238e39 100644 --- a/tests/cfgs/default/result/emotet.pcap.out +++ b/tests/cfgs/default/result/emotet.pcap.out @@ -25,6 +25,9 @@ SMTP 626 438465 1 HTTP 1601 1581542 3 TLS 153 107018 2 +Safe 153 107018 2 +Acceptable 2227 2020007 4 + JA3 Host Stats: IP Address # JA3C 1 10.4.25.101 1 diff --git a/tests/cfgs/default/result/encrypted_sni.pcap.out b/tests/cfgs/default/result/encrypted_sni.pcap.out index bffad37a5..d0a13e32f 100644 --- a/tests/cfgs/default/result/encrypted_sni.pcap.out +++ b/tests/cfgs/default/result/encrypted_sni.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 3 2310 3 +Safe 3 2310 3 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.12 1 diff --git a/tests/cfgs/default/result/epicgames.pcapng.out b/tests/cfgs/default/result/epicgames.pcapng.out index 65eb486fa..ab2594386 100644 --- a/tests/cfgs/default/result/epicgames.pcapng.out +++ b/tests/cfgs/default/result/epicgames.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) EpicGames 81 11186 4 +Fun 81 11186 4 + 1 UDP 192.168.12.156:39322 <-> 18.157.15.184:9011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Game/8][10 pkts/4805 bytes <-> 9 pkts/772 bytes][Goodput ratio: 91/51][0.62 sec][bytes ratio: 0.723 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 43/76 163/199 53/74][Pkt Len c2s/s2c min/avg/max/stddev: 81/55 480/86 994/119 424/18][Plen Bins: 10,53,10,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:37989 <-> 18.157.15.184:15011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Game/8][11 pkts/1143 bytes <-> 13 pkts/1296 bytes][Goodput ratio: 60/58][1.01 sec][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/0 116/76 455/433 133/121][Pkt Len c2s/s2c min/avg/max/stddev: 81/55 104/100 146/192 25/40][Plen Bins: 8,63,12,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:47446 <-> 18.157.15.184:15011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Game/8][11 pkts/911 bytes <-> 8 pkts/680 bytes][Goodput ratio: 49/51][4.23 sec][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 384/285 1029/741 372/304][Pkt Len c2s/s2c min/avg/max/stddev: 54/55 83/85 135/98 25/17][Plen Bins: 31,63,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/esp.pcapng.out b/tests/cfgs/default/result/esp.pcapng.out index dd56c30dd..7af3380bb 100644 --- a/tests/cfgs/default/result/esp.pcapng.out +++ b/tests/cfgs/default/result/esp.pcapng.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) IPSec 6 1856 2 +Safe 6 1856 2 + 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][2 pkts/786 bytes <-> 2 pkts/738 bytes][Goodput ratio: 89/88][0.02 sec][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 ESP 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/166 bytes <-> 1 pkts/166 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ethereum.pcap.out b/tests/cfgs/default/result/ethereum.pcap.out index cdcd3b5a7..12fca092e 100644 --- a/tests/cfgs/default/result/ethereum.pcap.out +++ b/tests/cfgs/default/result/ethereum.pcap.out @@ -27,6 +27,8 @@ Patricia protocols IPv6: 0/0 (search/found) ETHEREUM 2000 216111 74 +Acceptable 2000 216111 74 + 1 TCP 192.168.1.184:56626 <-> 178.128.195.220:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][32 pkts/3294 bytes <-> 37 pkts/3156 bytes][Goodput ratio: 36/21][0.16 sec][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/4 42/62 8/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/85 612/470 105/69][Plen Bins: 62,21,0,3,3,0,0,0,3,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.184:56638 <-> 209.250.240.205:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][34 pkts/3347 bytes <-> 28 pkts/2774 bytes][Goodput ratio: 34/32][0.15 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/3 43/41 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/99 481/560 79/95][Plen Bins: 43,29,0,14,3,3,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.184:56660 <-> 51.161.23.12:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][36 pkts/3241 bytes <-> 29 pkts/2723 bytes][Goodput ratio: 29/31][0.57 sec][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 147/141 36/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/94 639/487 96/81][Plen Bins: 63,21,3,3,3,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ethernetIP.pcap.out b/tests/cfgs/default/result/ethernetIP.pcap.out index 51364d745..f7e2f2e7f 100644 --- a/tests/cfgs/default/result/ethernetIP.pcap.out +++ b/tests/cfgs/default/result/ethernetIP.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) EthernetIP 100 17384 4 +Acceptable 100 17384 4 + 1 TCP 141.81.0.10:50275 <-> 141.81.0.83:44818 [proto: 278/EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][12 pkts/2716 bytes <-> 16 pkts/2580 bytes][Goodput ratio: 76/66][0.70 sec][bytes ratio: 0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/38 231/232 96/75][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 226/161 1258/406 330/99][PLAIN TEXT (99999999359)][Plen Bins: 0,20,45,0,10,0,0,5,0,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0] 2 TCP 141.81.0.63:44818 <-> 141.81.0.10:52593 [proto: 278/EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][16 pkts/2150 bytes <-> 13 pkts/2566 bytes][Goodput ratio: 58/73][0.78 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 30/60 190/197 55/74][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 134/197 406/528 92/158][PLAIN TEXT (99999999356)][Plen Bins: 0,15,43,0,5,0,10,5,0,0,5,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 141.81.0.10:52594 <-> 141.81.0.43:44818 [proto: 278/EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][9 pkts/1978 bytes <-> 12 pkts/1784 bytes][Goodput ratio: 75/62][0.66 sec][bytes ratio: 0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 61/33 196/185 73/56][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 220/149 528/406 163/113][PLAIN TEXT (rWKIm.)][Plen Bins: 0,14,35,0,7,0,14,0,0,7,0,7,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ethersbus.pcap.out b/tests/cfgs/default/result/ethersbus.pcap.out index 42c17b6f9..83b2a572c 100644 --- a/tests/cfgs/default/result/ethersbus.pcap.out +++ b/tests/cfgs/default/result/ethersbus.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Ether-S-Bus 20 1260 1 +Acceptable 20 1260 1 + 1 UDP 172.16.1.120:2467 <-> 172.16.1.135:5050 [proto: 368/Ether-S-Bus][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][10 pkts/582 bytes <-> 10 pkts/678 bytes][Goodput ratio: 28/34][0.10 sec][bytes ratio: -0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/8 10/10 22/20 5/4][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 58/68 67/94 3/13][PLAIN TEXT (Modell )][Plen Bins: 90,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ethersio.pcap.out b/tests/cfgs/default/result/ethersio.pcap.out index cadd17a27..1150ba041 100644 --- a/tests/cfgs/default/result/ethersio.pcap.out +++ b/tests/cfgs/default/result/ethersio.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) EtherSIO 36 3226 1 +Acceptable 36 3226 1 + 1 UDP 172.23.2.27:1024 -> 172.23.2.15:6060 [proto: 363/EtherSIO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][36 pkts/3226 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][3.39 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 94/0 100/0 111/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 90/0 91/0 6/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 5,94,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/exe_download.pcap.out b/tests/cfgs/default/result/exe_download.pcap.out index 74379e2b6..940890002 100644 --- a/tests/cfgs/default/result/exe_download.pcap.out +++ b/tests/cfgs/default/result/exe_download.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 703 717463 1 +Acceptable 703 717463 1 + 1 TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][203 pkts/11127 bytes <-> 500 pkts/706336 bytes][Goodput ratio: 1/96][5.18 sec][Hostname/SNI: 144.91.69.195][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/9 319/365 49/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 55/1413 207/1514 11/134][URL: 144.91.69.195/solar.php][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx/1.10.3][User-Agent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Filename: phn34ycjtghm.exe][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Obsolete Server **][Risk Score: 310][Risk Info: Found host 144.91.69.195 / UA pwtyyEKzNtGatwnJjmCcBLbOveCVpc / Obsolete nginx server 1.10.3 / Found mime exe octet-stream][PLAIN TEXT (GET /solar.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,2,0,0,7,0,0,63,0,0,24,0,0] diff --git a/tests/cfgs/default/result/exe_download_as_png.pcap.out b/tests/cfgs/default/result/exe_download_as_png.pcap.out index e5cff697d..bd6ee97a2 100644 --- a/tests/cfgs/default/result/exe_download_as_png.pcap.out +++ b/tests/cfgs/default/result/exe_download_as_png.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 534 529449 1 +Acceptable 534 529449 1 + 1 TCP 10.9.25.101:49197 <-> 185.98.87.185:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][163 pkts/9113 bytes <-> 371 pkts/520336 bytes][Goodput ratio: 3/96][69.52 sec][Hostname/SNI: 185.98.87.185][bytes ratio: -0.966 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 623/25 60010/4824 5733/276][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 56/1403 204/1514 16/164][URL: 185.98.87.185/tablone.png][StatusCode: 200][Content-Type: image/png][Server: nginx/1.10.3][User-Agent: WinHTTP loader/1.0][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Obsolete Server **][Risk Score: 210][Risk Info: Found host 185.98.87.185 / Obsolete nginx server 1.10.3 / Found Windows Exe][PLAIN TEXT (GET /tablone.png HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,10,0,0,71,0,0,16,0,0] diff --git a/tests/cfgs/default/result/facebook.pcap.out b/tests/cfgs/default/result/facebook.pcap.out index e72f3a645..a7ad47b51 100644 --- a/tests/cfgs/default/result/facebook.pcap.out +++ b/tests/cfgs/default/result/facebook.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Facebook 60 30511 2 +Fun 60 30511 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.43.18 2 diff --git a/tests/cfgs/default/result/fastcgi.pcap.out b/tests/cfgs/default/result/fastcgi.pcap.out index 5d48d6158..1820086fb 100644 --- a/tests/cfgs/default/result/fastcgi.pcap.out +++ b/tests/cfgs/default/result/fastcgi.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) FastCGI 102 72243 1 +Safe 102 72243 1 + 1 TCP 10.0.0.9:38254 <-> 10.0.0.11:9000 [proto: 310/FastCGI][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][48 pkts/4271 bytes <-> 54 pkts/67972 bytes][Goodput ratio: 26/95][3.42 sec][Hostname/SNI: api.openstreetmap.org][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/81 1257/2019 204/358][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1259 1121/1514 151/523][User-Agent: dummy_agent dummy_agent][PLAIN TEXT (SCRIPT)][Plen Bins: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,85,0,0] diff --git a/tests/cfgs/default/result/fins.pcap.out b/tests/cfgs/default/result/fins.pcap.out index fabf8f02a..a90b9e4a3 100644 --- a/tests/cfgs/default/result/fins.pcap.out +++ b/tests/cfgs/default/result/fins.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) FINS 257 17841 3 +Acceptable 257 17841 3 + 1 UDP 10.4.14.102:58722 -> 10.130.130.130:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][245 pkts/16887 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 69/0 582/0 46/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (filename.exeaaaaaaaaaaaaaaaaaaa)][Plen Bins: 89,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.1.1.173:17134 <-> 10.1.1.164:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][6 pkts/385 bytes <-> 4 pkts/366 bytes][Goodput ratio: 13/40][0.59 sec][bytes ratio: 0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/145 117/151 158/157 58/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 64/92 83/176 11/50][PLAIN TEXT (EL20DR)][Plen Bins: 75,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.1.1.173:54855 <-> 10.1.1.164:9600 [proto: 362/FINS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/55 bytes <-> 1 pkts/148 bytes][Goodput ratio: 23/71][0.16 sec][PLAIN TEXT (EL20DR)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/firefox.pcap.out b/tests/cfgs/default/result/firefox.pcap.out index 8dc5b2d84..7987190e3 100644 --- a/tests/cfgs/default/result/firefox.pcap.out +++ b/tests/cfgs/default/result/firefox.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 129 60233 6 +Safe 129 60233 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/fix.pcap.out b/tests/cfgs/default/result/fix.pcap.out index 5fbc9e76b..6436ef05a 100644 --- a/tests/cfgs/default/result/fix.pcap.out +++ b/tests/cfgs/default/result/fix.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) FIX 1261 115514 12 +Safe 1261 115514 12 + 1 TCP 208.245.107.3:4000 <-> 192.168.0.20:45578 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][228 pkts/26333 bytes <-> 228 pkts/13920 bytes][Goodput ratio: 53/2][22.80 sec][bytes ratio: 0.308 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 100/100 850/850 127/126][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/61 511/140 54/9][PLAIN TEXT (FIX.4.1)][Plen Bins: 35,41,10,8,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 8.17.22.31:4000 <-> 192.168.0.20:47968 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][201 pkts/21246 bytes <-> 200 pkts/13460 bytes][Goodput ratio: 38/2][22.86 sec][bytes ratio: 0.224 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 110/109 501/500 86/84][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/67 169/153 15/11][PLAIN TEXT (FIX.4.1)][Plen Bins: 23,67,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 8.17.22.31:4000 <-> 192.168.0.20:43594 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][111 pkts/16881 bytes <-> 111 pkts/7680 bytes][Goodput ratio: 57/5][22.65 sec][bytes ratio: 0.375 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/199 265/291 96/98][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 152/69 288/164 42/17][PLAIN TEXT (FIX.4.1)][Plen Bins: 3,25,31,28,10,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fix2.pcap.out b/tests/cfgs/default/result/fix2.pcap.out index e1a22c67e..f27461129 100644 --- a/tests/cfgs/default/result/fix2.pcap.out +++ b/tests/cfgs/default/result/fix2.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) FIX 3046 246540 2 +Safe 3046 246540 2 + 1 TCP 10.101.0.2:34962 <-> 10.102.0.2:1024 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][683 pkts/53501 bytes <-> 1304 pkts/102844 bytes][Goodput ratio: 25/25][0.01 sec][bytes ratio: -0.316 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 78/79 160/174 35/38][PLAIN TEXT (FIXT.1.1)][Plen Bins: 0,0,46,53,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.101.0.2:34963 <-> 10.102.0.9:1024 [proto: 230/FIX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][411 pkts/34812 bytes <-> 648 pkts/55383 bytes][Goodput ratio: 31/32][0.01 sec][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 85/85 160/174 39/42][PLAIN TEXT (FIXT.1.1)][Plen Bins: 0,0,47,52,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/forticlient.pcap.out b/tests/cfgs/default/result/forticlient.pcap.out index e849c0c36..3921a3cc8 100644 --- a/tests/cfgs/default/result/forticlient.pcap.out +++ b/tests/cfgs/default/result/forticlient.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) FortiClient 2000 430931 5 +Safe 2000 430931 5 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/ftp-start-tls.pcap.out b/tests/cfgs/default/result/ftp-start-tls.pcap.out index 1aa58890c..24204cebc 100644 --- a/tests/cfgs/default/result/ftp-start-tls.pcap.out +++ b/tests/cfgs/default/result/ftp-start-tls.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) FTPS 51 7510 1 +Unsafe 51 7510 1 + JA3 Host Stats: IP Address # JA3C 1 10.238.26.36 1 diff --git a/tests/cfgs/default/result/ftp.pcap.out b/tests/cfgs/default/result/ftp.pcap.out index 4c1a72021..0eed0abea 100644 --- a/tests/cfgs/default/result/ftp.pcap.out +++ b/tests/cfgs/default/result/ftp.pcap.out @@ -26,6 +26,10 @@ Unknown 1115 1122198 1 FTP_CONTROL 68 5571 1 FTP_DATA 9 1819 1 +Acceptable 9 1819 1 +Unsafe 68 5571 1 +Unrated 1115 1122198 1 + 1 TCP 192.168.1.212:50694 <-> 90.130.70.73:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 12][cat: Download/7][41 pkts/2892 bytes <-> 27 pkts/2679 bytes][Goodput ratio: 6/33][8.48 sec][User: anonymous][Pwd: NcFTP@][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/108 4743/1377 849/305][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/99 96/307 7/45][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found FTP username (anonymous)][PLAIN TEXT (vsFTPd 3.0.3)][Plen Bins: 74,18,5,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.212:50695 <-> 90.130.70.73:25685 [proto: 175/FTP_DATA][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][5 pkts/342 bytes <-> 4 pkts/1477 bytes][Goodput ratio: 0/82][0.09 sec][bytes ratio: -0.624 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/28 14/28 29/29 14/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/369 78/1271 5/521][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT ( 1 0 0 1073741)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ftp_failed.pcap.out b/tests/cfgs/default/result/ftp_failed.pcap.out index b5381f09f..cd14d585e 100644 --- a/tests/cfgs/default/result/ftp_failed.pcap.out +++ b/tests/cfgs/default/result/ftp_failed.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 2/0 (search/found) FTP_CONTROL 18 1700 1 +Unsafe 18 1700 1 + 1 TCP [2a00:d40:1:3:192:12:193:11]:44724 <-> [2a00:800:1010::1]:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Download/7][10 pkts/892 bytes <-> 8 pkts/808 bytes][Goodput ratio: 3/14][7.24 sec][User: hello][Pwd: ][Auth Failed][bytes ratio: 0.049 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 896/1442 5304/5318 1757/2052][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 89/101 98/126 4/15][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found FTP username (hello)][PLAIN TEXT (vsFTPd 3.0.3)][Plen Bins: 71,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index 710f2d7dd..bcb1d2ed3 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -38,6 +38,12 @@ RTP 5 1070 1 SIP 85 39540 15 Protobuf 1 113 1 +Safe 1 113 1 +Acceptable 498 77785 202 +Unsafe 35 2456 11 +Dangerous 7 1620 3 +Unrated 34 4212 34 + 1 UDP 212.242.33.35:5060 <-> 192.168.1.2:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][23 pkts/11772 bytes <-> 37 pkts/14743 bytes][Goodput ratio: 91/89][1521.43 sec][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/227 32597/38366 167478/304738 41340/57147][Pkt Len c2s/s2c min/avg/max/stddev: 344/47 512/398 711/1118 86/358][PLAIN TEXT (SIP/2.0 401 Unauthorized)][Plen Bins: 29,0,0,0,0,0,0,0,0,3,6,0,3,6,8,13,1,0,3,0,1,15,0,0,0,5,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: VoIP/10][9 pkts/4647 bytes <-> 3 pkts/1944 bytes][Goodput ratio: 92/93][66.58 sec][bytes ratio: 0.410 (Upload)][IAT c2s/s2c min/avg/max/stddev: 507/34556 8170/34556 32608/34556 10578/0][Pkt Len c2s/s2c min/avg/max/stddev: 417/637 516/648 864/656 186/8][PLAIN TEXT (INVITEKsip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,59,0,0,0,0,0,0,8,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.2:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][71 pkts/6532 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1527.12 sec][Hostname/SNI: eci_domain][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 741/0 20522/0 93225/0 24163/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EFEDEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out index 34c5a3c32..b89f8a4cc 100644 --- a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out @@ -29,6 +29,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 3 655 3 HTTP 118 28709 37 +Acceptable 118 28709 37 +Unrated 3 655 3 + 1 TCP 172.20.3.5:2601 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 13][cat: Web/5][9 pkts/6343 bytes <-> 4 pkts/409 bytes][Goodput ratio: 92/46][11.25 sec][bytes ratio: 0.879 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/104 67/128 469/152 164/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 705/102 1514/243 721/81][PLAIN TEXT (POST /servlets/mms HTTP/1.1)][Plen Bins: 16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0] 2 TCP 172.20.3.5:2606 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 12][cat: Web/5][8 pkts/2287 bytes <-> 5 pkts/2963 bytes][Goodput ratio: 80/91][11.18 sec][Hostname/SNI: 172.20.3.13][bytes ratio: -0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/58 177/172 83/81][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 286/593 1514/1514 478/662][URL: 172.20.3.13/servlets/mms?message-id=189301][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 172.20.3.13 / Empty or missing User-Agent][PLAIN TEXT (GET /servlets/mms)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,50,0,0] 3 TCP 172.20.3.5:2604 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/1754 bytes <-> 4 pkts/583 bytes][Goodput ratio: 83/62][11.17 sec][Hostname/SNI: 172.20.3.13][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 307/81 2793/3724 10864/10997 4662/5143][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 351/146 1514/417 582/157][URL: 172.20.3.13/servlets/mms?message-id=189001][StatusCode: 200][Server: Resin/2.0.1][User-Agent: SonyEricssonT68/R201A][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 172.20.3.13][PLAIN TEXT (GET /servlets/mms)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] diff --git a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out index e5b96fc09..1d2fe970b 100644 --- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out @@ -30,6 +30,9 @@ Unknown 19 6603 19 VRRP 1 725 1 Radius 295 143155 57 +Acceptable 296 143880 58 +Unrated 19 6603 19 + 1 UDP 10.12.64.30:29200 <-> 198.226.25.53:1812 [proto: 146/Radius][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][110 pkts/79894 bytes <-> 102 pkts/24138 bytes][Goodput ratio: 93/82][2575.21 sec][bytes ratio: 0.536 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/154 25882/28068 567977/452627 75856/68610][Pkt Len c2s/s2c min/avg/max/stddev: 697/179 726/237 745/318 20/53][PLAIN TEXT (50311480271516480@wlan.mnc480.m)][Plen Bins: 0,0,0,0,12,12,10,0,12,0,0,0,0,0,0,0,0,0,0,0,14,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.12.64.30:29200 <-> 198.226.25.62:1812 [proto: 146/Radius][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][12 pkts/8682 bytes <-> 6 pkts/1365 bytes][Goodput ratio: 94/81][1507.26 sec][bytes ratio: 0.728 (Upload)][IAT c2s/s2c min/avg/max/stddev: 195/217 150274/201744 597367/597234 204869/243404][Pkt Len c2s/s2c min/avg/max/stddev: 660/165 724/228 745/318 27/65][PLAIN TEXT (50311480281501589@wlan.mnc480.m)][Plen Bins: 0,0,0,5,11,5,0,0,11,0,0,0,0,0,0,0,0,0,0,5,16,45,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.12.64.30:29200 <-> 198.226.25.53:1813 [proto: 146/Radius][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/3539 bytes <-> 4 pkts/620 bytes][Goodput ratio: 93/73][2002.35 sec][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6131/15399 400469/467937 1165850/1229729 441254/541835][Pkt Len c2s/s2c min/avg/max/stddev: 251/147 590/155 876/179 230/14][PLAIN TEXT (50311480073638072@wlan.mnc400.m)][Plen Bins: 0,0,0,30,10,0,10,0,10,0,0,0,0,0,0,0,0,0,0,10,10,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out b/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out index f31939713..be2026640 100644 --- a/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out +++ b/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) Unknown 1 197 1 +Unrated 1 197 1 + Undetected flows: diff --git a/tests/cfgs/default/result/geforcenow.pcapng.out b/tests/cfgs/default/result/geforcenow.pcapng.out index a9a50c39b..84579150d 100644 --- a/tests/cfgs/default/result/geforcenow.pcapng.out +++ b/tests/cfgs/default/result/geforcenow.pcapng.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) GeForceNow 108 69000 2 +Fun 108 69000 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.245 2 diff --git a/tests/cfgs/default/result/genshin-impact.pcap.out b/tests/cfgs/default/result/genshin-impact.pcap.out index bbf500b40..d0b9b2b34 100644 --- a/tests/cfgs/default/result/genshin-impact.pcap.out +++ b/tests/cfgs/default/result/genshin-impact.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) GenshinImpact 90 18405 6 +Fun 90 18405 6 + 1 UDP 192.168.2.100:58766 <-> 47.245.143.85:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1369 bytes <-> 8 pkts/3568 bytes][Goodput ratio: 78/91][1.63 sec][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 312/266 818/750 343/309][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 196/446 648/1223 192/449][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,13,0,6,13,20,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:52575 <-> 8.209.69.191:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1975 bytes <-> 8 pkts/1300 bytes][Goodput ratio: 85/74][2.27 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 409/181 1044/710 455/239][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 282/162 648/396 240/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,26,0,6,0,20,6,0,0,0,0,6,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:39686 <-> 49.51.181.168:80 [proto: 257/GenshinImpact][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][9 pkts/2327 bytes <-> 6 pkts/535 bytes][Goodput ratio: 78/35][0.71 sec][bytes ratio: 0.626 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/88 176/176 86/87][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 259/89 1468/138 434/29][PLAIN TEXT (194946781)][Plen Bins: 0,50,25,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0] diff --git a/tests/cfgs/default/result/git.pcap.out b/tests/cfgs/default/result/git.pcap.out index dde564425..5716dbe26 100644 --- a/tests/cfgs/default/result/git.pcap.out +++ b/tests/cfgs/default/result/git.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Git 90 74005 1 +Safe 90 74005 1 + 1 TCP 192.168.0.77:47991 <-> 5.153.231.21:9418 [proto: 226/Git][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Collaborative/15][41 pkts/3319 bytes <-> 49 pkts/70686 bytes][Goodput ratio: 18/95][1.11 sec][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/25 558/607 98/96][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 81/1443 593/2946 82/706][PLAIN TEXT (0045git)][Plen Bins: 4,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,12] diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index a8df01f0f..46d5a8aa2 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -44,6 +44,12 @@ LLMNR 10 770 6 NAT-PMP 4 176 4 BACnet 2 140 1 +Safe 23 4535 2 +Acceptable 184 57460 38 +Potentially Dangerous 2787 437378 330 +Dangerous 5 1215 1 +Unrated 883 76902 389 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/google_meet.pcapng.out b/tests/cfgs/default/result/google_meet.pcapng.out index 3621c3027..76308b3cc 100644 --- a/tests/cfgs/default/result/google_meet.pcapng.out +++ b/tests/cfgs/default/result/google_meet.pcapng.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleMeet 12 8888 2 +Acceptable 12 8888 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.88.231 2 diff --git a/tests/cfgs/default/result/google_ssl.pcap.out b/tests/cfgs/default/result/google_ssl.pcap.out index 039311c55..53449b281 100644 --- a/tests/cfgs/default/result/google_ssl.pcap.out +++ b/tests/cfgs/default/result/google_ssl.pcap.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 28 9108 1 +Safe 28 9108 1 + 1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 24][cat: Web/5][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][Goodput ratio: 43/91][6.67 sec][bytes ratio: -0.668 (Download)][IAT c2s/s2c min/avg/max/stddev: 76/66 422/544 1185/1213 376/402][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/633 368/1484 87/622][Plen Bins: 8,8,0,8,0,8,0,0,0,25,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0] diff --git a/tests/cfgs/default/result/googledns_android10.pcap.out b/tests/cfgs/default/result/googledns_android10.pcap.out index cc2c0bd85..d64850581 100644 --- a/tests/cfgs/default/result/googledns_android10.pcap.out +++ b/tests/cfgs/default/result/googledns_android10.pcap.out @@ -28,6 +28,8 @@ Patricia protocols IPv6: 0/0 (search/found) ICMP 4 392 1 DoH_DoT 528 132502 7 +Acceptable 532 132894 8 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.159 2 diff --git a/tests/cfgs/default/result/gquic.pcap.out b/tests/cfgs/default/result/gquic.pcap.out index c39aabab9..0d63bfb6b 100644 --- a/tests/cfgs/default/result/gquic.pcap.out +++ b/tests/cfgs/default/result/gquic.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Google 1 1392 1 +Acceptable 1 1392 1 + 1 UDP 10.44.5.25:61097 -> 216.58.213.163:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.gstatic.com][User-Agent: canary Chrome/85.0.4169.0 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Q050][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gquic_only_from_server.pcap.out b/tests/cfgs/default/result/gquic_only_from_server.pcap.out index 086f114ca..e1864c727 100644 --- a/tests/cfgs/default/result/gquic_only_from_server.pcap.out +++ b/tests/cfgs/default/result/gquic_only_from_server.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 30 39740 1 +Acceptable 30 39740 1 + 1 UDP 213.202.7.26:443 -> 10.189.122.71:60524 [VLAN: 1508][proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][30 pkts/39740 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.09 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/0 59/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 69/0 1325/0 1396/0 275/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (AESGCC20)][Plen Bins: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gtp_c.pcap.out b/tests/cfgs/default/result/gtp_c.pcap.out index 8be459d88..8532fdf2e 100644 --- a/tests/cfgs/default/result/gtp_c.pcap.out +++ b/tests/cfgs/default/result/gtp_c.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) GTP_C 4 684 1 +Acceptable 4 684 1 + 1 UDP 10.101.0.2:1024 <-> 10.102.0.2:2123 [proto: 152.272/GTP.GTP_C][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/365 bytes <-> 2 pkts/319 bytes][Goodput ratio: 77/73][0.00 sec][PLAIN TEXT (internet)][Plen Bins: 25,25,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gtp_false_positive.pcapng.out b/tests/cfgs/default/result/gtp_false_positive.pcapng.out index 92c9a6654..d6a97ae6f 100644 --- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out +++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 5 428 1 GTP 2 424 2 +Acceptable 2 424 2 +Unrated 5 428 1 + 1 UDP 119.185.190.173:2123 -> 66.86.98.114:50140 [proto: 152/GTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (autoAlgo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 50.7.111.134:17000 -> 103.225.103.159:2123 [proto: 152/GTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 14/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gtp_prime.pcapng.out b/tests/cfgs/default/result/gtp_prime.pcapng.out index bb889dd8e..2b2789891 100644 --- a/tests/cfgs/default/result/gtp_prime.pcapng.out +++ b/tests/cfgs/default/result/gtp_prime.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) GTP_PRIME 1 300 1 +Acceptable 1 300 1 + 1 UDP 10.10.54.1:64580 -> 10.10.39.10:3386 [VLAN: 103][proto: 152.273/GTP.GTP_PRIME][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (NODE01)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/h323-overflow.pcap.out b/tests/cfgs/default/result/h323-overflow.pcap.out index 89781602a..c63c5cce6 100644 --- a/tests/cfgs/default/result/h323-overflow.pcap.out +++ b/tests/cfgs/default/result/h323-overflow.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 1 58 1 +Unrated 1 58 1 + Undetected flows: diff --git a/tests/cfgs/default/result/h323.pcap.out b/tests/cfgs/default/result/h323.pcap.out index d970a4411..f3cca1ae5 100644 --- a/tests/cfgs/default/result/h323.pcap.out +++ b/tests/cfgs/default/result/h323.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) H323 12 1825 2 +Acceptable 12 1825 2 + 1 UDP 17.2.0.124:2034 <-> 17.2.0.161:1719 [proto: 158/H323][IP: 140/Apple][ClearText][Confidence: DPI][DPI packets: 2][cat: VoIP/10][3 pkts/665 bytes <-> 7 pkts/853 bytes][Goodput ratio: 81/65][80.21 sec][bytes ratio: -0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 247/336 288/13362 330/70142 42/25418][Pkt Len c2s/s2c min/avg/max/stddev: 80/67 222/122 411/176 139/48][PLAIN TEXT (@333333330)][Plen Bins: 20,20,10,10,30,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 17.2.0.124:3032 <-> 17.2.0.122:1720 [proto: 158/H323][IP: 140/Apple][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/207 bytes <-> 1 pkts/100 bytes][Goodput ratio: 74/46][0.06 sec][PLAIN TEXT (5295672)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/h323_tcp.pcap.out b/tests/cfgs/default/result/h323_tcp.pcap.out index 30c9e8abe..eb47ef27f 100644 --- a/tests/cfgs/default/result/h323_tcp.pcap.out +++ b/tests/cfgs/default/result/h323_tcp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) H323 10 939 1 +Acceptable 10 939 1 + 1 TCP 10.1.6.18:1720 <-> 10.1.3.143:32803 [proto: 158/H323][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][5 pkts/509 bytes <-> 5 pkts/430 bytes][Goodput ratio: 44/37][1.04 sec][bytes ratio: 0.084 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 60/17 261/261 627/627 217/225][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 102/86 151/214 35/64][PLAIN TEXT (m.jemec)][Plen Bins: 0,0,50,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/haproxy.pcap.out b/tests/cfgs/default/result/haproxy.pcap.out index 1cba1a8fb..6f6936f6e 100644 --- a/tests/cfgs/default/result/haproxy.pcap.out +++ b/tests/cfgs/default/result/haproxy.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HAProxy 1 375 1 +Safe 1 375 1 + 1 TCP 1.1.1.1:48502 -> 2.2.2.2:443 [proto: 350/HAProxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/375 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (PROXY TCP)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hart_ip.pcap.out b/tests/cfgs/default/result/hart_ip.pcap.out index 4b0573ca9..db3733c2b 100644 --- a/tests/cfgs/default/result/hart_ip.pcap.out +++ b/tests/cfgs/default/result/hart_ip.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) HART-IP 65 4413 3 +Acceptable 65 4413 3 + 1 TCP 192.168.0.101:49559 <-> 192.168.0.10:5094 [proto: 72/HART-IP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][27 pkts/1652 bytes <-> 14 pkts/1156 bytes][Goodput ratio: 11/33][34.10 sec][bytes ratio: 0.177 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1547/3394 30003/30004 6255/8934][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 61/83 75/110 8/16][PLAIN TEXT (wihartgw)][Plen Bins: 70,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.0.10:5095 <-> 192.168.0.101:49905 [proto: 72/HART-IP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][12 pkts/915 bytes <-> 11 pkts/635 bytes][Goodput ratio: 42/27][34.71 sec][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 46/51 516/3796 4241/30007 1317/9907][Pkt Len c2s/s2c min/avg/max/stddev: 60/50 76/58 98/63 13/4][PLAIN TEXT (wihartgw)][Plen Bins: 69,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.0.101:49905 -> 192.168.0.10:5094 [proto: 72/HART-IP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/55 bytes -> 0 pkts/0 bytes][Goodput ratio: 23/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out b/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out index 1af36cbd3..26dd42d25 100644 --- a/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out +++ b/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out @@ -25,6 +25,9 @@ TLS 196 76217 4 WindowsUpdate 19 2638 1 Pinterest 88 34448 1 +Safe 215 78855 5 +Fun 88 34448 1 + JA3 Host Stats: IP Address # JA3C 1 194.226.199.103 1 diff --git a/tests/cfgs/default/result/hislip.pcap.out b/tests/cfgs/default/result/hislip.pcap.out index 3e7bf8d58..a9fef2388 100644 --- a/tests/cfgs/default/result/hislip.pcap.out +++ b/tests/cfgs/default/result/hislip.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HiSLIP 184 12204 4 +Acceptable 184 12204 4 + 1 TCP 10.64.0.127:51056 <-> 10.64.0.72:4880 [proto: 372/HiSLIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][39 pkts/2432 bytes <-> 23 pkts/1584 bytes][Goodput ratio: 12/20][214.30 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5039/8986 25879/26093 6570/7043][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 62/69 108/78 11/4][PLAIN TEXT (582390DAF)][Plen Bins: 97,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.64.0.127:51055 <-> 10.64.0.72:4880 [proto: 372/HiSLIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][27 pkts/1765 bytes <-> 20 pkts/1466 bytes][Goodput ratio: 14/23][214.32 sec][bytes ratio: 0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9060/14014 30021/30224 11869/12472][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/73 80/95 11/13][PLAIN TEXT (Query INTERRUPTED)][Plen Bins: 88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.64.0.127:51054 <-> 10.64.0.72:4880 [proto: 372/HiSLIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][23 pkts/1460 bytes <-> 16 pkts/1064 bytes][Goodput ratio: 11/15][246.85 sec][bytes ratio: 0.157 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9131/16221 30014/30221 11397/11595][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 63/66 108/78 12/6][PLAIN TEXT (582390DAF)][Plen Bins: 95,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hl7.pcap.out b/tests/cfgs/default/result/hl7.pcap.out index bed019835..6d20f4544 100644 --- a/tests/cfgs/default/result/hl7.pcap.out +++ b/tests/cfgs/default/result/hl7.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HL7 9 1173 1 +Acceptable 9 1173 1 + 1 TCP 10.0.0.155:49242 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][5 pkts/777 bytes <-> 4 pkts/396 bytes][Goodput ratio: 61/42][0.04 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 8/16 31/21 13/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 155/99 531/222 188/71][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (SENDING)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hots.pcapng.out b/tests/cfgs/default/result/hots.pcapng.out index 1e9f8ece3..ba1e19b68 100644 --- a/tests/cfgs/default/result/hots.pcapng.out +++ b/tests/cfgs/default/result/hots.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Heroes_of_the_Storm 100 10145 3 +Fun 100 10145 3 + 1 UDP 24.105.57.16:3724 -> 192.168.0.73:50609 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][40 pkts/4753 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][1.26 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 32/0 62/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 119/0 164/0 34/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 22,0,47,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 24.105.57.183:1119 -> 192.168.0.73:50609 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][25 pkts/2978 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][0.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6/0 38/0 63/0 22/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 119/0 158/0 21/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 4,24,40,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.0.73:54598 <-> 24.105.56.13:3724 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/908 bytes <-> 21 pkts/1506 bytes][Goodput ratio: 35/41][92.43 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/17 42/51 66/63 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 65/72 66/74 2/5][Plen Bins: 51,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hpvirtgrp.pcap.out b/tests/cfgs/default/result/hpvirtgrp.pcap.out index 02f50ae0d..e3f4f98df 100644 --- a/tests/cfgs/default/result/hpvirtgrp.pcap.out +++ b/tests/cfgs/default/result/hpvirtgrp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HP_VIRTGRP 135 12739 9 +Acceptable 135 12739 9 + 1 TCP 192.168.2.100:40152 <-> 160.44.194.66:5223 [proto: 256/HP_VIRTGRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][7 pkts/1019 bytes <-> 8 pkts/613 bytes][Goodput ratio: 61/26][1.18 sec][bytes ratio: 0.249 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 92/192 380/409 144/135][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 146/77 217/106 74/17][Plen Bins: 0,50,0,0,12,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:35634 <-> 160.44.194.66:5223 [proto: 256/HP_VIRTGRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/945 bytes <-> 7 pkts/524 bytes][Goodput ratio: 52/23][233.89 sec][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 38973/46772 233376/233402 86940/93315][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 118/75 217/106 70/18][Plen Bins: 0,57,0,0,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:49838 <-> 160.44.194.66:5223 [proto: 256/HP_VIRTGRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][9 pkts/1019 bytes <-> 6 pkts/435 bytes][Goodput ratio: 48/20][129.59 sec][bytes ratio: 0.402 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18430/32235 128357/128902 44878/55811][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 113/72 217/106 68/18][Plen Bins: 0,50,0,0,16,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hsrp0.pcap.out b/tests/cfgs/default/result/hsrp0.pcap.out index 076fa8341..aa49dcbbb 100644 --- a/tests/cfgs/default/result/hsrp0.pcap.out +++ b/tests/cfgs/default/result/hsrp0.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) HSRP 4 264 4 +Acceptable 4 264 4 + 1 UDP 10.28.168.252:1985 -> 224.0.0.2:1985 [VLAN: 10][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.28.168.253:1985 -> 224.0.0.2:1985 [VLAN: 10][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.28.170.253:1985 -> 224.0.0.2:1985 [VLAN: 12][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hsrp2.pcap.out b/tests/cfgs/default/result/hsrp2.pcap.out index e8c52ffc2..db3aed661 100644 --- a/tests/cfgs/default/result/hsrp2.pcap.out +++ b/tests/cfgs/default/result/hsrp2.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) HSRP 2 188 2 +Acceptable 2 188 2 + 1 UDP 10.52.220.125:1985 -> 224.0.0.102:1985 [proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.52.253.125:1985 -> 224.0.0.102:1985 [proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out b/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out index 4c18c4a13..3dd580835 100644 --- a/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out +++ b/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 4/0 (search/found) HSRP 36 4374 2 +Acceptable 36 4374 2 + 1 UDP [fe80::1]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][18 pkts/2286 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][138.56 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8110/0 21092/0 4624/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 127/0 138/0 25/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 16,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP [fe80::2]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][18 pkts/2088 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][131.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 73/0 7611/0 21554/0 5305/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 116/0 138/0 31/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http-crash-content-disposition.pcap.out b/tests/cfgs/default/result/http-crash-content-disposition.pcap.out index 244416ab4..379a45571 100644 --- a/tests/cfgs/default/result/http-crash-content-disposition.pcap.out +++ b/tests/cfgs/default/result/http-crash-content-disposition.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 9 3328 1 +Acceptable 9 3328 1 + 1 TCP 192.168.0.103:51171 <-> 174.129.0.10:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][4 pkts/691 bytes <-> 5 pkts/2637 bytes][Goodput ratio: 69/90][0.31 sec][Hostname/SNI: khu.sh][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/50 125/145 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 173/527 480/1492 178/601][URL: khu.sh/imessages.php?songify_a=3h248fIbwJ&new][StatusCode: 200][Req Content-Type: text/plain][Content-Type: text/html][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST /imessages.php)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] diff --git a/tests/cfgs/default/result/http-lines-split.pcap.out b/tests/cfgs/default/result/http-lines-split.pcap.out index aa965fac6..41a7590bd 100644 --- a/tests/cfgs/default/result/http-lines-split.pcap.out +++ b/tests/cfgs/default/result/http-lines-split.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 14 2503 1 +Acceptable 14 2503 1 + 1 TCP 192.168.0.1:39236 <-> 192.168.0.20:31337 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/481 bytes <-> 7 pkts/2022 bytes][Goodput ratio: 14/81][0.00 sec][Hostname/SNI: toni.lan][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 69/289 92/1514 12/503][URL: toni.lan:31337/][StatusCode: 200][User-Agent: uclient-fetch][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] diff --git a/tests/cfgs/default/result/http-manipulated.pcap.out b/tests/cfgs/default/result/http-manipulated.pcap.out index 22e38c891..a90ef0cfb 100644 --- a/tests/cfgs/default/result/http-manipulated.pcap.out +++ b/tests/cfgs/default/result/http-manipulated.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 40 45063 2 +Acceptable 40 45063 2 + 1 TCP 192.168.0.20:33684 <-> 192.168.0.7:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1543 bytes <-> 15 pkts/42291 bytes][Goodput ratio: 47/98][0.07 sec][Hostname/SNI: www.lan][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/6 72/73 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/2819 440/5894 123/2007][URL: www.lan:8080/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri][StatusCode: 200][Content-Type: text/html][Server: gamma_httpd][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (GET /aaaaaaaaa)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,64] 2 TCP 192.168.0.20:33632 <-> 192.168.0.7:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/412 bytes <-> 4 pkts/817 bytes][Goodput ratio: 18/71][0.00 sec][Hostname/SNI: wwww.lan][bytes ratio: -0.330 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 69/204 130/631 28/246][URL: wwww.lan:8080/][StatusCode: 200][Content-Type: text/html][Server: gamma_httpd][User-Agent: curl/7.64.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http-proxy.pcapng.out b/tests/cfgs/default/result/http-proxy.pcapng.out index 6d9c0390a..fbfdc0b9a 100644 --- a/tests/cfgs/default/result/http-proxy.pcapng.out +++ b/tests/cfgs/default/result/http-proxy.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP_Proxy 11 1652 1 +Acceptable 11 1652 1 + 1 TCP 192.168.1.103:1241 <-> 192.168.1.146:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/654 bytes <-> 5 pkts/998 bytes][Goodput ratio: 45/72][5.24 sec][Hostname/SNI: http.com][bytes ratio: -0.208 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1048/118 4958/234 1958/116][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 109/200 348/770 107/285][URL: http://http.com/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][PLAIN TEXT (GET http)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http2.pcapng.out b/tests/cfgs/default/result/http2.pcapng.out index 574a4918a..aa59e2bfb 100644 --- a/tests/cfgs/default/result/http2.pcapng.out +++ b/tests/cfgs/default/result/http2.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP2 10 1271 1 +Safe 10 1271 1 + 1 TCP 127.0.0.1:37824 <-> 127.0.0.1:29518 [proto: 349/HTTP2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][4 pkts/591 bytes <-> 6 pkts/680 bytes][Goodput ratio: 54/40][0.00 sec][bytes ratio: -0.070 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 0/0 1/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 77/81 148/113 212/163 50/35][PLAIN TEXT ( HTTP/2.0)][Plen Bins: 40,10,30,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_asymmetric.pcapng.out b/tests/cfgs/default/result/http_asymmetric.pcapng.out index 1c42eeae7..c39e456e8 100644 --- a/tests/cfgs/default/result/http_asymmetric.pcapng.out +++ b/tests/cfgs/default/result/http_asymmetric.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 23 9961 2 +Acceptable 23 9961 2 + 1 TCP 192.168.1.146:80 -> 192.168.1.103:1044 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Web/5][13 pkts/8357 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][5.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/0 5000/0 1435/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 643/0 1514/0 626/0][StatusCode: 404][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][Risk: ** HTTP Susp User-Agent **** Error Code **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / HTTP Error Code 404 / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] 2 TCP 192.168.0.1:1044 -> 10.10.10.1:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][10 pkts/1604 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][5.11 sec][Hostname/SNI: proxy.wiresharkfest.acropolis.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 567/0 4951/0 1550/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 160/0 418/0 160/0][URL: proxy.wiresharkfest.acropolis.local/favicon.ico][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_auth.pcap.out b/tests/cfgs/default/result/http_auth.pcap.out index 33454c57f..d211dd299 100644 --- a/tests/cfgs/default/result/http_auth.pcap.out +++ b/tests/cfgs/default/result/http_auth.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 33 20574 1 +Acceptable 33 20574 1 + 1 TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0] diff --git a/tests/cfgs/default/result/http_connect.pcap.out b/tests/cfgs/default/result/http_connect.pcap.out index 89a7bb50d..2af61d547 100644 --- a/tests/cfgs/default/result/http_connect.pcap.out +++ b/tests/cfgs/default/result/http_connect.pcap.out @@ -26,6 +26,9 @@ DNS 2 178 1 TLS 58 36496 1 HTTP_Connect 40 26841 1 +Safe 58 36496 1 +Acceptable 42 27019 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.146 1 diff --git a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out index 506869ce9..4ece68db3 100644 --- a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out +++ b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) POP3 1 123 1 +Unsafe 1 123 1 + 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 2/POP3][IP: 274/Alibaba][ClearText][Confidence: Match by port][DPI packets: 1][cat: Email/3][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: No client to server traffic / TCP probing attempt][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_invalid_server.pcap.out b/tests/cfgs/default/result/http_invalid_server.pcap.out index dd5376cd6..446bbfccd 100644 --- a/tests/cfgs/default/result/http_invalid_server.pcap.out +++ b/tests/cfgs/default/result/http_invalid_server.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OCSP 12 1301 1 +Safe 12 1301 1 + 1 TCP 192.168.1.29:51536 <-> 143.204.14.183:80 [proto: 7.63/HTTP.OCSP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/556 bytes <-> 5 pkts/745 bytes][Goodput ratio: 15/55][0.04 sec][Hostname/SNI: ocsp.rootg2.amazontrust.com][bytes ratio: -0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 12/12 6/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/149 148/468 28/160][URL: ocsp.rootg2.amazontrust.com/][StatusCode: 200][Content-Type: application/ocsp-response][Server: ¯\_(ツ)_/¯][User-Agent: **][Risk: ** HTTP Susp User-Agent **** HTTP Susp Header **][Risk Score: 200][Risk Info: Suspicious Log4J / Suspicious Agent][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 33,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index 04ca8c23a..c6b50554e 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -31,6 +31,10 @@ Facebook 22 10202 2 Google 62 15977 1 QUIC 3 502 1 +Safe 106 39646 11 +Acceptable 65 16479 2 +Fun 22 10202 2 + JA3 Host Stats: IP Address # JA3C 1 2a00:d40:1:3:7aac:c0ff:fea7:d4c 1 diff --git a/tests/cfgs/default/result/http_on_sip_port.pcap.out b/tests/cfgs/default/result/http_on_sip_port.pcap.out index 2689357da..b13b925ba 100644 --- a/tests/cfgs/default/result/http_on_sip_port.pcap.out +++ b/tests/cfgs/default/result/http_on_sip_port.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 4 1831 1 +Acceptable 4 1831 1 + 1 TCP 82.178.111.221:5060 <-> 45.58.148.2:8888 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/351 bytes <-> 2 pkts/1480 bytes][Goodput ratio: 63/92][0.32 sec][Hostname/SNI: 45.58.148.2][URL: 45.58.148.2/star-123456/index.m3u8?token=89b198b8844824ca15b8b379c26fc1b7dfcba368-5KUJTJ5Y73AGIAOV-1618753174-1618742374][StatusCode: 403][Server: Flussonic][User-Agent: exoplayer-codelab][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Error Code **][Risk Score: 70][Risk Info: Found host 45.58.148.2 / Expected on port 80 / HTTP Error Code 403][PLAIN TEXT (GET /star)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_origin_different_than_host.pcap.out b/tests/cfgs/default/result/http_origin_different_than_host.pcap.out index 000466cbe..470c09bfd 100644 --- a/tests/cfgs/default/result/http_origin_different_than_host.pcap.out +++ b/tests/cfgs/default/result/http_origin_different_than_host.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 4 1229 1 +Acceptable 4 1229 1 + 1 TCP 10.140.206.74:34536 <-> 18.135.206.102:80 [VLAN: 113][proto: GTP:7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/835 bytes <-> 2 pkts/394 bytes][Goodput ratio: 73/42][0.35 sec][Hostname/SNI: csb.performgroup.io][URL: csb.performgroup.io/?topreferer=optawidgets.365scores.com][StatusCode: 101][User-Agent: Mozilla/5.0 (Linux; Android 9; JKM-LX1 Build/HUAWEIJKM-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/106.0.5249.118 Mobile Safari/537.36][PLAIN TEXT (topreferer)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_starting_with_reply.pcapng.out b/tests/cfgs/default/result/http_starting_with_reply.pcapng.out index 7e5940eb9..0da9ef15f 100644 --- a/tests/cfgs/default/result/http_starting_with_reply.pcapng.out +++ b/tests/cfgs/default/result/http_starting_with_reply.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 18 9297 1 +Acceptable 18 9297 1 + 1 TCP 192.168.1.146:80 <-> 192.168.1.103:1044 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][11 pkts/8231 bytes <-> 7 pkts/1066 bytes][Goodput ratio: 92/64][5.11 sec][Hostname/SNI: proxy.wiresharkfest.acropolis.local][bytes ratio: 0.771 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 566/1272 5000/4951 1568/2124][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 748/152 1514/403 625/155][URL: proxy.wiresharkfest.acropolis.local/icons/ubuntu-logo.png][StatusCode: 200][Content-Type: image/png][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,44,0,0] diff --git a/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out b/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out index 93ff1424c..54a2bacc0 100644 --- a/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out +++ b/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 115 76310 1 +Acceptable 115 76310 1 + 1 TCP 254.125.135.128:21359 <-> 66.152.103.45:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][76 pkts/67448 bytes <-> 39 pkts/8862 bytes][Goodput ratio: 93/71][386.83 sec][Hostname/SNI: va.origin.startappservice.com][bytes ratio: 0.768 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/234 4719/10214 59840/59845 10187/13183][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 887/227 1454/424 557/96][StatusCode: 200][User-Agent: Mozil][PLAIN TEXT (WGET /tracking/adImpression)][Plen Bins: 0,0,0,2,26,0,6,1,13,1,4,6,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,0,0,0] diff --git a/tests/cfgs/default/result/i3d.pcap.out b/tests/cfgs/default/result/i3d.pcap.out index a6a3644bb..746a451a4 100644 --- a/tests/cfgs/default/result/i3d.pcap.out +++ b/tests/cfgs/default/result/i3d.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) i3D 60 36502 4 +Fun 60 36502 4 + 1 UDP 192.168.2.100:62461 <-> 213.163.87.47:50004 [proto: 301/i3D][IP: 58/Discord][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/16467 bytes <-> 1 pkts/116 bytes][Goodput ratio: 96/63][0.05 sec][bytes ratio: 0.986 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/0 36/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 116/116 1176/116 1258/116 294/0][PLAIN TEXT (90.186.132.133)][Plen Bins: 0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,66,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:55205 <-> 213.163.87.47:50004 [proto: 301/i3D][IP: 58/Discord][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/11517 bytes <-> 1 pkts/116 bytes][Goodput ratio: 95/63][0.11 sec][bytes ratio: 0.980 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 9/0 31/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/116 823/116 1209/116 456/0][PLAIN TEXT (90.186.132.133)][Plen Bins: 0,6,13,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:62620 <-> 213.163.87.47:50004 [proto: 301/i3D][IP: 58/Discord][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/5099 bytes <-> 1 pkts/116 bytes][Goodput ratio: 88/63][0.25 sec][bytes ratio: 0.956 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6/0 19/0 36/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/116 364/116 1252/116 258/0][PLAIN TEXT (90.186.132.133)][Plen Bins: 0,6,13,0,0,0,0,0,47,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/iax.pcap.out b/tests/cfgs/default/result/iax.pcap.out index 11d581969..ebc011aba 100644 --- a/tests/cfgs/default/result/iax.pcap.out +++ b/tests/cfgs/default/result/iax.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) IAX 50 9172 1 +Acceptable 50 9172 1 + 1 UDP 82.110.36.84:4569 <-> 192.168.2.120:4566 [proto: 95/IAX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][28 pkts/5240 bytes <-> 22 pkts/3932 bytes][Goodput ratio: 77/76][0.53 sec][bytes ratio: 0.143 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/5 43/51 10/13][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 187/179 214/214 48/59][PLAIN TEXT (442088205155)][Plen Bins: 14,0,2,0,0,84,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/icmp-tunnel.pcap.out b/tests/cfgs/default/result/icmp-tunnel.pcap.out index f83fa5a69..2223d9016 100644 --- a/tests/cfgs/default/result/icmp-tunnel.pcap.out +++ b/tests/cfgs/default/result/icmp-tunnel.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) ICMP 863 190810 1 +Acceptable 863 190810 1 + 1 ICMP 192.168.154.131:0 <-> 192.168.154.132:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][448 pkts/98566 bytes <-> 415 pkts/92244 bytes][Goodput ratio: 81/81][1122.51 sec][bytes ratio: 0.033 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2578/2731 145505/145505 9091/9494][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 220/222 1075/1070 245/245][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (OpenSSH5)][Plen Bins: 0,32,24,24,7,3,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/iec60780-5-104.pcap.out b/tests/cfgs/default/result/iec60780-5-104.pcap.out index b2cff9306..21a80f53e 100644 --- a/tests/cfgs/default/result/iec60780-5-104.pcap.out +++ b/tests/cfgs/default/result/iec60780-5-104.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) IEC60870 147 9033 6 +Acceptable 147 9033 6 + 1 TCP 172.27.248.109:1578 <-> 172.27.248.79:2404 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][28 pkts/1758 bytes <-> 19 pkts/1297 bytes][Goodput ratio: 9/20][235.18 sec][bytes ratio: 0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/4 9106/11905 32485/32516 10297/10287][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 63/68 76/118 5/15][Plen Bins: 96,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.27.248.109:1568 <-> 172.27.248.79:2404 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][17 pkts/1040 bytes <-> 12 pkts/674 bytes][Goodput ratio: 7/3][160.96 sec][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9874/10029 38294/26906 11815/8997][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 61/56 68/62 2/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.27.248.109:1572 <-> 172.27.248.79:2404 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][15 pkts/940 bytes <-> 10 pkts/572 bytes][Goodput ratio: 9/4][191.16 sec][bytes ratio: 0.243 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12850/21996 59783/60001 22023/25276][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 63/57 76/62 5/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ieee_c37118.pcap.out b/tests/cfgs/default/result/ieee_c37118.pcap.out index 01dc70111..d41e9e1dc 100644 --- a/tests/cfgs/default/result/ieee_c37118.pcap.out +++ b/tests/cfgs/default/result/ieee_c37118.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) IEEE-C37118 778 74034 2 +Acceptable 778 74034 2 + 1 TCP 192.168.0.20:36835 <-> 192.168.0.241:4712 [proto: 367/IEEE-C37118][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][159 pkts/10556 bytes <-> 258 pkts/30782 bytes][Goodput ratio: 1/45][5.04 sec][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/19 56/52 18/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/119 84/200 3/9][PLAIN TEXT (Blue PMU )][Plen Bins: 1,98,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.0.10:4712 <-> 192.168.0.60:4713 [proto: 367/IEEE-C37118][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][4 pkts/240 bytes <-> 357 pkts/32456 bytes][Goodput ratio: 30/54][7.49 sec][bytes ratio: -0.985 (Download)][IAT c2s/s2c min/avg/max/stddev: 54/19 185/20 316/59 131/2][Pkt Len c2s/s2c min/avg/max/stddev: 60/90 60/91 60/416 0/17][PLAIN TEXT (1 )][Plen Bins: 1,98,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/imap-starttls.pcap.out b/tests/cfgs/default/result/imap-starttls.pcap.out index e9aa026e7..0c35f2604 100644 --- a/tests/cfgs/default/result/imap-starttls.pcap.out +++ b/tests/cfgs/default/result/imap-starttls.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) IMAPS 32 7975 1 +Safe 32 7975 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.17.53 1 diff --git a/tests/cfgs/default/result/imap.pcap.out b/tests/cfgs/default/result/imap.pcap.out index 38c69095e..2599401d2 100644 --- a/tests/cfgs/default/result/imap.pcap.out +++ b/tests/cfgs/default/result/imap.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) IMAP 33 3774 1 +Unsafe 33 3774 1 + 1 TCP 10.40.4.2:46045 <-> 10.40.3.2:143 [proto: 4/IMAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Email/3][20 pkts/1507 bytes <-> 13 pkts/2267 bytes][Goodput ratio: 12/62][4.57 sec][User: samir][Pwd: pfres][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/17 39/39 15/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 75/174 139/762 17/181][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found IMAP username (samir)][PLAIN TEXT ( OK IMAP4)][Plen Bins: 51,22,11,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/imaps.pcap.out b/tests/cfgs/default/result/imaps.pcap.out index 863fd6030..9e0d89350 100644 --- a/tests/cfgs/default/result/imaps.pcap.out +++ b/tests/cfgs/default/result/imaps.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 20 5196 1 IMAPS 8 4378 1 +Safe 28 9574 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.1 1 diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index 807f438dc..b2aaeb660 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) IMO 100 35380 2 +Acceptable 100 35380 2 + 1 UDP 192.168.12.169:49207 <-> 93.33.47.58:57604 [proto: 216/IMO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: VoIP/10][28 pkts/7889 bytes <-> 37 pkts/13060 bytes][Goodput ratio: 85/88][3.22 sec][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/89 962/721 250/181][Pkt Len c2s/s2c min/avg/max/stddev: 43/43 282/353 1094/1081 414/430][Plen Bins: 63,0,0,4,1,1,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,6,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.169:49207 <-> 185.155.137.30:36535 [proto: 216/IMO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][19 pkts/13028 bytes <-> 16 pkts/1403 bytes][Goodput ratio: 94/52][3.19 sec][bytes ratio: 0.806 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/171 1003/1002 308/343][Pkt Len c2s/s2c min/avg/max/stddev: 224/52 686/88 1266/266 496/60][PLAIN TEXT (/Q/MpI )][Plen Bins: 32,0,2,8,0,5,18,5,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index 382a3573f..96fc5d857 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -34,6 +34,11 @@ TLS 103 62597 5 Dropbox 5 725 2 Instagram 576 391376 22 +Safe 103 62597 5 +Acceptable 166 132007 10 +Fun 576 391376 22 +Unrated 1 66 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.103 1 diff --git a/tests/cfgs/default/result/ip_fragmented_garbage.pcap.out b/tests/cfgs/default/result/ip_fragmented_garbage.pcap.out index 157cd0000..312eca79e 100644 --- a/tests/cfgs/default/result/ip_fragmented_garbage.pcap.out +++ b/tests/cfgs/default/result/ip_fragmented_garbage.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 29 1566 1 +Unrated 29 1566 1 + Undetected flows: diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out index aaad4142f..d663e8f8a 100644 --- a/tests/cfgs/default/result/iphone.pcap.out +++ b/tests/cfgs/default/result/iphone.pcap.out @@ -39,6 +39,10 @@ AppleiTunes 74 25151 8 Spotify 2 172 1 NAT-PMP 2 120 1 +Safe 150 55443 17 +Acceptable 260 140186 25 +Fun 76 25323 9 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.17 2 diff --git a/tests/cfgs/default/result/ipp.pcap.out b/tests/cfgs/default/result/ipp.pcap.out index 44757ed70..53b0bef27 100644 --- a/tests/cfgs/default/result/ipp.pcap.out +++ b/tests/cfgs/default/result/ipp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) IPP 277 248554 3 +Acceptable 277 248554 3 + 1 TCP 10.10.10.49:55342 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: System/18][150 pkts/237529 bytes <-> 84 pkts/5922 bytes][Goodput ratio: 96/6][1.20 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.951 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 6/11 218/212 27/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1584/70 2962/267 978/27][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 1,1,0,0,3,2,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1,2,0,0,0,0,2,0,68] 2 TCP 10.10.10.49:55343 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: System/18][14 pkts/1662 bytes <-> 11 pkts/1306 bytes][Goodput ratio: 44/44][0.06 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 5/7 44/40 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/119 294/333 85/82][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 30,0,0,10,30,0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.10.10.49:55341 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: System/18][10 pkts/1098 bytes <-> 8 pkts/1037 bytes][Goodput ratio: 39/48][0.02 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/130 355/393 92/110][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 33,0,0,0,33,0,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out b/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out index ca34f59f9..637c771dd 100644 --- a/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out +++ b/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) IPSec 1080 580682 24 +Safe 1080 580682 24 + 1 UDP 192.168.2.100:14500 <-> 109.237.187.227:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][133 pkts/90074 bytes <-> 158 pkts/61560 bytes][Goodput ratio: 94/89][< 1 sec][bytes ratio: 0.188 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 224588/183284 12245008/12245090 1295597/1170056][Pkt Len c2s/s2c min/avg/max/stddev: 122/82 677/390 1374/1374 512/393][PLAIN TEXT (@EmPAT)][Plen Bins: 0,0,14,14,24,0,7,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,7,0,0,5,0,0,0,7,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0] 2 UDP 192.168.2.100:14500 <-> 109.237.187.130:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][37 pkts/23230 bytes <-> 53 pkts/36862 bytes][Goodput ratio: 93/94][< 1 sec][bytes ratio: -0.227 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51181/32575 761601/761794 163164/132507][Pkt Len c2s/s2c min/avg/max/stddev: 138/122 628/696 1374/1374 489/539][PLAIN TEXT (H.P.RE)][Plen Bins: 0,0,6,13,20,0,6,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,20,0,0,0,0,0,0] 3 UDP 192.168.2.100:10500 <-> 109.237.187.227:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][54 pkts/44820 bytes <-> 53 pkts/11118 bytes][Goodput ratio: 95/80][< 1 sec][bytes ratio: 0.602 (Upload)][IAT c2s/s2c min/avg/max/stddev: 28/27 689892/698588 12245747/12245747 1998175/2019137][Pkt Len c2s/s2c min/avg/max/stddev: 818/94 830/210 842/330 12/118][PLAIN TEXT (rMpKau6)][Plen Bins: 0,25,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out index b5c760c4d..d55a4c1f0 100644 --- a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out +++ b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out @@ -26,6 +26,9 @@ Patricia protocols IPv6: 4/0 (search/found) Unknown 1 150 1 IPSec 1 166 1 +Safe 1 166 1 +Unrated 1 150 1 + 1 ESP [2a01:4c8:c014:144e:1:2:945b:6761]:0 -> [2a01:4c8:f000:f49::4]:0 [VLAN: 2][proto: GTP:79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/irc.pcap.out b/tests/cfgs/default/result/irc.pcap.out index 2eac2c07a..3d73ee343 100644 --- a/tests/cfgs/default/result/irc.pcap.out +++ b/tests/cfgs/default/result/irc.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) IRC 29 8945 1 +Unsafe 29 8945 1 + 1 TCP 10.180.156.249:45921 <-> 38.229.70.20:8000 [proto: 65/IRC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Chat/9][14 pkts/1046 bytes <-> 15 pkts/7899 bytes][Goodput ratio: 11/87][14.57 sec][bytes ratio: -0.766 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1314/1206 8864/8864 2852/2736][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/527 107/1514 14/611][Risk: ** Known Proto on Non Std Port **** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 160][Risk Info: Found IRC username (xxxxx)][PLAIN TEXT (USER xx)][Plen Bins: 13,41,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0] diff --git a/tests/cfgs/default/result/iso9506-1-mms.pcap.out b/tests/cfgs/default/result/iso9506-1-mms.pcap.out index 6037059a6..a596916f3 100644 --- a/tests/cfgs/default/result/iso9506-1-mms.pcap.out +++ b/tests/cfgs/default/result/iso9506-1-mms.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) ISO9506-1-MMS 22 1907 1 +Acceptable 22 1907 1 + 1 TCP 172.16.0.101:1345 <-> 172.16.202.5:102 [proto: 366/ISO9506-1-MMS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: IoT-Scada/31][11 pkts/1000 bytes <-> 11 pkts/907 bytes][Goodput ratio: 37/31][0.61 sec][bytes ratio: 0.049 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63/28 218/100 83/42][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 91/82 221/200 47/39][Plen Bins: 51,16,16,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out b/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out index e84fcbd99..2cd3457b3 100644 --- a/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out +++ b/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 11 5132 1 +Safe 11 5132 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out b/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out index 45e0997c7..13a817093 100644 --- a/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 27 6966 1 +Safe 27 6966 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/jabber.pcap.out b/tests/cfgs/default/result/jabber.pcap.out index ef923294d..7760d19da 100644 --- a/tests/cfgs/default/result/jabber.pcap.out +++ b/tests/cfgs/default/result/jabber.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Jabber 358 61304 12 +Acceptable 358 61304 12 + 1 TCP 172.16.0.62:57094 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13807 bytes][Goodput ratio: 49/80][2.17 sec][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 611/611 109/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 559/1514 104/415][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,24,9,13,4,6,9,0,2,2,2,0,0,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] 2 TCP 172.16.0.62:57122 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13806 bytes][Goodput ratio: 49/80][2.16 sec][bytes ratio: -0.415 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 521/520 99/101][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 677/1514 116/415][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,22,9,15,4,7,9,0,2,2,2,0,0,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] 3 TCP 172.16.0.62:57149 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][21 pkts/2752 bytes <-> 17 pkts/3414 bytes][Goodput ratio: 50/67][656.22 sec][bytes ratio: -0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35858/700 600484/4996 141164/1575][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/201 305/529 77/137][PLAIN TEXT (presence to)][Plen Bins: 0,18,0,22,18,9,18,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/jsonrpc.pcap.out b/tests/cfgs/default/result/jsonrpc.pcap.out index a1819a48a..0e42f3cf3 100644 --- a/tests/cfgs/default/result/jsonrpc.pcap.out +++ b/tests/cfgs/default/result/jsonrpc.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) JSON-RPC 16 2815 2 +Acceptable 16 2815 2 + 1 TCP 192.168.8.251:51084 <-> 179.99.210.200:80 [proto: 7.375/HTTP.JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: RPC/16][4 pkts/1322 bytes <-> 4 pkts/843 bytes][Goodput ratio: 81/73][< 1 sec][Hostname/SNI: mdotti.dyndns.org][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 34/34 102/101 48/48][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 330/211 1124/566 458/209][URL: mdotti.dyndns.org/zabbix/jsrpc.php?output=json-rpc][StatusCode: 200][Req Content-Type: application/json-rpc][Content-Type: application/json-rpc][Server: Apache/2.2.16 (Debian)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete Apache server 2.2.16][PLAIN TEXT (POST /zabbix/jsrpc.php)][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:36646 <-> 127.0.0.1:8080 [proto: 375/JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][4 pkts/378 bytes <-> 4 pkts/272 bytes][Goodput ratio: 28/0][0.01 sec][bytes ratio: 0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 3/0 10/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/68 172/74 45/3][PLAIN TEXT (sonrpc)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kafka.pcapng.out b/tests/cfgs/default/result/kafka.pcapng.out index 3bbc2ecf9..3721dec1d 100644 --- a/tests/cfgs/default/result/kafka.pcapng.out +++ b/tests/cfgs/default/result/kafka.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Kafka 19 2237 1 +Acceptable 19 2237 1 + 1 TCP 127.0.0.1:46136 <-> 127.0.0.1:9092 [proto: 377/Kafka][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][12 pkts/1107 bytes <-> 7 pkts/1130 bytes][Goodput ratio: 28/58][13.63 sec][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 800/288 6849/1049 2039/441][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 92/161 206/512 42/149][PLAIN TEXT (console)][Plen Bins: 12,38,12,12,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kerberos-error.pcap.out b/tests/cfgs/default/result/kerberos-error.pcap.out index b930cac11..9531bf7a6 100644 --- a/tests/cfgs/default/result/kerberos-error.pcap.out +++ b/tests/cfgs/default/result/kerberos-error.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Kerberos 2 481 1 +Acceptable 2 481 1 + 1 UDP 148.151.79.183:34473 <-> 144.199.10.233:88 [VLAN: 2008][proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/333 bytes <-> 1 pkts/148 bytes][Goodput ratio: 86/68][0.36 sec][linux.shell.com\mus-n-cj0709][PLAIN TEXT (LINUX.SHELL.COM)][Plen Bins: 0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kerberos-login.pcap.out b/tests/cfgs/default/result/kerberos-login.pcap.out index be6f16975..acb87b291 100644 --- a/tests/cfgs/default/result/kerberos-login.pcap.out +++ b/tests/cfgs/default/result/kerberos-login.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Kerberos 39 37272 13 +Acceptable 39 37272 13 + 1 TCP 192.168.10.12:44256 <-> 192.168.10.3:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Network/14][9 pkts/3720 bytes <-> 6 pkts/3520 bytes][Goodput ratio: 84/88][0.00 sec][testbed1.ca\ubuntu64a][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 413/587 1621/1620 646/731][PLAIN TEXT (TESTBED)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] 2 UDP 10.1.12.2:1074 <-> 10.5.3.1:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1275 bytes <-> 1 pkts/1279 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 3 UDP 10.1.12.2:1092 <-> 10.5.3.1:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1277 bytes <-> 1 pkts/1270 bytes][Goodput ratio: 97/97][< 1 sec][denydc.com][PLAIN TEXT (DENYDC.COM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kerberos.pcap.out b/tests/cfgs/default/result/kerberos.pcap.out index f826bdabe..78c9ff32b 100644 --- a/tests/cfgs/default/result/kerberos.pcap.out +++ b/tests/cfgs/default/result/kerberos.pcap.out @@ -30,6 +30,9 @@ SMBv23 6 1914 3 Kerberos 48 19194 24 LDAP 14 4152 7 +Acceptable 68 25260 34 +Unrated 9 3031 2 + 1 TCP 172.16.8.201:49171 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1486 bytes <-> 1 pkts/1506 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0] 2 TCP 172.16.8.201:49160 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0] 3 TCP 172.16.8.201:49176 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0] diff --git a/tests/cfgs/default/result/kerberos_fuzz.pcapng.out b/tests/cfgs/default/result/kerberos_fuzz.pcapng.out index 3d10e6dcc..3b836a2fd 100644 --- a/tests/cfgs/default/result/kerberos_fuzz.pcapng.out +++ b/tests/cfgs/default/result/kerberos_fuzz.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Kerberos 1 288 1 +Acceptable 1 288 1 + 1 TCP 126.4.1.0:88 -> 19.0.0.0:53646 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/288 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][r1i???ca???????]*??0p??????_???????ea?id;?????o\??????][PLAIN TEXT (/S.2T )][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kismet.pcap.out b/tests/cfgs/default/result/kismet.pcap.out index e5707531f..1d8134a43 100644 --- a/tests/cfgs/default/result/kismet.pcap.out +++ b/tests/cfgs/default/result/kismet.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Kismet 35 4871 1 +Acceptable 35 4871 1 + 1 TCP 127.0.0.1:34065 <-> 127.0.0.1:2501 [proto: 309/Kismet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][18 pkts/2029 bytes <-> 17 pkts/2842 bytes][Goodput ratio: 51/67][14.61 sec][bytes ratio: -0.167 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 399/399 857/870 1099/1099 407/366][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/167 1099/253 239/52][PLAIN TEXT (KISMET)][Plen Bins: 6,0,6,0,75,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kontiki.pcap.out b/tests/cfgs/default/result/kontiki.pcap.out index 11ad22ee7..ca1b4aaa0 100644 --- a/tests/cfgs/default/result/kontiki.pcap.out +++ b/tests/cfgs/default/result/kontiki.pcap.out @@ -27,6 +27,10 @@ Unknown 4 1696 2 Kontiki 44 35476 2 ICMP 7 494 4 +Acceptable 7 494 4 +Potentially Dangerous 44 35476 2 +Unrated 4 1696 2 + 1 UDP 10.25.32.59:19948 <-> 64.200.148.86:8888 [proto: 32/Kontiki][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][11 pkts/1069 bytes <-> 29 pkts/34159 bytes][Goodput ratio: 57/96][0.72 sec][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 94/3 212/29 93/7][Pkt Len c2s/s2c min/avg/max/stddev: 46/70 97/1178 259/1283 77/315][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (ZuetBitjw)][Plen Bins: 22,0,2,0,0,2,5,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0] 2 ICMP 10.25.32.3:0 -> 10.25.32.59:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][4.59 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.25.32.59:19948 -> 64.200.148.88:80 [proto: 32/Kontiki][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][4 pkts/248 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][4.59 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/line.pcap.out b/tests/cfgs/default/result/line.pcap.out index 7e70713a6..c75a462f3 100644 --- a/tests/cfgs/default/result/line.pcap.out +++ b/tests/cfgs/default/result/line.pcap.out @@ -26,6 +26,9 @@ TLS 72 11499 1 Line 37 9480 1 LineCall 181 42253 3 +Safe 72 11499 1 +Acceptable 218 51733 4 + JA3 Host Stats: IP Address # JA3C 1 10.200.3.125 1 diff --git a/tests/cfgs/default/result/linecall_falsepositve.pcap.out b/tests/cfgs/default/result/linecall_falsepositve.pcap.out index f4765aac6..614053973 100644 --- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out +++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 42 16442 1 +Unrated 42 16442 1 + Undetected flows: diff --git a/tests/cfgs/default/result/lisp_registration.pcap.out b/tests/cfgs/default/result/lisp_registration.pcap.out index 384120669..1d5a3d006 100644 --- a/tests/cfgs/default/result/lisp_registration.pcap.out +++ b/tests/cfgs/default/result/lisp_registration.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) LISP 30 5266 4 +Acceptable 30 5266 4 + 1 TCP 10.0.123.3:52995 <-> 10.0.123.1:4342 [proto: 236/LISP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Cloud/13][4 pkts/894 bytes <-> 3 pkts/715 bytes][Goodput ratio: 74/76][0.36 sec][bytes ratio: 0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 120/73 213/145 88/72][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 224/238 714/586 283/246][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.0.123.2:15373 <-> 10.0.123.1:4342 [proto: 236/LISP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Cloud/13][4 pkts/682 bytes <-> 3 pkts/635 bytes][Goodput ratio: 66/73][0.36 sec][bytes ratio: 0.036 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/2 118/74 208/146 87/72][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 170/212 502/506 191/208][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.0.123.3:4342 <-> 10.0.123.1:4342 [proto: 236/LISP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][4 pkts/636 bytes <-> 4 pkts/568 bytes][Goodput ratio: 73/70][0.01 sec][bytes ratio: 0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/5 0/2][Pkt Len c2s/s2c min/avg/max/stddev: 142/130 159/142 182/154 15/8][Plen Bins: 0,0,12,75,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out index 54f2a4890..14fe06a00 100644 --- a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out +++ b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out @@ -26,6 +26,9 @@ Unknown 356 25081 2 HTTP 34 6741 3 LDAP 32 2796 2 +Acceptable 66 9537 5 +Unrated 356 25081 2 + 1 TCP 172.16.238.10:48534 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][7 pkts/692 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 30/79][0.00 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 99/327 276/1420 72/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit **][Risk Score: 310][Risk Info: Found host 172.16.238.11 / Found mime exe java-vm / Suspicious Log4J][PLAIN TEXT (GET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] 2 TCP 172.16.238.10:48444 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/624 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 33/79][0.01 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/2 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 104/327 276/1420 77/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit **][Risk Score: 310][Risk Info: Found host 172.16.238.11 / Found mime exe java-vm / Suspicious Log4J][PLAIN TEXT (GGET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] 3 TCP 172.16.238.1:1984 <-> 172.16.238.10:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][5 pkts/994 bytes <-> 4 pkts/503 bytes][Goodput ratio: 65/44][19.29 sec][Hostname/SNI: 192.168.13.31][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/7 4822/6428 10256/10256 4838/4568][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 199/126 714/291 258/95][URL: 192.168.13.31:8080/log4shell/login][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: text/html][User-Agent: jndi:ldap://172.16.238.11:1389/a][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Possible Exploit **][Risk Score: 310][Risk Info: Found host 192.168.13.31 / Suspicious Log4J / Expected 172.16.238.10, found 192.168.13.31 / Expected on port 80][PLAIN TEXT (POST /log)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/long_tls_certificate.pcap.out b/tests/cfgs/default/result/long_tls_certificate.pcap.out index 0ff8edb23..2c5de9b85 100644 --- a/tests/cfgs/default/result/long_tls_certificate.pcap.out +++ b/tests/cfgs/default/result/long_tls_certificate.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Alibaba 47 14812 1 +Acceptable 47 14812 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.60 1 diff --git a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out index 9dfd81537..aa349fc5d 100644 --- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out @@ -28,6 +28,8 @@ WhatsAppCall 24 3996 3 STUN 30 3450 1 Cloudflare 9 8862 3 +Acceptable 88 20854 12 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/malformed_dns.pcap.out b/tests/cfgs/default/result/malformed_dns.pcap.out index 2981b9b3a..53b1c2a14 100644 --- a/tests/cfgs/default/result/malformed_dns.pcap.out +++ b/tests/cfgs/default/result/malformed_dns.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 6 5860 1 +Acceptable 6 5860 1 + 1 UDP 127.0.0.1:50435 <-> 127.0.0.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/140 bytes <-> 4 pkts/5720 bytes][Goodput ratio: 40/97][5.03 sec][Hostname/SNI: www.xt.com][66.66.66.66][bytes ratio: -0.952 (Download)][IAT c2s/s2c min/avg/max/stddev: 4999/13 4999/1670 4999/4983 0/2343][Pkt Len c2s/s2c min/avg/max/stddev: 70/1430 70/1430 70/1430 0/0][Risk: ** Malformed Packet **** Large DNS Packet (512+ bytes) **** Minor Issues **][Risk Score: 70][Risk Info: DNS Record with zero TTL / Invalid DNS Query Lenght / 1388 Bytes DNS Packet][PLAIN TEXT (AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0] diff --git a/tests/cfgs/default/result/malformed_icmp.pcap.out b/tests/cfgs/default/result/malformed_icmp.pcap.out index bb075b445..e86000b9f 100644 --- a/tests/cfgs/default/result/malformed_icmp.pcap.out +++ b/tests/cfgs/default/result/malformed_icmp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) ICMP 1 42 1 +Acceptable 1 42 1 + 1 ICMP 218.152.179.213:0 -> 218.152.179.54:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/42 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/malware.pcap.out b/tests/cfgs/default/result/malware.pcap.out index 4f2ebc703..aa3483581 100644 --- a/tests/cfgs/default/result/malware.pcap.out +++ b/tests/cfgs/default/result/malware.pcap.out @@ -31,6 +31,9 @@ HTTP 3 547 2 ICMP 1 98 1 TLS 843 577251 2 +Safe 843 577251 2 +Acceptable 6 861 4 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.20 1 diff --git a/tests/cfgs/default/result/memcached.cap.out b/tests/cfgs/default/result/memcached.cap.out index 899ae0326..0a1ef53d7 100644 --- a/tests/cfgs/default/result/memcached.cap.out +++ b/tests/cfgs/default/result/memcached.cap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Memcached 10 1711 1 +Acceptable 10 1711 1 + 1 TCP 127.0.0.1:59604 <-> 127.0.0.1:11211 [proto: 40/Memcached][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/411 bytes <-> 4 pkts/1300 bytes][Goodput ratio: 2/79][< 1 sec][bytes ratio: -0.520 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/325 74/1094 4/444][PLAIN TEXT (STAT pid 8837)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/merakicloud.pcapng.out b/tests/cfgs/default/result/merakicloud.pcapng.out index 02a884bca..f8db5bb26 100644 --- a/tests/cfgs/default/result/merakicloud.pcapng.out +++ b/tests/cfgs/default/result/merakicloud.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) MerakiCloud 44 6049 1 +Acceptable 44 6049 1 + 1 UDP 2.36.234.133:47301 <-> 209.206.59.34:7351 [proto: 66/MerakiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][22 pkts/3603 bytes <-> 22 pkts/2446 bytes][Goodput ratio: 74/62][400.21 sec][bytes ratio: 0.191 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 198/199 19165/19166 25000/25010 10520/10521][Pkt Len c2s/s2c min/avg/max/stddev: 154/88 164/111 197/190 18/43][Plen Bins: 0,38,0,38,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mgcp.pcap.out b/tests/cfgs/default/result/mgcp.pcap.out index d8e6d93ce..9814a4219 100644 --- a/tests/cfgs/default/result/mgcp.pcap.out +++ b/tests/cfgs/default/result/mgcp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) MGCP 23 2731 5 +Acceptable 23 2731 5 + 1 UDP 10.10.228.72:2427 <-> 10.10.244.2:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][6 pkts/1254 bytes <-> 6 pkts/418 bytes][Goodput ratio: 79/40][6.26 sec][Hostname/SNI: vg224][bytes ratio: 0.500 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 884/884 3523/3523 1524/1523][Pkt Len c2s/s2c min/avg/max/stddev: 60/57 209/70 846/104 285/19][PLAIN TEXT (RSIP 262662134 )][Plen Bins: 41,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 172.16.1.116:2427 <-> 172.16.1.119:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][4 pkts/370 bytes <-> 4 pkts/395 bytes][Goodput ratio: 54/57][80.75 sec][Hostname/SNI: gateway44.myplace.com][bytes ratio: -0.033 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/36 26914/26914 76721/76695 35257/35238][Pkt Len c2s/s2c min/avg/max/stddev: 61/98 92/99 103/101 18/1][PLAIN TEXT (RQNT 1 )][Plen Bins: 12,87,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 67.232.180.250:38238 -> 186.112.128.179:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Hostname/SNI: gateway44.myplace.com][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (RQNT 1 )][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mining.pcapng.out b/tests/cfgs/default/result/mining.pcapng.out index dfb1cbe83..6c1d26077 100644 --- a/tests/cfgs/default/result/mining.pcapng.out +++ b/tests/cfgs/default/result/mining.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Mining 673 219078 4 +Unsafe 673 219078 4 + 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes][Goodput ratio: 93/43][1091.42 sec][currency: ZCash][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7234/8131 71734/71815 15224/15291][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 900/117 1514/376 709/99][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (method)][Plen Bins: 28,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,29,0,0] 2 TCP 147.229.13.222:49307 <-> 185.71.66.39:9999 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Mining/99][112 pkts/10941 bytes <-> 97 pkts/20817 bytes][Goodput ratio: 45/74][295.93 sec][currency: Ethereum][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 2992/2893 9784/10017 3265/3384][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/215 259/297 57/112][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (worker)][Plen Bins: 0,1,28,0,12,0,0,58,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes][Goodput ratio: 53/53][1154.54 sec][currency: ZCash/Monero][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 15953/19141 60205/60205 20621/20751][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/143 326/369 91/88][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (method)][Plen Bins: 0,40,0,0,0,44,0,13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/modbus.pcap.out b/tests/cfgs/default/result/modbus.pcap.out index 20103cdb5..fcd275c43 100644 --- a/tests/cfgs/default/result/modbus.pcap.out +++ b/tests/cfgs/default/result/modbus.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Modbus 102 6681 1 +Acceptable 102 6681 1 + 1 TCP 192.168.110.131:2074 <-> 192.168.110.138:502 [proto: 44/Modbus][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][51 pkts/3366 bytes <-> 51 pkts/3315 bytes][Goodput ratio: 18/17][23.11 sec][bytes ratio: 0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 477/477 1073/1074 501/501][Pkt Len c2s/s2c min/avg/max/stddev: 66/65 66/65 66/65 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/monero.pcap.out b/tests/cfgs/default/result/monero.pcap.out index 416f87c8e..4d0c24e23 100644 --- a/tests/cfgs/default/result/monero.pcap.out +++ b/tests/cfgs/default/result/monero.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Monero 60 61276 4 +Acceptable 60 61276 4 + 1 TCP 192.168.2.100:48882 <-> 159.69.36.66:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][10 pkts/907 bytes <-> 5 pkts/14808 bytes][Goodput ratio: 32/98][0.05 sec][bytes ratio: -0.885 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/6 25/19 10/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91/2962 349/7314 86/2751][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75] 2 TCP 192.168.2.100:39378 <-> 78.56.22.89:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][7 pkts/709 bytes <-> 8 pkts/14970 bytes][Goodput ratio: 42/97][0.11 sec][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/9 54/50 26/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1871 349/2958 101/1201][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,57] 3 TCP 192.168.2.100:38004 <-> 100.42.27.58:18085 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Crypto_Currency/106][5 pkts/577 bytes <-> 10 pkts/15078 bytes][Goodput ratio: 51/96][0.23 sec][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/14 115/110 53/36][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/1508 349/2958 117/915][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,22] diff --git a/tests/cfgs/default/result/mongo_false_positive.pcapng.out b/tests/cfgs/default/result/mongo_false_positive.pcapng.out index a8b9a0590..698daa891 100644 --- a/tests/cfgs/default/result/mongo_false_positive.pcapng.out +++ b/tests/cfgs/default/result/mongo_false_positive.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 26 12163 1 +Safe 26 12163 1 + 1 TCP 188.75.184.20:49542 <-> 251.182.120.32:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 14][cat: Web/5][13 pkts/9962 bytes <-> 13 pkts/2201 bytes][Goodput ratio: 93/67][84.45 sec][bytes ratio: 0.638 (Upload)][IAT c2s/s2c min/avg/max/stddev: 186/186 7406/5844 21467/15787 7157/5701][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 766/169 1328/189 433/46][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,0,0,51,0,0,0,0,9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,9,9,0,0,0,4,0,0,4,0,4,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mongodb.pcap.out b/tests/cfgs/default/result/mongodb.pcap.out index 08bec4098..42a4680f6 100644 --- a/tests/cfgs/default/result/mongodb.pcap.out +++ b/tests/cfgs/default/result/mongodb.pcap.out @@ -28,6 +28,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 3 230 1 MongoDB 24 2510 7 +Acceptable 24 2510 7 +Unrated 3 230 1 + 1 TCP 10.10.10.16:51358 <-> 10.10.10.17:27017 [VLAN: 100][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][3 pkts/491 bytes <-> 1 pkts/78 bytes][Goodput ratio: 55/0][0.00 sec][PLAIN TEXT (admin.)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.10.10.10:51822 <-> 10.10.10.11:27017 [VLAN: 300][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][3 pkts/469 bytes <-> 1 pkts/78 bytes][Goodput ratio: 53/0][0.34 sec][PLAIN TEXT (admin.)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.10.10.18:64566 <-> 10.10.10.19:30000 [VLAN: 300][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][3 pkts/295 bytes <-> 1 pkts/78 bytes][Goodput ratio: 25/0][0.10 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (InactiveUserIdentity.)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mpeg-dash.pcap.out b/tests/cfgs/default/result/mpeg-dash.pcap.out index 39791d82b..b07833f0e 100644 --- a/tests/cfgs/default/result/mpeg-dash.pcap.out +++ b/tests/cfgs/default/result/mpeg-dash.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) MpegDash 13 4669 4 +Fun 13 4669 4 + 1 TCP 10.84.1.81:60926 <-> 166.248.152.10:80 [proto: 7.291/HTTP.MpegDash][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][2 pkts/456 bytes <-> 2 pkts/1520 bytes][Goodput ratio: 72/92][0.30 sec][Hostname/SNI: gdl.news-cdn.site][URL: gdl.news-cdn.site/as/bigo-ad-creatives/3s3/2lOTA7.mp4][StatusCode: 200][Content-Type: video/mp4][Server: openresty][User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A715F Build/RP1A.200720.012; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/89.0.4389.105 Mobile Safari/537.36][PLAIN TEXT (GET /as/bigo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] 2 TCP 54.161.101.85:80 <-> 192.168.2.105:59144 [proto: 7.291/HTTP.MpegDash][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][2 pkts/1649 bytes <-> 2 pkts/323 bytes][Goodput ratio: 92/59][0.01 sec][Hostname/SNI: livesim.dashif.org][URL: livesim.dashif.org/livesim/sts_1652783809/sid_40c11e12/chunkdur_1/ato_7/testpic4_8s/V2400/206598098.m4s][User-Agent: VLC/3.0.16 LibVLC/3.0.16][PLAIN TEXT (OHTTP/1.1 200 OK)][Plen Bins: 0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] 3 TCP 192.168.2.105:59142 <-> 54.161.101.85:80 [proto: 7.291/HTTP.MpegDash][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][3 pkts/390 bytes <-> 1 pkts/74 bytes][Goodput ratio: 47/0][0.10 sec][Hostname/SNI: livesim.dashif.org][URL: livesim.dashif.org/livesim/sts_1652783809/sid_40c11e12/chunkdur_1/ato_7/testpic4_8s/A48/init.mp4][User-Agent: VLC/3.0.16 LibVLC/3.0.16][PLAIN TEXT (IGET /livesim/sts)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mpeg.pcap.out b/tests/cfgs/default/result/mpeg.pcap.out index ee30c830d..a22b0c3c7 100644 --- a/tests/cfgs/default/result/mpeg.pcap.out +++ b/tests/cfgs/default/result/mpeg.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 19 10643 1 +Safe 19 10643 1 + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Goodput ratio: 20/93][0.18 sec][Hostname/SNI: luca.ntop.org][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/6 77/41 28/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/68 84/989 214/1502 46/649][URL: luca.ntop.org/0.mp3][StatusCode: 200][Content-Type: audio/mpeg][Server: Apache/2.4.7 (Ubuntu)][User-Agent: Wget/1.16.3 (darwin14.1.0)][PLAIN TEXT (GET /0.mp)][Plen Bins: 0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0] diff --git a/tests/cfgs/default/result/mpegts.pcap.out b/tests/cfgs/default/result/mpegts.pcap.out index 3eeac914e..fee47d4b2 100644 --- a/tests/cfgs/default/result/mpegts.pcap.out +++ b/tests/cfgs/default/result/mpegts.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) MPEG_TS 1 1362 1 +Fun 1 1362 1 + 1 UDP 10.1.16.48:40737 -> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/1362 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mqtt.pcap.out b/tests/cfgs/default/result/mqtt.pcap.out index d11fd4798..789493268 100644 --- a/tests/cfgs/default/result/mqtt.pcap.out +++ b/tests/cfgs/default/result/mqtt.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) MQTT 9 1481 2 +Acceptable 9 1481 2 + 1 TCP 10.10.10.1:1883 <-> 192.168.0.1:41892 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RPC/16][4 pkts/370 bytes <-> 4 pkts/756 bytes][Goodput ratio: 26/65][1.69 sec][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 79/80 261/561 618/1000 253/377][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 92/189 155/458 36/157][PLAIN TEXT (bbbbbaaaaab)][Plen Bins: 42,14,28,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 100.67.35.238:35035 -> 51.137.28.239:1883 [VLAN: 1008][proto: 222/MQTT][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Jiotazewpmlithub.azure)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mssql_tds.pcap.out b/tests/cfgs/default/result/mssql_tds.pcap.out index a565af419..c8979698f 100644 --- a/tests/cfgs/default/result/mssql_tds.pcap.out +++ b/tests/cfgs/default/result/mssql_tds.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) MsSQL-TDS 38 16260 12 +Acceptable 38 16260 12 + 1 TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 7][cat: Database/11][7 pkts/8717 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 393/0 1245/0 1514/0 436/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 2 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Database/11][10 pkts/1552 bytes <-> 7 pkts/1521 bytes][Goodput ratio: 64/75][7.22 sec][bytes ratio: 0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 31/28 867/1024 1890/2071 763/864][Pkt Len c2s/s2c min/avg/max/stddev: 60/88 155/217 307/492 90/169][PLAIN TEXT (first )][Plen Bins: 0,42,7,14,0,7,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Database/11][2 pkts/614 bytes <-> 2 pkts/524 bytes][Goodput ratio: 78/75][0.14 sec][Plen Bins: 0,25,0,0,0,25,0,0,0,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mullvad_dns.pcap.out b/tests/cfgs/default/result/mullvad_dns.pcap.out index ade85722d..65329b110 100644 --- a/tests/cfgs/default/result/mullvad_dns.pcap.out +++ b/tests/cfgs/default/result/mullvad_dns.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Mullvad 2 214 1 +Acceptable 2 214 1 + 1 UDP 192.168.122.11:51696 <-> 9.9.9.9:53 [proto: 5.348/DNS.Mullvad][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/98 bytes <-> 1 pkts/116 bytes][Goodput ratio: 57/63][0.05 sec][Hostname/SNI: www.mullvad.net][45.83.223.209][PLAIN TEXT (mullvad)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mullvad_wireguard.pcap.out b/tests/cfgs/default/result/mullvad_wireguard.pcap.out index a0c740bb7..4ecd5079c 100644 --- a/tests/cfgs/default/result/mullvad_wireguard.pcap.out +++ b/tests/cfgs/default/result/mullvad_wireguard.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) WireGuard 10 1924 1 +Acceptable 10 1924 1 + 1 UDP 192.168.122.11:22595 <-> 198.54.131.98:5060 [proto: 206/WireGuard][IP: 348/Mullvad][Encrypted][Confidence: DPI][DPI packets: 3][cat: VPN/2][6 pkts/828 bytes <-> 4 pkts/1096 bytes][Goodput ratio: 69/85][0.97 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/234 193/239 470/248 177/6][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 138/274 202/714 29/254][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 51820][Plen Bins: 0,0,60,20,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/munin.pcap.out b/tests/cfgs/default/result/munin.pcap.out index e709d1aa9..9396866ba 100644 --- a/tests/cfgs/default/result/munin.pcap.out +++ b/tests/cfgs/default/result/munin.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Munin 60 5422 4 +Acceptable 60 5422 4 + 1 TCP 172.16.16.108:59958 <-> 172.16.17.1:4949 [proto: 329/Munin][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/592 bytes <-> 7 pkts/835 bytes][Goodput ratio: 9/44][0.22 sec][Hostname/SNI: gw-ct][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/24 30/35 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/119 93/349 10/95][PLAIN TEXT ( munin node at gw)][Plen Bins: 75,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.16.108:55256 <-> 172.16.17.102:4949 [proto: 329/Munin][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/602 bytes <-> 7 pkts/737 bytes][Goodput ratio: 11/36][0.23 sec][Hostname/SNI: elastic-node02][bytes ratio: -0.101 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/27 34/47 14/15][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/105 93/251 10/61][PLAIN TEXT ( munin node at elastic)][Plen Bins: 87,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.16.16.108:45654 <-> 172.16.17.103:4949 [proto: 329/Munin][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][8 pkts/596 bytes <-> 7 pkts/732 bytes][Goodput ratio: 10/36][0.25 sec][Hostname/SNI: kibana-node01][bytes ratio: -0.102 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/29 42/50 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/105 93/251 10/61][PLAIN TEXT ( munin node at kibana)][Plen Bins: 87,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mysql-8.pcap.out b/tests/cfgs/default/result/mysql-8.pcap.out index dc69dbd0b..0d47e05f1 100644 --- a/tests/cfgs/default/result/mysql-8.pcap.out +++ b/tests/cfgs/default/result/mysql-8.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) MySQL 35 6224 2 +Acceptable 35 6224 2 + 1 TCP 192.168.20.80:47044 <-> 192.168.20.108:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][15 pkts/1806 bytes <-> 16 pkts/4051 bytes][Goodput ratio: 45/74][2.86 sec][bytes ratio: -0.383 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/238 2778/2821 797/779][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/253 359/2251 88/522][PLAIN TEXT (8.0.32)][Plen Bins: 7,28,21,7,0,0,0,21,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] 2 TCP 192.168.1.105:8738 <-> 10.42.18.198:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][2 pkts/140 bytes <-> 2 pkts/227 bytes][Goodput ratio: 0/38][0.00 sec][PLAIN TEXT (DDDDDD)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/natpmp.pcap.out b/tests/cfgs/default/result/natpmp.pcap.out index 78aa4139c..0808f1648 100644 --- a/tests/cfgs/default/result/natpmp.pcap.out +++ b/tests/cfgs/default/result/natpmp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) NAT-PMP 11 586 4 +Acceptable 11 586 4 + 1 UDP 192.168.1.128:36852 <-> 192.168.1.254:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][2 pkts/98 bytes <-> 2 pkts/120 bytes][Goodput ratio: 14/23][8.37 sec][Result: 0][Internal Port: 51413][External Port: 51413][External Address: 10.201.213.174][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:35763 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Result: 0][Internal Port: 22000][External Port: 20216][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:59817 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/108 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][0.25 sec][Result: 0][Internal Port: 22000][External Port: 6243][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nats.pcap.out b/tests/cfgs/default/result/nats.pcap.out index b525e4c2d..b465602b0 100644 --- a/tests/cfgs/default/result/nats.pcap.out +++ b/tests/cfgs/default/result/nats.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) Nats 27 2460 2 +Acceptable 27 2460 2 + 1 TCP 127.0.0.1:54821 <-> 127.0.0.1:4222 [proto: 68/Nats][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: RPC/16][7 pkts/545 bytes <-> 7 pkts/725 bytes][Goodput ratio: 26/44][2.20 sec][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 78/104 191/365 46/107][PLAIN TEXT (rINFO )][Plen Bins: 60,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:54820 <-> 127.0.0.1:4222 [proto: 68/Nats][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: RPC/16][7 pkts/527 bytes <-> 6 pkts/663 bytes][Goodput ratio: 26/47][0.01 sec][bytes ratio: -0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 7/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 44/56 75/110 191/365 48/114][PLAIN TEXT (bINFO )][Plen Bins: 33,0,0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out b/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out index 416831a0b..fde7af840 100644 --- a/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out +++ b/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SOAP 13 2935 1 +Acceptable 13 2935 1 + 1 TCP 10.3.9.19:40632 <-> 10.68.137.118:8091 [proto: 7.253/HTTP.SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: RPC/16][7 pkts/1546 bytes <-> 6 pkts/1389 bytes][Goodput ratio: 73/76][3438.13 sec][Hostname/SNI: 10.68.137.118][bytes ratio: 0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/29 687620/24940 3382709/49851 1347715/24911][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 221/232 1180/739 392/263][URL: 10.68.137.118:8091/Apcn/ApcRemoteService][StatusCode: 200][User-Agent: Jakarta Commons-HttpClient/3.0.1][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.68.137.118][PLAIN TEXT (POST /Apcn/ApcRemoteService HTT)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nest_log_sink.pcap.out b/tests/cfgs/default/result/nest_log_sink.pcap.out index 77984a2f4..daae29250 100644 --- a/tests/cfgs/default/result/nest_log_sink.pcap.out +++ b/tests/cfgs/default/result/nest_log_sink.pcap.out @@ -28,6 +28,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 15 1612 1 NestLogSink 759 116848 13 +Acceptable 774 118460 14 + 1 TCP 192.168.242.15:63342 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 8][cat: Cloud/13][37 pkts/14650 bytes <-> 35 pkts/4115 bytes][Goodput ratio: 86/54][4.71 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 142/150 1347/1490 251/290][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 396/118 585/733 192/108][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,1,1,0,0,0,0,0,0,0,0,0,0,45,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.242.15:63345 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 8][cat: Cloud/13][36 pkts/14613 bytes <-> 35 pkts/4114 bytes][Goodput ratio: 86/54][4.14 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 11/0 132/134 1166/1477 229/290][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 406/118 584/732 185/107][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,1,0,1,0,0,0,0,0,0,0,0,0,45,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.242.15:63351 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 8][cat: Cloud/13][25 pkts/9229 bytes <-> 24 pkts/2916 bytes][Goodput ratio: 85/55][3.56 sec][bytes ratio: 0.520 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/0 164/174 1319/1484 293/350][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 369/122 584/733 204/130][PLAIN TEXT (05CA02AC4414028)][Plen Bins: 0,50,2,0,0,0,0,0,0,0,0,2,0,0,41,0,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/netbios.pcap.out b/tests/cfgs/default/result/netbios.pcap.out index 6a9d29fc4..5e5d384b2 100644 --- a/tests/cfgs/default/result/netbios.pcap.out +++ b/tests/cfgs/default/result/netbios.pcap.out @@ -28,6 +28,9 @@ Patricia protocols IPv6: 0/0 (search/found) NetBIOS 258 24196 13 SMBv1 2 486 2 +Acceptable 258 24196 13 +Dangerous 2 486 2 + 1 UDP 10.0.4.131:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][181 pkts/16652 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][59.62 sec][Hostname/SNI: xstream_hy][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 10/0 328/0 929/0 225/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FIFDFEFCEFEBENFPEIFJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.0.5.233:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][59 pkts/5428 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][57.96 sec][Hostname/SNI: ozi][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 749/0 1008/0 1515/0 361/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EPFKEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.0.5.233:137 <-> 10.0.4.24:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/184 bytes <-> 2 pkts/434 bytes][Goodput ratio: 54/80][10.00 sec][Hostname/SNI: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/netbios_wildcard_dns_query.pcap.out b/tests/cfgs/default/result/netbios_wildcard_dns_query.pcap.out index d6368a6e9..79674dcda 100644 --- a/tests/cfgs/default/result/netbios_wildcard_dns_query.pcap.out +++ b/tests/cfgs/default/result/netbios_wildcard_dns_query.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 1 92 1 +Acceptable 1 92 1 + 1 UDP 10.1.67.250:41335 -> 10.1.66.20:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/netflix.pcap.out b/tests/cfgs/default/result/netflix.pcap.out index 30be79495..602b4d420 100644 --- a/tests/cfgs/default/result/netflix.pcap.out +++ b/tests/cfgs/default/result/netflix.pcap.out @@ -33,6 +33,10 @@ IGMP 1 60 1 TLS 2 126 1 NetFlix 956 508247 38 +Safe 2 126 1 +Acceptable 835 498043 22 +Fun 956 508247 38 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.7 4 diff --git a/tests/cfgs/default/result/netflow-fritz.pcap.out b/tests/cfgs/default/result/netflow-fritz.pcap.out index 7af28b971..535e91665 100644 --- a/tests/cfgs/default/result/netflow-fritz.pcap.out +++ b/tests/cfgs/default/result/netflow-fritz.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NetFlow 1 222 1 +Acceptable 1 222 1 + 1 UDP 192.168.0.1:23384 -> 192.168.1.1:2055 [proto: 128/NetFlow][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/netflowv9.pcap.out b/tests/cfgs/default/result/netflowv9.pcap.out index 4b5a4eb3e..9662e8cd6 100644 --- a/tests/cfgs/default/result/netflowv9.pcap.out +++ b/tests/cfgs/default/result/netflowv9.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) NetFlow 10 13888 1 +Acceptable 10 13888 1 + 1 UDP 192.168.2.134:48629 -> 192.168.2.222:2057 [proto: 128/NetFlow][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/13888 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 1362/0 1389/0 1418/0 23/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,30,20,0,0,0,0] diff --git a/tests/cfgs/default/result/nfsv2.pcap.out b/tests/cfgs/default/result/nfsv2.pcap.out index 8e575ceea..b292b208b 100644 --- a/tests/cfgs/default/result/nfsv2.pcap.out +++ b/tests/cfgs/default/result/nfsv2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) NFS 156 23144 7 +Acceptable 156 23144 7 + 1 UDP 139.25.22.2:1023 <-> 139.25.22.102:2049 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][72 pkts/12640 bytes <-> 72 pkts/9284 bytes][Goodput ratio: 76/67][0.35 sec][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 40/40 7/7][Pkt Len c2s/s2c min/avg/max/stddev: 166/70 176/129 214/198 12/42][PLAIN TEXT (werrmsche)][Plen Bins: 13,2,0,30,49,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 139.25.22.2:671 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/102 bytes][Goodput ratio: 73/58][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 139.25.22.2:686 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/66 bytes][Goodput ratio: 73/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nfsv3.pcap.out b/tests/cfgs/default/result/nfsv3.pcap.out index 63019f15d..2f3473bfc 100644 --- a/tests/cfgs/default/result/nfsv3.pcap.out +++ b/tests/cfgs/default/result/nfsv3.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) NFS 128 22816 8 +Acceptable 128 22816 8 + 1 UDP 139.25.22.2:1022 <-> 139.25.22.102:2049 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][57 pkts/10398 bytes <-> 57 pkts/11038 bytes][Goodput ratio: 77/78][0.29 sec][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 50/50 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 170/74 182/194 226/342 15/82][PLAIN TEXT (werrmsche)][Plen Bins: 0,10,0,11,52,10,0,12,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 139.25.22.2:706 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/114 bytes][Goodput ratio: 73/63][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 139.25.22.2:722 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/66 bytes][Goodput ratio: 73/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index 94124e42a..28bff4e4f 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -32,6 +32,10 @@ TLS 56 8595 2 Nintendo 890 320242 12 AmazonAWS 20 2216 5 +Safe 56 8595 2 +Acceptable 50 4316 7 +Fun 890 320242 12 + JA3 Host Stats: IP Address # JA3C 1 192.168.12.114 1 diff --git a/tests/cfgs/default/result/nntp.pcap.out b/tests/cfgs/default/result/nntp.pcap.out index f2e22f1fe..5162e62af 100644 --- a/tests/cfgs/default/result/nntp.pcap.out +++ b/tests/cfgs/default/result/nntp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Usenet 32 7037 1 +Acceptable 32 7037 1 + 1 TCP 192.168.190.20:55630 <-> 192.168.190.5:119 [proto: 93/Usenet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][19 pkts/1363 bytes <-> 13 pkts/5674 bytes][Goodput ratio: 8/85][67.36 sec][bytes ratio: -0.613 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2775/4125 19518/19565 5508/6659][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 72/436 97/1514 10/556][PLAIN TEXT (200 Leafnode NNTP Daemon)][Plen Bins: 48,17,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,11,0,0] diff --git a/tests/cfgs/default/result/no_sni.pcap.out b/tests/cfgs/default/result/no_sni.pcap.out index ef827a8b7..f5bb8de3a 100644 --- a/tests/cfgs/default/result/no_sni.pcap.out +++ b/tests/cfgs/default/result/no_sni.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 174 50253 7 DoH_DoT 268 31882 1 +Safe 174 50253 7 +Acceptable 268 31882 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.119 4 diff --git a/tests/cfgs/default/result/nomachine.pcapng.out b/tests/cfgs/default/result/nomachine.pcapng.out index 65e690a75..3e40cf42e 100644 --- a/tests/cfgs/default/result/nomachine.pcapng.out +++ b/tests/cfgs/default/result/nomachine.pcapng.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) NoMachine 73 7085 2 +Acceptable 73 7085 2 + 1 TCP 192.168.88.231:48084 <-> 192.168.88.208:4000 [proto: 378/NoMachine][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][25 pkts/1903 bytes <-> 24 pkts/3906 bytes][Goodput ratio: 28/66][10.47 sec][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 442/486 7610/7654 1659/1752][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 76/163 184/1295 42/246][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found NoMachine][PLAIN TEXT (NoMachine)][Plen Bins: 14,45,11,18,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.88.231:56019 <-> 192.168.88.208:4000 [proto: 378/NoMachine][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: RemoteAccess/12][11 pkts/584 bytes <-> 13 pkts/692 bytes][Goodput ratio: 21/21][0.49 sec][bytes ratio: -0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 20/3 38/38 166/133 48/33][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 53/53 60/64 2/3][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: No server to client traffic / Found NoMachine][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ocs.pcap.out b/tests/cfgs/default/result/ocs.pcap.out index fc7874615..5c3336134 100644 --- a/tests/cfgs/default/result/ocs.pcap.out +++ b/tests/cfgs/default/result/ocs.pcap.out @@ -35,6 +35,10 @@ GoogleServices 13 2277 2 Crashlytics 21 2785 2 Azure 6 360 1 +Safe 26 3128 3 +Acceptable 57 6705 10 +Fun 863 57552 7 + JA3 Host Stats: IP Address # JA3C 1 192.168.180.2 4 diff --git a/tests/cfgs/default/result/ocsp.pcapng.out b/tests/cfgs/default/result/ocsp.pcapng.out index fd2b3dd41..e51d92563 100644 --- a/tests/cfgs/default/result/ocsp.pcapng.out +++ b/tests/cfgs/default/result/ocsp.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) OCSP 344 73647 10 +Safe 344 73647 10 + 1 TCP 192.168.1.128:49034 <-> 23.12.96.145:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][24 pkts/3999 bytes <-> 22 pkts/8476 bytes][Goodput ratio: 29/69][117.30 sec][Hostname/SNI: ocsp.entrust.net][bytes ratio: -0.359 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5094/5187 10241/10241 4906/5058][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 167/385 505/1566 128/500][URL: ocsp.entrust.net/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][PLAIN TEXT (BHPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] 2 TCP 192.168.1.227:49813 <-> 109.70.240.130:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/2245 bytes <-> 13 pkts/8626 bytes][Goodput ratio: 51/84][65.14 sec][Hostname/SNI: ocsp07.actalis.it][bytes ratio: -0.587 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 28/36 10/15][Pkt Len c2s/s2c min/avg/max/stddev: 112/112 224/664 491/1566 171/540][URL: ocsp07.actalis.it/VA/AUTH-ROOT/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D][StatusCode: 200][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Microsoft-CryptoAPI/10.0][PLAIN TEXT (GET /VA/AUTH)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,41,8,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 3 TCP 192.168.1.128:47904 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][27 pkts/4355 bytes <-> 23 pkts/5119 bytes][Goodput ratio: 27/47][166.99 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 6194/7858 10240/10240 4838/4216][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 161/223 505/917 122/269][URL: ocsp.digicert.com/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CEA)][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/oicq.pcap.out b/tests/cfgs/default/result/oicq.pcap.out index b8c0d15c6..8807f259f 100644 --- a/tests/cfgs/default/result/oicq.pcap.out +++ b/tests/cfgs/default/result/oicq.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) OICQ 29 2542 29 +Acceptable 29 2542 29 + 1 UDP 90.147.69.210:54233 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 90.147.69.210:59802 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 90.147.69.210:60434 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ookla.pcap.out b/tests/cfgs/default/result/ookla.pcap.out index c8fb71688..8a96a611e 100644 --- a/tests/cfgs/default/result/ookla.pcap.out +++ b/tests/cfgs/default/result/ookla.pcap.out @@ -27,6 +27,8 @@ Patricia protocols IPv6: 0/0 (search/found) Ookla 113 38411 6 +Safe 113 38411 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 2 diff --git a/tests/cfgs/default/result/opc-ua.pcap.out b/tests/cfgs/default/result/opc-ua.pcap.out index fd3f4334b..93c2c7e93 100644 --- a/tests/cfgs/default/result/opc-ua.pcap.out +++ b/tests/cfgs/default/result/opc-ua.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OPC-UA 381 45578 1 +Acceptable 381 45578 1 + 1 TCP 127.0.0.1:57420 <-> 127.0.0.1:4840 [proto: 360/OPC-UA][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: IoT-Scada/31][191 pkts/23255 bytes <-> 190 pkts/22323 bytes][Goodput ratio: 54/52][0.01 sec][bytes ratio: 0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 122/117 222/664 68/84][PLAIN TEXT (opc.tcp)][Plen Bins: 0,0,26,23,45,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openflow.pcap.out b/tests/cfgs/default/result/openflow.pcap.out index 069bdec09..701350c93 100644 --- a/tests/cfgs/default/result/openflow.pcap.out +++ b/tests/cfgs/default/result/openflow.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OpenFlow 21 1826 1 +Acceptable 21 1826 1 + 1 TCP 107.110.12.153:49234 <-> 107.110.12.153:6653 [proto: 374/OpenFlow][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][11 pkts/1066 bytes <-> 10 pkts/760 bytes][Goodput ratio: 31/12][0.06 sec][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/8 31/31 10/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/76 298/94 65/10][Plen Bins: 72,18,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out index a5ed315f9..26ecb5332 100644 --- a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out +++ b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 2/0 (search/found) OpenVPN 13 5354 1 +Acceptable 13 5354 1 + 1 UDP [::1]:56256 <-> [::1]:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: VPN/2][7 pkts/3253 bytes <-> 6 pkts/2101 bytes][Goodput ratio: 89/85][0.02 sec][bytes ratio: 0.215 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 11/9 4/4][Pkt Len c2s/s2c min/avg/max/stddev: 114/114 465/350 1228/1033 382/314][Plen Bins: 0,31,7,0,0,0,7,15,0,0,0,7,0,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index 64ea86fe5..b06e1cc20 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) OpenVPN 660 121492 8 +Acceptable 660 121492 8 + 1 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 3][cat: VPN/2][62 pkts/11508 bytes <-> 58 pkts/16664 bytes][Goodput ratio: 77/85][19.24 sec][bytes ratio: -0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/106 3994/2456 764/365][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 186/287 1214/1287 193/325][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (160727093158Z)][Plen Bins: 0,33,19,9,29,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0] 2 TCP 10.181.235.122:39772 <-> 10.251.71.30:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VPN/2][100 pkts/13594 bytes <-> 95 pkts/13987 bytes][Goodput ratio: 51/55][32.02 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 245/317 3842/9253 675/1172][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/147 472/542 78/90][PLAIN TEXT (121031022835Z)][Plen Bins: 35,13,1,39,1,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 3.111.166.78:51146 <-> 85.134.13.165:1194 [proto: 159/OpenVPN][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: VPN/2][51 pkts/7057 bytes <-> 49 pkts/8409 bytes][Goodput ratio: 70/76][17.72 sec][bytes ratio: -0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 343/338 4127/4124 897/934][Pkt Len c2s/s2c min/avg/max/stddev: 60/64 138/172 168/1242 35/312][PLAIN TEXT (New York1)][Plen Bins: 48,4,1,40,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out index b9fbc34b7..89dd68112 100644 --- a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out +++ b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OpenVPN 944 303931 1 +Acceptable 944 303931 1 + 1 UDP 3.111.166.78:51146 <-> 85.134.13.165:1194 [proto: 159/OpenVPN][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: VPN/2][594 pkts/138399 bytes <-> 350 pkts/165532 bytes][Goodput ratio: 82/91][73.25 sec][bytes ratio: -0.089 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 101/181 5093/5107 502/713][Pkt Len c2s/s2c min/avg/max/stddev: 60/64 233/473 1490/1487 273/526][PLAIN TEXT (New York1)][Plen Bins: 18,1,1,72,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out b/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out index 75a450a7f..0767f5fdc 100644 --- a/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out +++ b/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OpenVPN 195 27581 1 +Acceptable 195 27581 1 + 1 TCP 10.181.235.122:39772 <-> 10.251.71.30:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VPN/2][100 pkts/13594 bytes <-> 95 pkts/13987 bytes][Goodput ratio: 51/55][32.02 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 245/317 3842/9253 675/1172][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/147 472/542 78/90][PLAIN TEXT (121031022835Z)][Plen Bins: 35,13,1,39,1,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/opera-vpn.pcapng.out b/tests/cfgs/default/result/opera-vpn.pcapng.out index 9a206c750..8d3503bc6 100644 --- a/tests/cfgs/default/result/opera-vpn.pcapng.out +++ b/tests/cfgs/default/result/opera-vpn.pcapng.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 3 206 1 OperaVPN 3197 1398676 61 +Safe 3 206 1 +Acceptable 3197 1398676 61 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.29 61 diff --git a/tests/cfgs/default/result/oracle12.pcapng.out b/tests/cfgs/default/result/oracle12.pcapng.out index 1e4d8fa84..1530a4928 100644 --- a/tests/cfgs/default/result/oracle12.pcapng.out +++ b/tests/cfgs/default/result/oracle12.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) Oracle 20 2518 1 +Acceptable 20 2518 1 + 1 TCP 10.0.2.15:40226 <-> 10.0.72.139:1521 [proto: 167/Oracle][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 20][cat: Database/11][9 pkts/1447 bytes <-> 11 pkts/1071 bytes][Goodput ratio: 65/41][0.03 sec][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/3 20/19 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/97 287/293 93/71][PLAIN TEXT (DESCRIPTION)][Plen Bins: 18,18,9,9,0,9,18,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/os_detected.pcapng.out b/tests/cfgs/default/result/os_detected.pcapng.out index bfa8038b8..04b731c08 100644 --- a/tests/cfgs/default/result/os_detected.pcapng.out +++ b/tests/cfgs/default/result/os_detected.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 1 1294 1 +Acceptable 1 1294 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/ospfv2_add_new_prefix.pcap.out b/tests/cfgs/default/result/ospfv2_add_new_prefix.pcap.out index 2043faa7d..5b191642e 100644 --- a/tests/cfgs/default/result/ospfv2_add_new_prefix.pcap.out +++ b/tests/cfgs/default/result/ospfv2_add_new_prefix.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) OSPF 2 200 1 +Acceptable 2 200 1 + 1 OSPF 10.1.10.10:0 <-> 10.1.10.1:0 [proto: 85/OSPF][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/122 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][2.51 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out index 03daaf697..a0cc4a2cf 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out @@ -29,6 +29,10 @@ HalfLife2 2 96 1 Starcraft 4 200 4 Protobuf 8 2487 1 +Safe 8 2487 1 +Fun 9 505 7 +Potentially Dangerous 4 333 2 + 1 UDP 127.0.0.1:1119 -> 127.0.0.1:1120 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/2487 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][204.53 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8008/0 29219/0 105424/0 32476/0][Pkt Len c2s/s2c min/avg/max/stddev: 48/0 311/0 576/0 250/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 37,0,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.128:1 -> 1.2.3.4:10 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: TCP NULL scan / No server to client traffic][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.128:1 -> 1.2.3.4:11 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][293.20 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: TCP NULL scan / No server to client traffic][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out index cebcf2a79..1945022ba 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out @@ -30,6 +30,8 @@ Usenet 12 1099 2 TeamViewer 59 31448 1 WireGuard 4 592 2 +Acceptable 85 33828 6 + 1 TCP 192.168.0.1:8787 <-> 10.10.10.1:32177 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: RemoteAccess/12][25 pkts/14755 bytes <-> 34 pkts/16693 bytes][Goodput ratio: 90/89][2.12 sec][bytes ratio: -0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/59 277/257 105/90][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 590/491 1514/1514 585/593][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (XDsiBZ)][Plen Bins: 0,19,2,5,2,0,0,0,0,0,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,15,5,0,2,2,2,0,0,0,0,0,0,29,0,0] 2 TCP 172.16.20.244:59038 <-> 172.16.20.75:5432 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Database/11][6 pkts/416 bytes <-> 4 pkts/273 bytes][Goodput ratio: 2/0][0.02 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 17/18 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 69/68 78/74 5/3][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.26.235.166:55630 <-> 172.30.92.62:119 [proto: 93/Usenet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][4 pkts/293 bytes <-> 2 pkts/264 bytes][Goodput ratio: 7/47][0.02 sec][bytes ratio: 0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 6/17 17/17 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 73/132 87/190 9/58][PLAIN TEXT (200 Leafnode NNTP Daemon)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_3.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_3.pcapng.out index 1bff9b97a..de30320b2 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_3.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_3.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) MapleStory 4 362 1 +Fun 4 362 1 + 1 TCP 192.168.16.173:60546 <-> 93.184.216.34:80 [proto: 113/MapleStory][IP: 288/Edgecast][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][3 pkts/288 bytes <-> 1 pkts/74 bytes][Goodput ratio: 28/0][0.10 sec][Hostname/SNI: example.com][User-Agent: AspINet][PLAIN TEXT (pGET /maplestory/ HTTP/1.1)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out index c23467edd..91666d3bc 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 2 68 1 +Unrated 2 68 1 + Undetected flows: diff --git a/tests/cfgs/default/result/pgm.pcap.out b/tests/cfgs/default/result/pgm.pcap.out index b6accd0fc..d5c35d4fa 100644 --- a/tests/cfgs/default/result/pgm.pcap.out +++ b/tests/cfgs/default/result/pgm.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) PGM 1000 196302 1 +Acceptable 1000 196302 1 + 1 PGM 10.244.64.154:0 -> 235.0.1.47:0 [proto: 296/PGM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1000 pkts/196302 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][78.91 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/0 1479/0 169/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 196/0 1344/0 201/0][PLAIN TEXT (PORTFOLIO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pgsql.pcap.out b/tests/cfgs/default/result/pgsql.pcap.out index d2436010f..ee7b1321a 100644 --- a/tests/cfgs/default/result/pgsql.pcap.out +++ b/tests/cfgs/default/result/pgsql.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) PostgreSQL 88 8913 6 +Acceptable 88 8913 6 + 1 TCP 127.0.0.1:45930 <-> 127.0.0.1:5432 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Database/11][12 pkts/1366 bytes <-> 12 pkts/1664 bytes][Goodput ratio: 41/52][15.40 sec][bytes ratio: -0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002/1011 8826/8907 2767/2792][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 114/139 327/348 73/104][PLAIN TEXT (database)][Plen Bins: 8,41,0,16,0,8,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.20.244:59039 <-> 172.16.20.75:5432 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Database/11][10 pkts/924 bytes <-> 6 pkts/911 bytes][Goodput ratio: 27/56][0.01 sec][bytes ratio: 0.007 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 1/2 3/7 1/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 92/152 175/455 38/139][PLAIN TEXT (database)][Plen Bins: 37,12,25,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 127.0.0.1:45931 <-> 127.0.0.1:5432 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Database/11][7 pkts/705 bytes <-> 8 pkts/974 bytes][Goodput ratio: 33/45][0.12 sec][bytes ratio: -0.160 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/14 45/40 18/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/122 222/251 52/72][PLAIN TEXT (database)][Plen Bins: 14,28,14,0,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pim.pcap.out b/tests/cfgs/default/result/pim.pcap.out index c2f6f8d28..174a7f558 100644 --- a/tests/cfgs/default/result/pim.pcap.out +++ b/tests/cfgs/default/result/pim.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) IP_PIM 10 920 1 +Acceptable 10 920 1 + 1 PIM 192.168.203.234:0 -> 224.0.0.13:0 [proto: 297/IP_PIM][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/920 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][9.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 999/0 1001/0 1006/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 88/0 92/0 108/0 8/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pinterest.pcap.out b/tests/cfgs/default/result/pinterest.pcap.out index 6e3cdf5a1..a38c5c576 100644 --- a/tests/cfgs/default/result/pinterest.pcap.out +++ b/tests/cfgs/default/result/pinterest.pcap.out @@ -31,6 +31,11 @@ Google 328 150112 5 Pinterest 239 115791 9 GoogleServices 55 11104 1 +Safe 157 68609 19 +Acceptable 383 161216 6 +Fun 323 193395 11 +Tracker/Ads 48 23075 1 + JA3 Host Stats: IP Address # JA3C 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 1 diff --git a/tests/cfgs/default/result/pluralsight.pcap.out b/tests/cfgs/default/result/pluralsight.pcap.out index 496a2713e..e36655089 100644 --- a/tests/cfgs/default/result/pluralsight.pcap.out +++ b/tests/cfgs/default/result/pluralsight.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Pluralsight 44 29652 6 +Fun 44 29652 6 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/pop3.pcap.out b/tests/cfgs/default/result/pop3.pcap.out index a5e66191d..bf0bdd648 100644 --- a/tests/cfgs/default/result/pop3.pcap.out +++ b/tests/cfgs/default/result/pop3.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) POP3 144 31172 6 +Unsafe 144 31172 6 + 1 TCP 192.168.0.4:26383 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 16][cat: Email/3][22 pkts/1338 bytes <-> 30 pkts/21359 bytes][Goodput ratio: 10/92][1.26 sec][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59/41 97/111 37/39][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 61/712 120/1514 14/680][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 47,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,30,0,0] 2 TCP 143.225.229.181:35287 <-> 74.208.5.28:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: Email/3][18 pkts/1269 bytes <-> 13 pkts/2646 bytes][Goodput ratio: 6/67][27.32 sec][User: cicciopernacchio@mail.com][Pwd: pippozzo][bytes ratio: -0.352 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1792/2973 5526/5668 2204/2427][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 70/204 98/1514 8/379][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found username (cicciopernacchio@mail.com)][PLAIN TEXT (OK POP server ready H migmxus)][Plen Bins: 60,20,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] 3 TCP 192.168.0.4:26308 <-> 212.227.15.166:110 [proto: 2/POP3][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 16][cat: Email/3][9 pkts/594 bytes <-> 10 pkts/881 bytes][Goodput ratio: 16/34][0.59 sec][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 29/0 64/64 81/88 18/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/88 120/145 20/32][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (OK POP server ready H mimap)][Plen Bins: 63,9,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pop3_stls.pcap.out b/tests/cfgs/default/result/pop3_stls.pcap.out index ed9b9cf26..64b934b65 100644 --- a/tests/cfgs/default/result/pop3_stls.pcap.out +++ b/tests/cfgs/default/result/pop3_stls.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) POPS 53 11189 1 +Safe 53 11189 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.20.18 1 diff --git a/tests/cfgs/default/result/pops.pcapng.out b/tests/cfgs/default/result/pops.pcapng.out index 0af9c8411..3025ea924 100644 --- a/tests/cfgs/default/result/pops.pcapng.out +++ b/tests/cfgs/default/result/pops.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) POPS 5 2998 1 +Safe 5 2998 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.1 1 diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index a4cd0f6da..889abe897 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -33,6 +33,11 @@ PPStream 56 36585 20 OCSP 2 1093 1 Cybersec 28 29201 2 +Safe 30 30294 3 +Acceptable 195 101385 55 +Fun 56 36585 20 +Unrated 980 377564 29 + 1 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Goodput ratio: 87/96][0.02 sec][Hostname/SNI: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426/1303 426/1314 0/56][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 223.26.106.66][PLAIN TEXT (GET /videos/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,93,0,0,0,0,0,0,0,0] 2 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.283/HTTP.Cybersec][IP: 307/AVAST][ClearText][Confidence: DPI][DPI packets: 9][cat: Download/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Goodput ratio: 95/96][13.04 sec][Hostname/SNI: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/0 307/0 127/0][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002/1239 1314/1314 434/215][URL: bcu.ff.avast.com/bc2][StatusCode: 200][Req Content-Type: application/x-enc][Content-Type: application/octet-stream][Server: nginx/1.8.0][User-Agent: {D699054D-1699-47D2-9B2B-E96F438C1160}][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 300][Risk Info: Suspicious Log4J / Obsolete nginx server 1.8.0 / Found mime exe octet-stream][PLAIN TEXT (POST /bc2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,75,0,0,0,0,0,0,0,0] 3 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/303 bytes <-> 9 pkts/11826 bytes][Goodput ratio: 82/96][0.09 sec][Hostname/SNI: preimage1.qiyipic.com][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/4 0/30 0/10][Pkt Len c2s/s2c min/avg/max/stddev: 303/1314 303/1314 303/1314 0/0][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_1.jpg?no=1][StatusCode: 200][Content-Type: image/jpeg][Server: QWS][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)][Plen Bins: 0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pptp.pcap.out b/tests/cfgs/default/result/pptp.pcap.out index 6d72b35bb..af14610a3 100644 --- a/tests/cfgs/default/result/pptp.pcap.out +++ b/tests/cfgs/default/result/pptp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) PPTP 24 2328 1 +Acceptable 24 2328 1 + 1 TCP 192.168.43.22:41366 <-> 191.101.61.1:1723 [proto: 115/PPTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: VPN/2][13 pkts/1210 bytes <-> 11 pkts/1118 bytes][Goodput ratio: 29/34][5.43 sec][bytes ratio: 0.040 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/7 389/463 1680/1179 503/373][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 93/102 234/222 58/56][PLAIN TEXT (cananian)][Plen Bins: 44,11,0,0,33,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/profinet-io-le.pcap.out b/tests/cfgs/default/result/profinet-io-le.pcap.out index a4a4161c3..e9d4c7557 100644 --- a/tests/cfgs/default/result/profinet-io-le.pcap.out +++ b/tests/cfgs/default/result/profinet-io-le.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) PROFINET_IO 2 516 1 +Acceptable 2 516 1 + 1 UDP 10.10.0.150:1566 <-> 10.10.0.129:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/206 bytes <-> 1 pkts/310 bytes][Goodput ratio: 79/86][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/protobuf.pcap.out b/tests/cfgs/default/result/protobuf.pcap.out index 2f1da401d..e5bb23bea 100644 --- a/tests/cfgs/default/result/protobuf.pcap.out +++ b/tests/cfgs/default/result/protobuf.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Protobuf 60 4446 5 +Safe 60 4446 5 + 1 TCP 127.0.0.1:52392 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][11 pkts/890 bytes <-> 9 pkts/498 bytes][Goodput ratio: 32/0][70.00 sec][bytes ratio: 0.282 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10000 6667/8333 10000/10000 4714/3727][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 81/55 122/66 31/4][PLAIN TEXT (AAAABBBBX)][Plen Bins: 42,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:39786 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/832 bytes <-> 3 pkts/174 bytes][Goodput ratio: 66/0][10.00 sec][bytes ratio: 0.654 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2500/0 10000/0 4330/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/58 604/66 219/6][PLAIN TEXT (Lorem ipsum dolor sit amet)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 127.0.0.1:51680 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: Network/14][9 pkts/588 bytes <-> 7 pkts/390 bytes][Goodput ratio: 15/0][50.00 sec][bytes ratio: 0.202 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10000 5714/7500 10000/10000 4949/4330][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65/56 72/66 8/4][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/protonvpn.pcap.out b/tests/cfgs/default/result/protonvpn.pcap.out index 347716478..8e0c81cff 100644 --- a/tests/cfgs/default/result/protonvpn.pcap.out +++ b/tests/cfgs/default/result/protonvpn.pcap.out @@ -29,6 +29,9 @@ TLS 1 74 1 WireGuard 14 2060 1 ProtonVPN 26 8061 1 +Safe 1 74 1 +Acceptable 40 10121 2 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/psiphon3.pcap.out b/tests/cfgs/default/result/psiphon3.pcap.out index d72af74d6..251aafc43 100644 --- a/tests/cfgs/default/result/psiphon3.pcap.out +++ b/tests/cfgs/default/result/psiphon3.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Psiphon 62 11818 1 +Acceptable 62 11818 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.103 1 diff --git a/tests/cfgs/default/result/ptpv2.pcap.out b/tests/cfgs/default/result/ptpv2.pcap.out index 511ae45a7..5ab44051e 100644 --- a/tests/cfgs/default/result/ptpv2.pcap.out +++ b/tests/cfgs/default/result/ptpv2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 6/0 (search/found) PTPv2 14 1664 3 +Acceptable 14 1664 3 + 1 UDP [fe80::20:9400:d]:320 <-> [fe80::2b0:aeff:fe01:f921]:320 [proto: 358/PTPv2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/354 bytes <-> 4 pkts/488 bytes][Goodput ratio: 47/49][0.26 sec][bytes ratio: -0.159 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/50 0/149 0/70][Pkt Len c2s/s2c min/avg/max/stddev: 118/120 118/122 118/128 0/3][Plen Bins: 0,85,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP [fe80::20:9400:e]:320 <-> [fe80::2b0:aeff:fe01:f921]:320 [proto: 358/PTPv2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/354 bytes <-> 3 pkts/360 bytes][Goodput ratio: 47/48][0.11 sec][bytes ratio: -0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 0/1 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 118/120 118/120 118/120 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP [fe80::2b0:aeff:fe01:f921]:319 -> [fe80::20:9400:d]:319 [proto: 358/PTPv2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/108 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/punycode-idn.pcap.out b/tests/cfgs/default/result/punycode-idn.pcap.out index c658b147f..97a4442f8 100644 --- a/tests/cfgs/default/result/punycode-idn.pcap.out +++ b/tests/cfgs/default/result/punycode-idn.pcap.out @@ -26,6 +26,9 @@ DNS 2 162 1 HTTP 12 1597 1 Spotify 2 197 1 +Acceptable 14 1759 2 +Fun 2 197 1 + 1 TCP 192.168.2.140:56011 <-> 170.33.9.230:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/568 bytes <-> 5 pkts/1029 bytes][Goodput ratio: 29/69][0.57 sec][Hostname/SNI: www.love.xn--55qx5d][bytes ratio: -0.289 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/122 222/352 90/163][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/206 137/765 36/280][URL: www.love.xn--55qx5d/][StatusCode: 403][Content-Type: text/html][User-Agent: curl/7.77.0][Risk: ** IDN Domain Name **** Error Code **][Risk Score: 20][Risk Info: www.love.xn--55qx5d / HTTP Error Code 403][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.140:45520 <-> 192.168.2.1:53 [proto: 5.156/DNS.Spotify][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/128 bytes][Goodput ratio: 39/67][0.02 sec][Hostname/SNI: i.scdn.co][146.75.62.248][PLAIN TEXT (scdnco)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.140:60156 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/81 bytes][Goodput ratio: 48/48][0.00 sec][Hostname/SNI: www.xn--mnich-kva.com][::][Risk: ** IDN Domain Name **** Error Code **][Risk Score: 20][Risk Info: www.xn--mnich-kva.com / DNS Error Code NXDOMAIN][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic-23.pcap.out b/tests/cfgs/default/result/quic-23.pcap.out index 2461c6c20..dc5457ed4 100644 --- a/tests/cfgs/default/result/quic-23.pcap.out +++ b/tests/cfgs/default/result/quic-23.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 20 7191 1 +Acceptable 20 7191 1 + JA3 Host Stats: IP Address # JA3C 1 2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7 1 diff --git a/tests/cfgs/default/result/quic-24.pcap.out b/tests/cfgs/default/result/quic-24.pcap.out index 639f4a7f5..0528668be 100644 --- a/tests/cfgs/default/result/quic-24.pcap.out +++ b/tests/cfgs/default/result/quic-24.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 15 8000 1 +Acceptable 15 8000 1 + JA3 Host Stats: IP Address # JA3C 1 10.9.0.1 1 diff --git a/tests/cfgs/default/result/quic-27.pcap.out b/tests/cfgs/default/result/quic-27.pcap.out index c7e6e566c..69ba562f4 100644 --- a/tests/cfgs/default/result/quic-27.pcap.out +++ b/tests/cfgs/default/result/quic-27.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) Google 20 12887 1 +Acceptable 20 12887 1 + JA3 Host Stats: IP Address # JA3C 1 3ef4:2194:f4a6:3503:40cd:714:57:c4e4 1 diff --git a/tests/cfgs/default/result/quic-28.pcap.out b/tests/cfgs/default/result/quic-28.pcap.out index d15d44b5b..0f2f4b846 100644 --- a/tests/cfgs/default/result/quic-28.pcap.out +++ b/tests/cfgs/default/result/quic-28.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 253 246793 1 +Acceptable 253 246793 1 + JA3 Host Stats: IP Address # JA3C 1 10.9.0.2 1 diff --git a/tests/cfgs/default/result/quic-29.pcap.out b/tests/cfgs/default/result/quic-29.pcap.out index a56293f46..2f5925edb 100644 --- a/tests/cfgs/default/result/quic-29.pcap.out +++ b/tests/cfgs/default/result/quic-29.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 15 9386 1 +Acceptable 15 9386 1 + JA3 Host Stats: IP Address # JA3C 1 10.9.0.1 1 diff --git a/tests/cfgs/default/result/quic-33.pcapng.out b/tests/cfgs/default/result/quic-33.pcapng.out index 9dec0d2d6..3a0067211 100644 --- a/tests/cfgs/default/result/quic-33.pcapng.out +++ b/tests/cfgs/default/result/quic-33.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 7 5336 1 +Acceptable 7 5336 1 + JA3 Host Stats: IP Address # JA3C 1 ::1 1 diff --git a/tests/cfgs/default/result/quic-34.pcap.out b/tests/cfgs/default/result/quic-34.pcap.out index c1b75d49a..3f02a683d 100644 --- a/tests/cfgs/default/result/quic-34.pcap.out +++ b/tests/cfgs/default/result/quic-34.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 4 4836 1 +Acceptable 4 4836 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.56.1 1 diff --git a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out index ced7ea023..a020b5770 100644 --- a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out +++ b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 21 9039 1 +Acceptable 21 9039 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.56.103 1 diff --git a/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out b/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out index b214ffcb4..3ea4d455d 100644 --- a/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out +++ b/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 1 1280 1 +Acceptable 1 1280 1 + 1 UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][QUIC ver: Q024][PLAIN TEXT ( )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic-mvfst-22.pcap.out b/tests/cfgs/default/result/quic-mvfst-22.pcap.out index 1d16edb6a..d5e7ad2b4 100644 --- a/tests/cfgs/default/result/quic-mvfst-22.pcap.out +++ b/tests/cfgs/default/result/quic-mvfst-22.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Facebook 490 288303 1 +Fun 490 288303 1 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/quic-mvfst-22_decryption_error.pcap.out b/tests/cfgs/default/result/quic-mvfst-22_decryption_error.pcap.out index a353960b8..3db845503 100644 --- a/tests/cfgs/default/result/quic-mvfst-22_decryption_error.pcap.out +++ b/tests/cfgs/default/result/quic-mvfst-22_decryption_error.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 11 3918 1 +Acceptable 11 3918 1 + 1 UDP 10.230.40.168:62196 <-> 94.97.225.146:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][10 pkts/3852 bytes <-> 1 pkts/66 bytes][Goodput ratio: 93/57][0.00 sec][bytes ratio: 0.966 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 385/66 1260/66 401/0][QUIC ver: MVFST-22][Plen Bins: 0,36,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic-mvfst-27.pcapng.out b/tests/cfgs/default/result/quic-mvfst-27.pcapng.out index fe9f4f66d..ae30e7072 100644 --- a/tests/cfgs/default/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/default/result/quic-mvfst-27.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Facebook 20 11399 1 +Fun 20 11399 1 + JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/quic-mvfst-exp.pcap.out b/tests/cfgs/default/result/quic-mvfst-exp.pcap.out index b8315d050..a0fc4ecbc 100644 --- a/tests/cfgs/default/result/quic-mvfst-exp.pcap.out +++ b/tests/cfgs/default/result/quic-mvfst-exp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) FbookReelStory 30 26309 1 +Fun 30 26309 1 + JA3 Host Stats: IP Address # JA3C 1 2aac:cdf7:d506:7807:9092:75f:a963:f4ab 1 diff --git a/tests/cfgs/default/result/quic-v2.pcapng.out b/tests/cfgs/default/result/quic-v2.pcapng.out index bf1292d91..e1ac930f8 100644 --- a/tests/cfgs/default/result/quic-v2.pcapng.out +++ b/tests/cfgs/default/result/quic-v2.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 19 12970 1 +Acceptable 19 12970 1 + JA3 Host Stats: IP Address # JA3C 1 ::1 1 diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index 85db45f7b..ad876b6d8 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -29,6 +29,9 @@ YouTube 85 76193 5 Google 11 10063 2 QUIC 9 7436 2 +Acceptable 433 272373 5 +Fun 85 76193 5 + 1 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Email/3][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Goodput ratio: 72/95][37.93 sec][Hostname/SNI: mail.google.com][bytes ratio: -0.812 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 303/161 21144/21225 1960/1485][Pkt Len c2s/s2c min/avg/max/stddev: 67/61 149/916 1392/1392 207/581][User-Agent: beta Chrome/43.0.2357.45][QUIC ver: Q024][PLAIN TEXT (mail.google.com)][Plen Bins: 4,37,1,5,3,0,3,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0] 2 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Goodput ratio: 80/97][1.00 sec][Hostname/SNI: www.youtube.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 52/26 803/828 183/134][Pkt Len c2s/s2c min/avg/max/stddev: 79/61 211/1208 1392/1392 358/430][User-Agent: Chrome/50.0.2661.102 Linux x86_64][QUIC ver: Q030][PLAIN TEXT (www.youtube.com)][Plen Bins: 1,35,1,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,57,0,0,0,0,0] 3 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][6 pkts/7072 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][4.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 800/0 1749/0 595/0][Pkt Len c2s/s2c min/avg/max/stddev: 112/0 1179/0 1392/0 477/0][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][QUIC ver: Q033][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic046.pcap.out b/tests/cfgs/default/result/quic046.pcap.out index 1bdc0674d..88daf7fd7 100644 --- a/tests/cfgs/default/result/quic046.pcap.out +++ b/tests/cfgs/default/result/quic046.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) YouTube 100 91297 1 +Fun 100 91297 1 + 1 UDP 192.168.1.236:50587 <-> 216.58.206.86:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][37 pkts/6724 bytes <-> 63 pkts/84573 bytes][Goodput ratio: 77/97][0.05 sec][Hostname/SNI: i.ytimg.com][bytes ratio: -0.853 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/5 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 70/62 182/1342 1392/1392 304/222][User-Agent: Chrome/80.0.3987.132 Windows NT 6.3; Win64; x64][QUIC ver: Q046][PLAIN TEXT (i.ytimg.com)][Plen Bins: 26,1,1,0,5,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index d4a90d261..43dae132a 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 2/0 (search/found) Google 15 5178 1 QUIC 2 2588 1 +Acceptable 17 7766 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.100 1 diff --git a/tests/cfgs/default/result/quic_cc_ack.pcapng.out b/tests/cfgs/default/result/quic_cc_ack.pcapng.out index 2a4f2ee1b..8259ba3b6 100644 --- a/tests/cfgs/default/result/quic_cc_ack.pcapng.out +++ b/tests/cfgs/default/result/quic_cc_ack.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) QUIC 2 2784 2 +Acceptable 2 2784 2 + 1 UDP 152.14.223.145:57113 -> 71.98.228.93:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Draft-29][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 2 UDP 183.23.159.144:37787 -> 108.140.147.22:443 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Draft-29][PLAIN TEXT (IhUo.7y)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out b/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out index 7f65e62be..68b213721 100644 --- a/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out +++ b/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Snapchat 2 2784 2 +Fun 2 2784 2 + JA3 Host Stats: IP Address # JA3C 1 134.53.36.43 1 diff --git a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out index 7c279d773..829b5933e 100644 --- a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 4 3998 1 +Acceptable 4 3998 1 + JA3 Host Stats: IP Address # JA3C 1 ::1 1 diff --git a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 917f75f7e..ef59794b7 100644 --- a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -32,6 +32,10 @@ GoogleServices 71 98832 25 WhatsAppFiles 1 1392 1 GoogleCloud 3 4176 3 +Safe 3 4176 3 +Acceptable 154 214368 88 +Fun 22 30624 22 + JA3 Host Stats: IP Address # JA3C 1 168.144.64.5 4 diff --git a/tests/cfgs/default/result/quic_interop_V.pcapng.out b/tests/cfgs/default/result/quic_interop_V.pcapng.out index 4b7457e46..eb32456d6 100644 --- a/tests/cfgs/default/result/quic_interop_V.pcapng.out +++ b/tests/cfgs/default/result/quic_interop_V.pcapng.out @@ -26,6 +26,8 @@ ICMP 21 7436 9 ICMPV6 10 10642 5 QUIC 215 224846 63 +Acceptable 246 242924 77 + 1 UDP 192.168.1.128:34511 -> 131.159.24.198:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1419/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (SezYZO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.128:37643 -> 71.202.41.169:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 243/0 1426/0 4801/0 1546/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (tIABbj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.128:42468 -> 138.91.188.147:4433 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1425/0 4800/0 1548/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q39.pcap.out b/tests/cfgs/default/result/quic_q39.pcap.out index 9ab647c4c..693a15425 100644 --- a/tests/cfgs/default/result/quic_q39.pcap.out +++ b/tests/cfgs/default/result/quic_q39.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) YouTube 60 24185 1 +Fun 60 24185 1 + 1 UDP 170.216.16.209:38620 <-> 21.157.183.227:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][27 pkts/20099 bytes <-> 33 pkts/4086 bytes][Goodput ratio: 94/66][48.95 sec][Hostname/SNI: s.youtube.com][bytes ratio: 0.662 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 2239/1370 14326/14805 3925/3576][Pkt Len c2s/s2c min/avg/max/stddev: 65/60 744/124 1392/1392 569/228][User-Agent: com.google.android.youtube Cronet/63.0.3223.7][QUIC ver: Q039][PLAIN TEXT (s.youtube.com)][Plen Bins: 24,47,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,5,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q43.pcap.out b/tests/cfgs/default/result/quic_q43.pcap.out index 9a197c53e..dfc23b1ec 100644 --- a/tests/cfgs/default/result/quic_q43.pcap.out +++ b/tests/cfgs/default/result/quic_q43.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) DoH_DoT 2 1464 1 +Acceptable 2 1464 1 + 1 UDP 51.120.20.202:49241 <-> 72.119.217.29:443 [proto: 188.196/QUIC.DoH_DoT][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1392 bytes <-> 1 pkts/72 bytes][Goodput ratio: 97/41][0.05 sec][Hostname/SNI: dns.google.com][QUIC ver: Q043][PLAIN TEXT (dns.google.com)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q46.pcap.out b/tests/cfgs/default/result/quic_q46.pcap.out index 044854fa7..0f7385837 100644 --- a/tests/cfgs/default/result/quic_q46.pcap.out +++ b/tests/cfgs/default/result/quic_q46.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Google 20 21241 1 +Acceptable 20 21241 1 + 1 UDP 172.29.42.236:38292 <-> 153.20.183.203:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][5 pkts/1675 bytes <-> 15 pkts/19566 bytes][Goodput ratio: 87/97][0.31 sec][Hostname/SNI: play.google.com][bytes ratio: -0.842 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/20 17/224 8/59][Pkt Len c2s/s2c min/avg/max/stddev: 70/78 335/1304 1392/1392 529/328][User-Agent: Chrome/74.0.3729.157 Android 8.0.0; BND-L21][QUIC ver: Q046][PLAIN TEXT (play.google.comL)][Plen Bins: 20,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q46_b.pcap.out b/tests/cfgs/default/result/quic_q46_b.pcap.out index 8b52b26f3..280a258cb 100644 --- a/tests/cfgs/default/result/quic_q46_b.pcap.out +++ b/tests/cfgs/default/result/quic_q46_b.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) YouTubeUpload 20 7020 1 +Fun 20 7020 1 + 1 UDP 172.27.69.216:45530 <-> 110.231.134.35:443 [proto: 188.136/QUIC.YouTubeUpload][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][6 pkts/2916 bytes <-> 14 pkts/4104 bytes][Goodput ratio: 81/69][3.09 sec][Hostname/SNI: upload.youtube.com][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 24/0 200/218 384/1017 128/277][Pkt Len c2s/s2c min/avg/max/stddev: 118/106 486/293 1440/1440 466/345][User-Agent: com.google.android.youtube Cronet/76.0.3809.0][QUIC ver: Q046][PLAIN TEXT (upload.youtube.comx)][Plen Bins: 45,15,0,0,0,0,0,0,0,0,20,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_q50.pcap.out b/tests/cfgs/default/result/quic_q50.pcap.out index 928531a32..8f2103915 100644 --- a/tests/cfgs/default/result/quic_q50.pcap.out +++ b/tests/cfgs/default/result/quic_q50.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleServices 20 20434 1 +Acceptable 20 20434 1 + 1 UDP 248.144.129.147:39203 <-> 184.151.193.237:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][6 pkts/3579 bytes <-> 14 pkts/16855 bytes][Goodput ratio: 93/97][0.47 sec][Hostname/SNI: www.googletagmanager.com][bytes ratio: -0.650 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 85/27 210/221 80/63][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 596/1204 1392/1392 588/461][User-Agent: Chrome/83.0.4103.101 Android 8.0.0; LDN-L21][QUIC ver: Q050][PLAIN TEXT (x.GdrZY)][Plen Bins: 5,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_t50.pcap.out b/tests/cfgs/default/result/quic_t50.pcap.out index 49b4d8595..346285118 100644 --- a/tests/cfgs/default/result/quic_t50.pcap.out +++ b/tests/cfgs/default/result/quic_t50.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleServices 12 8420 1 +Acceptable 12 8420 1 + JA3 Host Stats: IP Address # JA3C 1 40.154.127.200 1 diff --git a/tests/cfgs/default/result/quic_t51.pcap.out b/tests/cfgs/default/result/quic_t51.pcap.out index 5607f2364..a1639f214 100644 --- a/tests/cfgs/default/result/quic_t51.pcap.out +++ b/tests/cfgs/default/result/quic_t51.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Google 12 9296 1 +Acceptable 12 9296 1 + JA3 Host Stats: IP Address # JA3C 1 187.227.136.152 1 diff --git a/tests/cfgs/default/result/quickplay.pcap.out b/tests/cfgs/default/result/quickplay.pcap.out index a02b54194..60b2eb089 100644 --- a/tests/cfgs/default/result/quickplay.pcap.out +++ b/tests/cfgs/default/result/quickplay.pcap.out @@ -27,6 +27,9 @@ Facebook 6 1740 3 Google 2 378 1 Xiaomi 2 1469 1 +Acceptable 137 98026 13 +Fun 18 6521 8 + 1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Goodput ratio: 89/94][101.50 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/2021 3144/2862 23289/5776 4036/929][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511/933 587/1456 27/494][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV250R240/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV250R240-0023.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 3,0,0,3,1,1,0,0,0,1,0,0,0,49,1,1,7,0,1,0,0,0,0,0,3,0,0,0,3,1,0,0,0,1,1,0,3,3,0,0,0,0,0,13,0,0,0,0] 2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Goodput ratio: 89/95][109.64 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 7709/7600 23311/23043 9303/8905][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502/1143 502/1456 0/288][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0058.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,56,0,0,0,0,4,0,0,0,0,8,0,0,4,0,0,0,0,0,0,0,4,4,0,0,0,4,0,4,0,12,0,0,0,0] 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Goodput ratio: 89/95][53.74 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434/13894 23447/24732 10022/10838][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502/1174 502/1456 0/264][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0] diff --git a/tests/cfgs/default/result/radius_false_positive.pcapng.out b/tests/cfgs/default/result/radius_false_positive.pcapng.out index 59fc0c893..563387fab 100644 --- a/tests/cfgs/default/result/radius_false_positive.pcapng.out +++ b/tests/cfgs/default/result/radius_false_positive.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 2/0 (search/found) QUIC 10 7479 1 +Acceptable 10 7479 1 + 1 UDP [2bc6:b5ac:cb3b:676b::18]:443 -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff]:53129 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][10 pkts/7479 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/0 290/0 90/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 748/0 1292/0 549/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (AESGCC20at)][Plen Bins: 20,0,0,0,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/raknet.pcap.out b/tests/cfgs/default/result/raknet.pcap.out index 5a1df664d..d22b721f6 100644 --- a/tests/cfgs/default/result/raknet.pcap.out +++ b/tests/cfgs/default/result/raknet.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RakNet 66 9600 12 +Fun 66 9600 12 + 1 UDP 192.168.2.100:60689 <-> 148.153.35.205:60028 [proto: 286/RakNet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Game/8][8 pkts/2036 bytes <-> 7 pkts/577 bytes][Goodput ratio: 83/44][0.13 sec][bytes ratio: 0.558 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 14/16 30/21 11/5][Pkt Len c2s/s2c min/avg/max/stddev: 49/60 254/82 1506/152 474/31][Plen Bins: 60,20,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] 2 UDP 192.168.2.100:32951 <-> 148.153.35.205:60021 [proto: 286/RakNet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Game/8][8 pkts/2039 bytes <-> 7 pkts/563 bytes][Goodput ratio: 83/44][0.11 sec][bytes ratio: 0.567 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/12 25/21 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 49/60 255/80 1506/152 474/30][Plen Bins: 60,20,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] 3 UDP 192.168.2.100:44501 <-> 148.153.35.205:60030 [proto: 286/RakNet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Game/8][8 pkts/2039 bytes <-> 7 pkts/563 bytes][Goodput ratio: 83/44][0.14 sec][bytes ratio: 0.567 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/12 46/23 17/9][Pkt Len c2s/s2c min/avg/max/stddev: 49/60 255/80 1506/152 474/30][Plen Bins: 60,20,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] diff --git a/tests/cfgs/default/result/rdp.pcap.out b/tests/cfgs/default/result/rdp.pcap.out index f512c2a59..01a89f787 100644 --- a/tests/cfgs/default/result/rdp.pcap.out +++ b/tests/cfgs/default/result/rdp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RDP 20 3658 1 +Acceptable 20 3658 1 + 1 TCP 172.16.2.185:52494 <-> 192.168.2.142:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][13 pkts/1677 bytes <-> 7 pkts/1981 bytes][Goodput ratio: 64/84][0.37 sec][bytes ratio: -0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/43 25/56 45/86 20/16][Pkt Len c2s/s2c min/avg/max/stddev: 44/56 129/283 616/1223 152/394][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (192.168.2.142)][Plen Bins: 16,16,16,16,0,8,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rdp2.pcap.out b/tests/cfgs/default/result/rdp2.pcap.out index 77bd0190b..4af703c24 100644 --- a/tests/cfgs/default/result/rdp2.pcap.out +++ b/tests/cfgs/default/result/rdp2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RDP 39 11371 3 +Acceptable 39 11371 3 + 1 UDP 192.168.122.181:54759 <-> 192.168.122.2:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/2694 bytes <-> 2 pkts/2334 bytes][Goodput ratio: 94/96][1.76 sec][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1649 550/1649 1011/1649 418/0][Pkt Len c2s/s2c min/avg/max/stddev: 184/1060 674/1167 1274/1274 494/107][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (OKBI.HARDENING.COM)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] 2 UDP 10.50.181.210:60355 <-> 10.50.73.36:3389 [VLAN: 1108][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/1907 bytes <-> 3 pkts/1468 bytes][Goodput ratio: 90/90][0.13 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/7 41/48 80/90 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 199/64 477/489 1278/1278 463/558][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (drcsalgfc)][Plen Bins: 14,0,14,0,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0] 3 UDP 10.8.37.100:51652 <-> 10.100.2.87:3389 [VLAN: 1308][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][12 pkts/1418 bytes <-> 14 pkts/1550 bytes][Goodput ratio: 60/58][0.73 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 80/65 428/261 140/94][Pkt Len c2s/s2c min/avg/max/stddev: 64/60 118/111 384/148 82/26][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][Plen Bins: 19,46,19,11,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rdp3.pcap.out b/tests/cfgs/default/result/rdp3.pcap.out index ff7ece0c2..d97ef6a0c 100644 --- a/tests/cfgs/default/result/rdp3.pcap.out +++ b/tests/cfgs/default/result/rdp3.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RDP 30 4151 1 +Acceptable 30 4151 1 + 1 TCP 10.150.9.21:1685 <-> 10.157.4.161:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][17 pkts/2567 bytes <-> 13 pkts/1584 bytes][Goodput ratio: 63/54][0.67 sec][bytes ratio: 0.237 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 44/54 234/331 66/93][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 151/122 573/440 162/126][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (Cookie)][Plen Bins: 59,16,4,0,0,0,0,0,0,0,4,0,12,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/reasm_crash_anon.pcapng.out b/tests/cfgs/default/result/reasm_crash_anon.pcapng.out index 4ac6857a0..dfc18ae6e 100644 --- a/tests/cfgs/default/result/reasm_crash_anon.pcapng.out +++ b/tests/cfgs/default/result/reasm_crash_anon.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 200 20067 1 +Unrated 200 20067 1 + Undetected flows: diff --git a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out index 8d4ecd110..17e0e2404 100644 --- a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out +++ b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out @@ -25,4 +25,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 82 77940 1 +Acceptable 82 77940 1 + 1 TCP 172.17.36.21:57619 <-> 63.190.145.43:80 [proto: GTP:7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][DPI packets: 21][cat: Web/5][28 pkts/3184 bytes <-> 54 pkts/74756 bytes][Goodput ratio: 0/93][15.67 sec][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 448/205 1615/2133 476/518][Pkt Len c2s/s2c min/avg/max/stddev: 94/90 114/1384 130/1490 9/330][PLAIN TEXT (.iJoJJ)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,92,0,0,0,0] diff --git a/tests/cfgs/default/result/reddit.pcap.out b/tests/cfgs/default/result/reddit.pcap.out index 26f510879..b3fd5bcb4 100644 --- a/tests/cfgs/default/result/reddit.pcap.out +++ b/tests/cfgs/default/result/reddit.pcap.out @@ -33,6 +33,11 @@ Amazon 100 59185 2 Reddit 522 181584 20 GoogleServices 340 129444 5 +Safe 175 62439 7 +Acceptable 1007 390125 26 +Fun 733 252471 26 +Tracker/Ads 27 8961 1 + JA3 Host Stats: IP Address # JA3C 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 1 diff --git a/tests/cfgs/default/result/riot.pcapng.out b/tests/cfgs/default/result/riot.pcapng.out index 8a1d00afd..0180eee9e 100644 --- a/tests/cfgs/default/result/riot.pcapng.out +++ b/tests/cfgs/default/result/riot.pcapng.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 3 4242 1 RiotGames 4 4338 1 +Safe 3 4242 1 +Fun 4 4338 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/riotgames.pcap.out b/tests/cfgs/default/result/riotgames.pcap.out index cae449913..a25cedc25 100644 --- a/tests/cfgs/default/result/riotgames.pcap.out +++ b/tests/cfgs/default/result/riotgames.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Discord 4 220 2 RiotGames 40 3733 7 +Fun 44 3953 9 + 1 UDP 192.168.2.100:59956 <-> 162.249.72.1:7194 [proto: 302/RiotGames][IP: 302/RiotGames][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][10 pkts/1106 bytes <-> 5 pkts/387 bytes][Goodput ratio: 62/46][5.50 sec][bytes ratio: 0.482 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/30 684/10 1033/30 438/14][Pkt Len c2s/s2c min/avg/max/stddev: 87/75 111/77 259/87 50/5][Plen Bins: 0,93,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:49298 <-> 162.249.72.1:7194 [proto: 302/RiotGames][IP: 302/RiotGames][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][6 pkts/712 bytes <-> 9 pkts/748 bytes][Goodput ratio: 65/49][2.43 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/31 283/132 994/203 372/82][Pkt Len c2s/s2c min/avg/max/stddev: 81/66 119/83 259/181 63/35][Plen Bins: 33,54,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:50004 <-> 162.249.72.1:8181 [proto: 302/RiotGames][IP: 302/RiotGames][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/78 bytes][Goodput ratio: 46/46][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rmcp.pcap.out b/tests/cfgs/default/result/rmcp.pcap.out index 03c98298d..413bf754e 100644 --- a/tests/cfgs/default/result/rmcp.pcap.out +++ b/tests/cfgs/default/result/rmcp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RMCP 6 380 6 +Safe 6 380 6 + 1 UDP 64.240.55.240:57984 -> 30.144.16.67:623 [proto: 351/RMCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 123.212.25.229:49531 -> 171.47.173.23:623 [proto: 351/RMCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 127.36.88.103:34698 -> 164.114.97.252:623 [proto: 351/RMCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/65 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/roblox.pcapng.out b/tests/cfgs/default/result/roblox.pcapng.out index 835ab3909..bec8c7a18 100644 --- a/tests/cfgs/default/result/roblox.pcapng.out +++ b/tests/cfgs/default/result/roblox.pcapng.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found) RakNet 44 21907 3 Roblox 34 12002 1 +Fun 78 33909 4 + JA3 Host Stats: IP Address # JA3C 1 192.168.12.156 1 diff --git a/tests/cfgs/default/result/rsh-syslog-false-positive.pcap.out b/tests/cfgs/default/result/rsh-syslog-false-positive.pcap.out index aa37c1043..ff24fa901 100644 --- a/tests/cfgs/default/result/rsh-syslog-false-positive.pcap.out +++ b/tests/cfgs/default/result/rsh-syslog-false-positive.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Syslog 6 3335 1 +Acceptable 6 3335 1 + 1 TCP 172.31.78.129:9039 -> 172.29.43.201:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/3335 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.08 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 11/0 16/0 26/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 292/0 556/0 844/0 212/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (52.926451)][Plen Bins: 0,0,0,0,0,0,0,34,0,0,0,0,0,16,0,0,0,0,16,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rsh.pcap.out b/tests/cfgs/default/result/rsh.pcap.out index 0e66de8a6..a8783d817 100644 --- a/tests/cfgs/default/result/rsh.pcap.out +++ b/tests/cfgs/default/result/rsh.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) RSH 24 1721 2 +Unsafe 24 1721 2 + 1 TCP 127.0.0.1:1021 <-> 127.0.0.1:514 [proto: 294/RSH][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: RemoteAccess/12][7 pkts/508 bytes <-> 5 pkts/356 bytes][Goodput ratio: 7/5][1.43 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/16 286/477 1414/1414 564/663][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/71 99/84 11/7][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: User 'someuser' executing 'some random command'][PLAIN TEXT (someuser)][Plen Bins: 66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:1023 <-> 127.0.0.1:514 [proto: 294/RSH][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: RemoteAccess/12][7 pkts/498 bytes <-> 5 pkts/359 bytes][Goodput ratio: 6/6][1.31 sec][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/15 262/437 1295/1295 517/607][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/72 89/87 8/8][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: User 'root' executing 'mkdir testdir'][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rsync.pcap.out b/tests/cfgs/default/result/rsync.pcap.out index cb0fdbd5b..b8b682fc5 100644 --- a/tests/cfgs/default/result/rsync.pcap.out +++ b/tests/cfgs/default/result/rsync.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RSYNC 30 2493 1 +Acceptable 30 2493 1 + 1 TCP 127.0.0.1:54489 <-> 127.0.0.1:873 [proto: 166/RSYNC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][16 pkts/1150 bytes <-> 14 pkts/1343 bytes][Goodput ratio: 7/31][0.14 sec][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 39/39 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/96 101/412 9/88][PLAIN TEXT (@RSYNCD)][Plen Bins: 87,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/tests/cfgs/default/result/rtcp_multiple_pkts_in_the_same_datagram.pcap.out index bf33db876..d3ae3238e 100644 --- a/tests/cfgs/default/result/rtcp_multiple_pkts_in_the_same_datagram.pcap.out +++ b/tests/cfgs/default/result/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTCP 5 740 1 +Acceptable 5 740 1 + 1 UDP 217.12.244.34:25963 <-> 217.12.247.98:31601 [proto: 165/RTCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/468 bytes <-> 2 pkts/272 bytes][Goodput ratio: 72/67][8.04 sec][PLAIN TEXT (931534)][Plen Bins: 0,0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtmp.pcap.out b/tests/cfgs/default/result/rtmp.pcap.out index bca763506..c34cdf396 100644 --- a/tests/cfgs/default/result/rtmp.pcap.out +++ b/tests/cfgs/default/result/rtmp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTMP 26 8368 1 +Acceptable 26 8368 1 + 1 TCP 192.168.43.1:1177 <-> 192.168.43.128:1935 [proto: 174/RTMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Media/1][12 pkts/4108 bytes <-> 14 pkts/4260 bytes][Goodput ratio: 84/82][1.04 sec][bytes ratio: -0.018 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 83/75 334/230 119/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 342/304 1514/1514 531/465][PLAIN TEXT (ace@nAt)][Plen Bins: 7,21,14,0,7,7,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,21,0,0] diff --git a/tests/cfgs/default/result/rtp.pcapng.out b/tests/cfgs/default/result/rtp.pcapng.out index 73f37ba02..f0359a2cf 100644 --- a/tests/cfgs/default/result/rtp.pcapng.out +++ b/tests/cfgs/default/result/rtp.pcapng.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) Discord 30 16092 1 RTP 45 20619 2 +Acceptable 45 20619 2 +Fun 30 16092 1 + 1 UDP 10.204.220.71:6000 -> 10.204.220.171:6000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][15 pkts/18438 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 25/0 77/0 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 1229/0 1486/0 467/0][Plen Bins: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,68,0,0] 2 UDP 150.219.118.19:54234 <-> 192.113.193.227:50003 [proto: 58/Discord][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Collaborative/15][11 pkts/1455 bytes <-> 19 pkts/14637 bytes][Goodput ratio: 68/95][0.14 sec][Client IP: 85.154.2.145][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 36/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/116 132/770 207/1146 54/475][PLAIN TEXT (85.154.2.145)][Plen Bins: 0,20,6,20,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,13,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtps.pcap.out b/tests/cfgs/default/result/rtps.pcap.out index 90da2defa..949a0b993 100644 --- a/tests/cfgs/default/result/rtps.pcap.out +++ b/tests/cfgs/default/result/rtps.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTPS 29 22382 1 +Acceptable 29 22382 1 + 1 UDP 127.0.0.1:28108 -> 127.0.0.1:7410 [proto: 359/RTPS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][29 pkts/22382 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][490.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1000/0 17655/0 30000/0 13497/0][Pkt Len c2s/s2c min/avg/max/stddev: 58/0 772/0 822/0 185/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (dds.sys)][Plen Bins: 3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtsp.pcap.out b/tests/cfgs/default/result/rtsp.pcap.out index 353c27b85..d464816b1 100644 --- a/tests/cfgs/default/result/rtsp.pcap.out +++ b/tests/cfgs/default/result/rtsp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RTSP 568 100872 7 +Fun 568 100872 7 + 1 TCP 10.1.1.10:52478 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 21][cat: Media/1][44 pkts/6374 bytes <-> 60 pkts/11092 bytes][Goodput ratio: 59/68][59.02 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1730/3 58323/42 9852/8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 145/185 257/751 77/190][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.1.1.10:52472 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 56 pkts/10878 bytes][Goodput ratio: 62/70][58.23 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1872/2 58022/20 10252/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/194 258/751 77/194][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.1.1.10:52480 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 52 pkts/10628 bytes][Goodput ratio: 62/71][59.74 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1921/2 59529/21 10518/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/204 258/751 77/198][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtsp_setup_http.pcapng.out b/tests/cfgs/default/result/rtsp_setup_http.pcapng.out index 2b5a87936..98e3e39a7 100644 --- a/tests/cfgs/default/result/rtsp_setup_http.pcapng.out +++ b/tests/cfgs/default/result/rtsp_setup_http.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTSP 1 233 1 +Fun 1 233 1 + 1 TCP 172.28.5.170:63840 -> 172.28.4.26:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (SETUP rtsp)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rx.pcap.out b/tests/cfgs/default/result/rx.pcap.out index 9a2ce20fc..bd1b51c6a 100644 --- a/tests/cfgs/default/result/rx.pcap.out +++ b/tests/cfgs/default/result/rx.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) RX 132 26475 5 +Acceptable 132 26475 5 + 1 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RPC/16][48 pkts/6808 bytes <-> 31 pkts/5568 bytes][Goodput ratio: 70/77][20.45 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 509/13 19828/65 3094/18][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 142/180 510/782 117/123][PLAIN TEXT (UZ.SNS.IT)][Plen Bins: 2,26,41,0,17,6,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RPC/16][18 pkts/1833 bytes <-> 9 pkts/8086 bytes][Goodput ratio: 59/95][0.72 sec][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/20 47/76 240/282 63/93][Pkt Len c2s/s2c min/avg/max/stddev: 82/130 102/898 134/1118 15/411][PLAIN TEXT (root.cell)][Plen Bins: 0,25,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RPC/16][10 pkts/2085 bytes <-> 10 pkts/1057 bytes][Goodput ratio: 80/60][20.17 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 2520/4 19845/17 6549/5][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 208/106 510/198 183/34][PLAIN TEXT (UZ.SNS.IT)][Plen Bins: 10,30,40,0,5,0,0,0,0,0,0,0,5,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/s7comm-plus.pcap.out b/tests/cfgs/default/result/s7comm-plus.pcap.out index 2b4d73ecb..520e3da5e 100644 --- a/tests/cfgs/default/result/s7comm-plus.pcap.out +++ b/tests/cfgs/default/result/s7comm-plus.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) S7CommPlus 79 10271 1 +Acceptable 79 10271 1 + 1 TCP 192.168.25.177:53162 <-> 192.168.25.131:102 [proto: 361/S7CommPlus][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: IoT-Scada/31][54 pkts/6194 bytes <-> 25 pkts/4077 bytes][Goodput ratio: 53/65][7.11 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/276 995/964 315/396][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/163 395/351 76/132][PLAIN TEXT (SIMATIC)][Plen Bins: 42,6,28,3,1,0,3,0,0,12,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/s7comm.pcap.out b/tests/cfgs/default/result/s7comm.pcap.out index 499c65979..a7924aef1 100644 --- a/tests/cfgs/default/result/s7comm.pcap.out +++ b/tests/cfgs/default/result/s7comm.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) S7Comm 55 5260 1 +Acceptable 55 5260 1 + 1 TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: IoT-Scada/31][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/safari.pcap.out b/tests/cfgs/default/result/safari.pcap.out index 5135a5ad3..f1f12a2fb 100644 --- a/tests/cfgs/default/result/safari.pcap.out +++ b/tests/cfgs/default/result/safari.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 168 83390 7 +Safe 168 83390 7 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/salesforce.pcap.out b/tests/cfgs/default/result/salesforce.pcap.out index 7e2c3a00b..798697173 100644 --- a/tests/cfgs/default/result/salesforce.pcap.out +++ b/tests/cfgs/default/result/salesforce.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Salesforce 15 5205 1 +Safe 15 5205 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 1 diff --git a/tests/cfgs/default/result/sccp_hw_conf_register.pcapng.out b/tests/cfgs/default/result/sccp_hw_conf_register.pcapng.out index 08a54376c..83023d1eb 100644 --- a/tests/cfgs/default/result/sccp_hw_conf_register.pcapng.out +++ b/tests/cfgs/default/result/sccp_hw_conf_register.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) CiscoSkinny 17 1522 1 +Acceptable 17 1522 1 + 1 TCP 10.180.110.58:46461 <-> 10.180.110.48:2000 [proto: 164/CiscoSkinny][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: VoIP/10][8 pkts/932 bytes <-> 9 pkts/590 bytes][Goodput ratio: 53/17][0.24 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 40/29 202/199 74/70][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 116/66 370/86 105/13][PLAIN TEXT (NONSECURE)][Plen Bins: 63,12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/sctp.cap.out b/tests/cfgs/default/result/sctp.cap.out index 50b58d8de..b71fbb094 100644 --- a/tests/cfgs/default/result/sctp.cap.out +++ b/tests/cfgs/default/result/sctp.cap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) SCTP 4 340 2 +Acceptable 4 340 2 + 1 SCTP 10.28.6.43:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/138 bytes <-> 1 pkts/62 bytes][Goodput ratio: 0/0][< 1 sec][PLAIN TEXT (MEGACO/2 )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 SCTP 10.28.6.42:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes <-> 1 pkts/70 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/selfsigned.pcap.out b/tests/cfgs/default/result/selfsigned.pcap.out index 380ad5187..cbc3d421e 100644 --- a/tests/cfgs/default/result/selfsigned.pcap.out +++ b/tests/cfgs/default/result/selfsigned.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) ntop 20 3766 1 +Safe 20 3766 1 + JA3 Host Stats: IP Address # JA3C 1 127.0.0.1 1 diff --git a/tests/cfgs/default/result/sflow.pcap.out b/tests/cfgs/default/result/sflow.pcap.out index bf5cce2cd..2345ba47a 100644 --- a/tests/cfgs/default/result/sflow.pcap.out +++ b/tests/cfgs/default/result/sflow.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) sFlow 9 1702 1 +Acceptable 9 1702 1 + 1 UDP 172.21.35.17:1027 -> 172.21.35.199:6343 [proto: 129/sFlow][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][9 pkts/1702 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][109.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6002/0 13626/0 19002/0 4554/0][Pkt Len c2s/s2c min/avg/max/stddev: 186/0 189/0 214/0 9/0][PLAIN TEXT (abcdefghijklmnopq)][Plen Bins: 0,0,0,0,88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/shadowsocks.pcap.out b/tests/cfgs/default/result/shadowsocks.pcap.out index 844c7d0eb..664880c6c 100644 --- a/tests/cfgs/default/result/shadowsocks.pcap.out +++ b/tests/cfgs/default/result/shadowsocks.pcap.out @@ -25,6 +25,9 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 15 68444 1 SOCKS 29 69355 1 +Acceptable 29 69355 1 +Unrated 15 68444 1 + 1 TCP 127.0.0.1:37904 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/1160 bytes <-> 13 pkts/68195 bytes][Goodput ratio: 8/99][1.49 sec][bytes ratio: -0.967 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 114/160 659/660 191/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/5246 148/16450 20/7185][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 33,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41] diff --git a/tests/cfgs/default/result/signal.pcap.out b/tests/cfgs/default/result/signal.pcap.out index 8cf89fbb6..c5364ca49 100644 --- a/tests/cfgs/default/result/signal.pcap.out +++ b/tests/cfgs/default/result/signal.pcap.out @@ -30,6 +30,10 @@ ICMP 1 70 1 TLS 28 2022 3 AppleiTunes 90 29795 2 +Safe 28 2022 3 +Acceptable 7 1624 3 +Fun 602 312122 13 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.17 3 diff --git a/tests/cfgs/default/result/simple-dnscrypt.pcap.out b/tests/cfgs/default/result/simple-dnscrypt.pcap.out index 94aa8066e..63522ed11 100644 --- a/tests/cfgs/default/result/simple-dnscrypt.pcap.out +++ b/tests/cfgs/default/result/simple-dnscrypt.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNScrypt 111 44676 4 +Acceptable 111 44676 4 + JA3 Host Stats: IP Address # JA3C 1 192.168.43.167 2 diff --git a/tests/cfgs/default/result/sip.pcap.out b/tests/cfgs/default/result/sip.pcap.out index 57c833bd5..6cb64493e 100644 --- a/tests/cfgs/default/result/sip.pcap.out +++ b/tests/cfgs/default/result/sip.pcap.out @@ -25,6 +25,8 @@ RTP 9 1926 1 SIP 102 47087 2 RTCP 1 146 1 +Acceptable 112 49159 4 + 1 UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][53 pkts/21940 bytes <-> 31 pkts/15635 bytes][Goodput ratio: 90/92][1521.57 sec][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 158/13 25541/22026 150200/89874 25265/23489][Pkt Len c2s/s2c min/avg/max/stddev: 47/342 414/504 1118/711 343/85][PLAIN TEXT (REGISTER sip)][Plen Bins: 26,0,0,0,0,0,0,0,0,4,8,0,2,4,13,17,0,0,3,0,1,10,0,0,0,5,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][15 pkts/7568 bytes <-> 3 pkts/1944 bytes][Goodput ratio: 92/93][67.09 sec][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 507/34556 4746/34556 32608/34556 8188/0][Pkt Len c2s/s2c min/avg/max/stddev: 389/637 505/648 864/656 180/8][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,5,62,0,0,0,0,0,0,5,11,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 20/0 69/0 23/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (VRUDKBuYs)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/sip_hello.pcapng.out b/tests/cfgs/default/result/sip_hello.pcapng.out index 6d15cec05..2c8911a3f 100644 --- a/tests/cfgs/default/result/sip_hello.pcapng.out +++ b/tests/cfgs/default/result/sip_hello.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SIP 30 5592 1 +Acceptable 30 5592 1 + 1 UDP 10.239.156.235:5060 <-> 172.29.38.91:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: VoIP/10][15 pkts/2691 bytes <-> 15 pkts/2901 bytes][Goodput ratio: 73/75][491.56 sec][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 67/59 36861/36861 49155/49155 16718/16727][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 179/193 555/661 205/233][PLAIN TEXT (oREGISTER sip)][Plen Bins: 74,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/sites.pcapng.out b/tests/cfgs/default/result/sites.pcapng.out index 20ce3e4f5..a0114b7ce 100644 --- a/tests/cfgs/default/result/sites.pcapng.out +++ b/tests/cfgs/default/result/sites.pcapng.out @@ -66,6 +66,11 @@ Badoo 4 2145 1 AccuWeather 30 8562 1 GoogleClassroom 1 1292 1 +Safe 86 43868 8 +Acceptable 113 55431 17 +Fun 317 169650 21 +Potentially Dangerous 4 2225 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 5 diff --git a/tests/cfgs/default/result/skinny.pcap.out b/tests/cfgs/default/result/skinny.pcap.out index 1b68b2a05..95f2bff63 100644 --- a/tests/cfgs/default/result/skinny.pcap.out +++ b/tests/cfgs/default/result/skinny.pcap.out @@ -27,6 +27,8 @@ ICMP 2 140 1 RTP 2871 614394 5 CiscoSkinny 94 10114 3 +Acceptable 2967 624648 9 + 1 UDP 192.168.195.58:32144 <-> 192.168.195.50:17718 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][730 pkts/156220 bytes <-> 712 pkts/152368 bytes][Goodput ratio: 80/80][7.28 sec][bytes ratio: 0.012 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 20/20 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 214/214 214/214 214/214 0/0][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.195.58:32150 -> 192.168.193.24:9395 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][365 pkts/78110 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][7.28 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.195.58:32152 -> 192.168.193.24:9396 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][356 pkts/76184 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][7.10 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (wskptvv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/skype-conference-call.pcap.out b/tests/cfgs/default/result/skype-conference-call.pcap.out index 24c53c681..4947b08bd 100644 --- a/tests/cfgs/default/result/skype-conference-call.pcap.out +++ b/tests/cfgs/default/result/skype-conference-call.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Skype_TeamsCall 200 39687 1 +Acceptable 200 39687 1 + 1 UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][133 pkts/24845 bytes <-> 67 pkts/14842 bytes][Goodput ratio: 78/81][1.50 sec][bytes ratio: 0.252 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/8 147/120 22/27][Pkt Len c2s/s2c min/avg/max/stddev: 74/77 187/222 957/957 244/233][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,41,17,28,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/skype.pcap.out b/tests/cfgs/default/result/skype.pcap.out index c7d6c5860..256624b52 100644 --- a/tests/cfgs/default/result/skype.pcap.out +++ b/tests/cfgs/default/result/skype.pcap.out @@ -43,6 +43,11 @@ Spotify 5 430 1 Microsoft 14 1302 2 NAT-PMP 8 432 2 +Safe 488 54927 35 +Acceptable 1009 307083 198 +Fun 5 430 1 +Unrated 1567 272044 59 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.34 3 diff --git a/tests/cfgs/default/result/skype_no_unknown.pcap.out b/tests/cfgs/default/result/skype_no_unknown.pcap.out index 6884b86a0..1fcb62032 100644 --- a/tests/cfgs/default/result/skype_no_unknown.pcap.out +++ b/tests/cfgs/default/result/skype_no_unknown.pcap.out @@ -41,6 +41,11 @@ Dropbox 8 4352 4 Skype_Teams 518 198936 25 NAT-PMP 4 216 1 +Safe 474 102723 29 +Acceptable 754 231749 191 +Dangerous 5 1100 3 +Unrated 846 152252 44 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.34 3 diff --git a/tests/cfgs/default/result/skype_udp.pcap.out b/tests/cfgs/default/result/skype_udp.pcap.out index 3f2211ea7..9f88b8de0 100644 --- a/tests/cfgs/default/result/skype_udp.pcap.out +++ b/tests/cfgs/default/result/skype_udp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Skype_TeamsCall 5 339 1 +Acceptable 5 339 1 + 1 UDP 192.168.1.2:35990 <-> 24.224.190.149:39262 [proto: 125.38/Skype_Teams.Skype_TeamsCall][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: VoIP/10][4 pkts/279 bytes <-> 1 pkts/60 bytes][Goodput ratio: 40/30][72.51 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smb_deletefile.pcap.out b/tests/cfgs/default/result/smb_deletefile.pcap.out index 94fbd7177..3a98de574 100644 --- a/tests/cfgs/default/result/smb_deletefile.pcap.out +++ b/tests/cfgs/default/result/smb_deletefile.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMBv23 101 30748 1 +Acceptable 101 30748 1 + 1 TCP 192.168.1.118:56848 <-> 192.168.1.187:445 [proto: 10.41/NetBIOS.SMBv23][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][62 pkts/14382 bytes <-> 39 pkts/16366 bytes][Goodput ratio: 77/87][2.38 sec][bytes ratio: -0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/80 2157/2158 299/394][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 232/420 530/1514 194/299][Plen Bins: 0,0,4,7,1,0,1,1,0,1,7,9,20,21,6,13,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0] diff --git a/tests/cfgs/default/result/smb_frags.pcap.out b/tests/cfgs/default/result/smb_frags.pcap.out index f8472bd0b..f54b7a6a8 100644 --- a/tests/cfgs/default/result/smb_frags.pcap.out +++ b/tests/cfgs/default/result/smb_frags.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMBv1 8 2763 1 +Dangerous 8 2763 1 + 1 TCP 10.202.211.125:54120 <-> 10.202.7.8:445 [VLAN: 1608][proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: System/18][5 pkts/2009 bytes <-> 3 pkts/754 bytes][Goodput ratio: 82/71][0.58 sec][bytes ratio: 0.454 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/94 144/238 387/383 145/144][Pkt Len c2s/s2c min/avg/max/stddev: 70/78 402/251 1438/397 525/132][Risk: ** Known Proto on Non Std Port **** SMB Insecure Vers **** Unsafe Protocol **][Risk Score: 160][Risk Info: Found SMBv1 / Expected on port 139][PLAIN TEXT (defined.12)][Plen Bins: 0,20,0,0,0,0,20,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smbv1.pcap.out b/tests/cfgs/default/result/smbv1.pcap.out index dd7e98c73..48430b9b5 100644 --- a/tests/cfgs/default/result/smbv1.pcap.out +++ b/tests/cfgs/default/result/smbv1.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMBv1 7 1197 1 +Dangerous 7 1197 1 + 1 TCP 172.16.156.130:50927 <-> 10.128.0.243:445 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: System/18][4 pkts/669 bytes <-> 3 pkts/528 bytes][Goodput ratio: 68/69][0.10 sec][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 27/34 32/35 37/36 4/1][Pkt Len c2s/s2c min/avg/max/stddev: 136/114 167/176 194/243 26/53][Risk: ** Known Proto on Non Std Port **** SMB Insecure Vers **** Unsafe Protocol **][Risk Score: 160][Risk Info: Found SMBv1 / Expected on port 139][PLAIN TEXT (PC NETWORK PROGRAM 1.0)][Plen Bins: 0,14,28,14,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smpp_in_general.pcap.out b/tests/cfgs/default/result/smpp_in_general.pcap.out index 0ea8a1dff..6e241c94a 100644 --- a/tests/cfgs/default/result/smpp_in_general.pcap.out +++ b/tests/cfgs/default/result/smpp_in_general.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMPP 17 1144 1 +Acceptable 17 1144 1 + 1 TCP 10.226.202.118:1770 <-> 10.226.202.53:9000 [proto: 207/SMPP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][10 pkts/670 bytes <-> 7 pkts/474 bytes][Goodput ratio: 18/16][30.95 sec][bytes ratio: 0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3848/7230 28802/28906 9451/12515][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 67/68 104/79 17/7][PLAIN TEXT (password)][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smtp-starttls.pcap.out b/tests/cfgs/default/result/smtp-starttls.pcap.out index f513887e9..2f3ae7787 100644 --- a/tests/cfgs/default/result/smtp-starttls.pcap.out +++ b/tests/cfgs/default/result/smtp-starttls.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 2/0 (search/found) SMTPS 33 6429 1 Google 36 8403 1 +Safe 33 6429 1 +Acceptable 36 8403 1 + JA3 Host Stats: IP Address # JA3C 1 10.0.0.1 1 diff --git a/tests/cfgs/default/result/smtp.pcap.out b/tests/cfgs/default/result/smtp.pcap.out index f131f9fc9..31567fa32 100644 --- a/tests/cfgs/default/result/smtp.pcap.out +++ b/tests/cfgs/default/result/smtp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SMTP 95 23157 1 +Acceptable 95 23157 1 + 1 TCP 194.7.248.153:2127 <-> 172.16.114.207:25 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Email/3][51 pkts/19311 bytes <-> 44 pkts/3846 bytes][Goodput ratio: 86/37][0.23 sec][Hostname/SNI: pigeon.eyrie.af.mil][bytes ratio: 0.668 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 5/6 67/68 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 379/87 1514/138 562/15][PLAIN TEXT (220 pigeon.eyrie.af.mil ESMTP S)][Plen Bins: 8,78,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,10,0,0] diff --git a/tests/cfgs/default/result/smtps.pcapng.out b/tests/cfgs/default/result/smtps.pcapng.out index da23a80b6..26adaaa4b 100644 --- a/tests/cfgs/default/result/smtps.pcapng.out +++ b/tests/cfgs/default/result/smtps.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SMTPS 4 936 1 +Safe 4 936 1 + JA3 Host Stats: IP Address # JA3C 1 62.43.36.99 1 diff --git a/tests/cfgs/default/result/snapchat.pcap.out b/tests/cfgs/default/result/snapchat.pcap.out index 77f064d79..bccec9a8f 100644 --- a/tests/cfgs/default/result/snapchat.pcap.out +++ b/tests/cfgs/default/result/snapchat.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 22 2879 1 Snapchat 34 7320 2 +Safe 22 2879 1 +Fun 34 7320 2 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 2 diff --git a/tests/cfgs/default/result/snapchat_call.pcapng.out b/tests/cfgs/default/result/snapchat_call.pcapng.out index 42d41a50e..14c5d8a59 100644 --- a/tests/cfgs/default/result/snapchat_call.pcapng.out +++ b/tests/cfgs/default/result/snapchat_call.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SnapchatCall 50 12772 1 +Acceptable 50 12772 1 + 1 UDP 192.168.12.169:42083 <-> 18.184.138.142:443 [proto: 188.255/QUIC.SnapchatCall][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 20][cat: VoIP/10][25 pkts/5295 bytes <-> 25 pkts/7477 bytes][Goodput ratio: 80/86][8.29 sec][bytes ratio: -0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/246 1313/1315 376/342][Pkt Len c2s/s2c min/avg/max/stddev: 65/62 212/299 1392/1392 365/419][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][QUIC ver: Q046][PLAIN TEXT (AESGCC20)][Plen Bins: 28,44,0,2,2,0,0,2,4,4,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] diff --git a/tests/cfgs/default/result/snapchat_call_v1.pcapng.out b/tests/cfgs/default/result/snapchat_call_v1.pcapng.out index b9bed5cc9..f5d749917 100644 --- a/tests/cfgs/default/result/snapchat_call_v1.pcapng.out +++ b/tests/cfgs/default/result/snapchat_call_v1.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SnapchatCall 477 365314 1 +Acceptable 477 365314 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.12.169 1 diff --git a/tests/cfgs/default/result/snmp.pcap.out b/tests/cfgs/default/result/snmp.pcap.out index 4b3e5c7de..ff99d904e 100644 --- a/tests/cfgs/default/result/snmp.pcap.out +++ b/tests/cfgs/default/result/snmp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SNMP 72 14435 17 +Acceptable 72 14435 17 + 1 UDP 10.99.8.88:43242 <-> 10.100.253.146:161 [VLAN: 1308][proto: 14/SNMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][3 pkts/2367 bytes <-> 3 pkts/1502 bytes][Goodput ratio: 94/91][0.11 sec][bytes ratio: 0.224 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/18 44/20 67/21 23/2][Pkt Len c2s/s2c min/avg/max/stddev: 611/75 789/501 1143/717 250/301][Risk: ** Error Code **][Risk Score: 10][Risk Info: SNMP Error 1][PLAIN TEXT (public)][Plen Bins: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 131.179.49.165:35970 <-> 254.158.1.169:161 [proto: 14/SNMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/462 bytes <-> 3 pkts/534 bytes][Goodput ratio: 73/76][0.43 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 143/142 144/144 145/146 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 106/147 154/178 178/198 34/22][Plen Bins: 0,0,16,16,67,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 131.179.49.165:60694 <-> 254.158.1.169:161 [proto: 14/SNMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/462 bytes <-> 3 pkts/527 bytes][Goodput ratio: 73/76][0.43 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 117/150 134/154 150/158 16/4][Pkt Len c2s/s2c min/avg/max/stddev: 106/147 154/176 178/191 34/20][Plen Bins: 0,0,16,16,67,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/soap.pcap.out b/tests/cfgs/default/result/soap.pcap.out index 229765f01..9e4374981 100644 --- a/tests/cfgs/default/result/soap.pcap.out +++ b/tests/cfgs/default/result/soap.pcap.out @@ -27,6 +27,8 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 14 5498 1 SOAP 6 5450 2 +Acceptable 20 10948 3 + 1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 14][cat: Web/5][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] 2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 253/SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: RPC/16][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.253/HTTP.SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/default/result/socks.pcap.out b/tests/cfgs/default/result/socks.pcap.out index 5a0d5c97f..c47ca209f 100644 --- a/tests/cfgs/default/result/socks.pcap.out +++ b/tests/cfgs/default/result/socks.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) SOCKS 60 10559 4 +Acceptable 60 10559 4 + 1 TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] 2 TCP 10.180.156.185:53534 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/711 bytes <-> 7 pkts/2069 bytes][Goodput ratio: 24/77][0.05 sec][bytes ratio: -0.488 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/12 47/46 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/296 212/1514 47/500][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 3 TCP 10.180.156.185:53533 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/695 bytes <-> 6 pkts/2003 bytes][Goodput ratio: 22/80][0.01 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 3/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/334 212/1514 48/530][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] diff --git a/tests/cfgs/default/result/softether.pcap.out b/tests/cfgs/default/result/softether.pcap.out index a6f980bcf..b9d354b39 100644 --- a/tests/cfgs/default/result/softether.pcap.out +++ b/tests/cfgs/default/result/softether.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Softether 177 21287 4 +Acceptable 177 21287 4 + 1 UDP 192.168.2.100:51381 <-> 130.158.6.113:5004 [proto: 290/Softether][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: VPN/2][60 pkts/6549 bytes <-> 53 pkts/6612 bytes][Goodput ratio: 62/66][15284492.00 sec][Client IP: 90.186.132.133][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 96258056/107928440 3621430369/3621456266 526500672/568478016][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 109/125 522/370 160/114][PLAIN TEXT (90.186.132.133)][Plen Bins: 84,0,0,1,0,0,0,0,1,0,7,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:51381 <-> 130.158.6.105:5004 [proto: 290/Softether][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: VPN/2][16 pkts/2201 bytes <-> 14 pkts/2116 bytes][Goodput ratio: 69/72][238448.62 sec][Client IP: 84.59.132.100][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: 0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18338798/21672040 238159482/238187129 63456764/68468080][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 138/151 522/368 183/130][PLAIN TEXT (opcode)][Plen Bins: 74,0,0,3,0,0,0,0,3,0,10,0,0,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:51381 <-> 130.158.6.112:5004 [proto: 290/Softether][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 17][cat: VPN/2][16 pkts/1167 bytes <-> 14 pkts/1250 bytes][Goodput ratio: 42/53][117087.70 sec][Client IP: 2.207.60.163][Client Port: 51381][bytes ratio: -0.034 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5948/21107 9003169/10639145 116754845/116778948 31105232/33564352][Pkt Len c2s/s2c min/avg/max/stddev: 43/68 73/89 522/366 116/77][PLAIN TEXT (2.207.60.163)][Plen Bins: 93,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/someip-tp.pcap.out b/tests/cfgs/default/result/someip-tp.pcap.out index 85ed1d739..d041b79a7 100644 --- a/tests/cfgs/default/result/someip-tp.pcap.out +++ b/tests/cfgs/default/result/someip-tp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SOMEIP 9 12850 1 +Acceptable 9 12850 1 + 1 UDP 10.0.1.207:56772 -> 10.0.1.1:18193 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][9 pkts/12850 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.10 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 12/0 20/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 1218/0 1428/0 1454/0 74/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (./0123456789)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,88,0,0,0] diff --git a/tests/cfgs/default/result/someip-udp-method-call.pcapng.out b/tests/cfgs/default/result/someip-udp-method-call.pcapng.out index 1cf57bbda..922337119 100644 --- a/tests/cfgs/default/result/someip-udp-method-call.pcapng.out +++ b/tests/cfgs/default/result/someip-udp-method-call.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) SOMEIP 3 504 2 +Acceptable 3 504 2 + 1 UDP 192.168.0.1:49190 -> 224.0.0.1:49190 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.0.125:49191 <-> 192.168.0.1:49201 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/67 bytes <-> 1 pkts/67 bytes][Goodput ratio: 37/37][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/someip_sd_sample.pcap.out b/tests/cfgs/default/result/someip_sd_sample.pcap.out index e3c08e327..25295b159 100644 --- a/tests/cfgs/default/result/someip_sd_sample.pcap.out +++ b/tests/cfgs/default/result/someip_sd_sample.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) SOMEIP 6 660 2 +Acceptable 6 660 2 + 1 UDP 192.168.88.77:30490 <-> 192.168.88.73:30490 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/228 bytes <-> 2 pkts/204 bytes][Goodput ratio: 49/43][0.80 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.88.73:30490 -> 235.2.3.5:30490 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/228 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][0.80 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/source_engine.pcap.out b/tests/cfgs/default/result/source_engine.pcap.out index 6b2c75391..768543e09 100644 --- a/tests/cfgs/default/result/source_engine.pcap.out +++ b/tests/cfgs/default/result/source_engine.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Source_Engine 17 1139 17 +Fun 17 1139 17 + 1 UDP 118.149.186.147:21285 -> 206.125.246.214:27015 [proto: 333/Source_Engine][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 140.151.209.84:8335 -> 206.125.246.214:27015 [proto: 333/Source_Engine][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 151.182.246.17:17890 -> 206.125.246.221:27015 [proto: 333/Source_Engine][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/spotify_tcp.pcap.out b/tests/cfgs/default/result/spotify_tcp.pcap.out index 6d8bbd1c4..623cb2061 100644 --- a/tests/cfgs/default/result/spotify_tcp.pcap.out +++ b/tests/cfgs/default/result/spotify_tcp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Spotify 10 3370 1 +Fun 10 3370 1 + 1 TCP 10.0.2.15:48628 <-> 35.190.243.72:4070 [proto: 156/Spotify][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Music/25][5 pkts/1094 bytes <-> 5 pkts/2276 bytes][Goodput ratio: 72/88][0.19 sec][bytes ratio: -0.351 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/33 30/42 63/71 23/28][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 219/455 517/1514 194/569][Plen Bins: 0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] diff --git a/tests/cfgs/default/result/sql_injection.pcap.out b/tests/cfgs/default/result/sql_injection.pcap.out index 5355d5d54..033d6ccf4 100644 --- a/tests/cfgs/default/result/sql_injection.pcap.out +++ b/tests/cfgs/default/result/sql_injection.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 5 2748 1 +Acceptable 5 2748 1 + 1 TCP 192.168.3.109:53528 <-> 192.168.3.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/823 bytes <-> 3 pkts/1925 bytes][Goodput ratio: 84/90][0.00 sec][Hostname/SNI: 192.168.3.107][URL: 192.168.3.107/DVWA-master/vulnerabilities/sqli/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 160][Risk Info: Found host 192.168.3.107][PLAIN TEXT (GET /DV)][Plen Bins: 0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] diff --git a/tests/cfgs/default/result/srvloc-v1.pcapng.out b/tests/cfgs/default/result/srvloc-v1.pcapng.out index 32dc901aa..1485af09e 100644 --- a/tests/cfgs/default/result/srvloc-v1.pcapng.out +++ b/tests/cfgs/default/result/srvloc-v1.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) Service_Location_Protocol 2 490 2 +Acceptable 2 490 2 + 1 UDP 23.220.116.175:427 -> 192.168.199.71:57782 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/404 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (Stella4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 250.83.105.78:51708 -> 172.30.246.115:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (service)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/srvloc.pcap.out b/tests/cfgs/default/result/srvloc.pcap.out index a5b1a0875..c9e6ccb9a 100644 --- a/tests/cfgs/default/result/srvloc.pcap.out +++ b/tests/cfgs/default/result/srvloc.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Service_Location_Protocol 629 57125 620 +Acceptable 629 57125 620 + 1 UDP 45.124.147.156:50663 -> 165.114.202.61:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][URL(s): slpTest://test:31337/][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (slpTest)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 20.133.112.32:11510 -> 165.114.202.61:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/192 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (service)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 42.224.153.12:15346 -> 90.147.171.51:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/192 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (service)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ssdp-m-search-ua.pcap.out b/tests/cfgs/default/result/ssdp-m-search-ua.pcap.out index 1a362bc53..cf616da1d 100644 --- a/tests/cfgs/default/result/ssdp-m-search-ua.pcap.out +++ b/tests/cfgs/default/result/ssdp-m-search-ua.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SSDP 4 864 1 +Acceptable 4 864 1 + 1 UDP 192.168.242.50:56446 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][Hostname/SNI: 239.255.255.250:1900][User-Agent: Google Chrome/99.0.4844.74 Mac OS X][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ssdp-m-search.pcap.out b/tests/cfgs/default/result/ssdp-m-search.pcap.out index 1394f0c56..7d11cbea7 100644 --- a/tests/cfgs/default/result/ssdp-m-search.pcap.out +++ b/tests/cfgs/default/result/ssdp-m-search.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SSDP 19 1197 1 +Acceptable 19 1197 1 + 1 UDP 192.168.242.8:42253 -> 192.168.242.255:32412 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][19 pkts/1197 bytes -> 0 pkts/0 bytes][Goodput ratio: 33/0][90.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4999/0 4999/0 5000/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 63/0 63/0 63/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ssh.pcap.out b/tests/cfgs/default/result/ssh.pcap.out index 7491b762d..c5295e4f2 100644 --- a/tests/cfgs/default/result/ssh.pcap.out +++ b/tests/cfgs/default/result/ssh.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) SSH 258 35546 1 +Acceptable 258 35546 1 + 1 TCP 172.16.238.1:58395 <-> 172.16.238.168:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 10][cat: RemoteAccess/12][159 pkts/15615 bytes <-> 99 pkts/19931 bytes][Goodput ratio: 33/67][248.48 sec][Hostname/SNI: SSH-2.0-OpenSSH_5.3][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1846/2934 166223/166224 14794/19692][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/201 970/1346 83/283][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **][Risk Score: 150][Risk Info: Found cipher arcfour128 / Found cipher arcfour128][HASSH-C: 21B457A327CE7A2D4FCE5EF2C42400BD][Server: SSH-2.0-OpenSSH_5.6][HASSH-S: B1C6C0D56317555B85C7005A3DE29325][Plen Bins: 2,76,12,2,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out b/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out index 905129f32..c8d2ef48c 100644 --- a/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out +++ b/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 21 5412 1 +Safe 21 5412 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.222 1 diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index ce11d204b..0afe3df3f 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -37,6 +37,10 @@ Google 11 1420 2 QUIC 6 475 1 Starcraft 236 51494 6 +Safe 46 3071 14 +Acceptable 506 304727 31 +Fun 245 52374 7 + 1 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Goodput ratio: 4/96][3.22 sec][Hostname/SNI: llnw.blizzard.com][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/3 2914/58 341/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 56/1451 241/1514 20/291][URL: llnw.blizzard.com/sc2-pod-retail/AF11CD00/EU/24621.direct/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil][StatusCode: 200][Content-Type: application/octet-stream][Server: Apache][User-Agent: Blizzard Web Client][Risk: ** Binary App Transfer **** Susp DGA Domain name **][Risk Score: 250][Risk Info: llnw.blizzard.com / Found mime exe octet-stream][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] 2 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][126 pkts/9157 bytes <-> 89 pkts/41021 bytes][Goodput ratio: 26/88][3.83 sec][bytes ratio: -0.635 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/37 1016/1086 104/133][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/461 249/1514 28/593][PLAIN TEXT (matteobracci1@gmail.com)][Plen Bins: 76,2,2,2,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,13,0,0] 3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Goodput ratio: 15/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.948 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/3 33/34 13/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/1402 203/1514 37/387][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/gc/GCF1DHMH8FDY1434670037434.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] diff --git a/tests/cfgs/default/result/steam.pcap.out b/tests/cfgs/default/result/steam.pcap.out index 6c812c651..e604b78f9 100644 --- a/tests/cfgs/default/result/steam.pcap.out +++ b/tests/cfgs/default/result/steam.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Steam 107 9232 58 +Fun 107 9232 58 + 1 UDP 192.168.188.149:45665 <-> 72.165.61.188:27018 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][5 pkts/846 bytes <-> 6 pkts/608 bytes][Goodput ratio: 75/58][0.69 sec][bytes ratio: 0.164 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/0 149/124 298/289 107/116][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 169/101 366/158 117/28][PLAIN TEXT (H@VS01)][Plen Bins: 0,63,9,9,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.188.149:45665 <-> 68.142.91.34:27017 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.09 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.188.149:45665 <-> 68.142.91.35:27017 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][Goodput ratio: 46/51][0.10 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/steam_datagram_relay_ping.pcapng.out b/tests/cfgs/default/result/steam_datagram_relay_ping.pcapng.out index c73d76cb0..451884cc0 100644 --- a/tests/cfgs/default/result/steam_datagram_relay_ping.pcapng.out +++ b/tests/cfgs/default/result/steam_datagram_relay_ping.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Steam 2 2684 1 +Fun 2 2684 1 + 1 UDP 192.168.2.100:52157 -> 139.45.193.10:27018 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Game/8][2 pkts/2684 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.52 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (sdping)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out index 346e34534..04aa0b914 100644 --- a/tests/cfgs/default/result/stun.pcap.out +++ b/tests/cfgs/default/result/stun.pcap.out @@ -30,6 +30,9 @@ ICMP 1 122 1 GoogleMeet 41 7228 2 FacebookVoip 75 10554 1 +Safe 4 766 1 +Acceptable 194 27648 7 + JA3 Host Stats: IP Address # JA3C 1 192.168.43.169 1 diff --git a/tests/cfgs/default/result/stun_classic.pcap.out b/tests/cfgs/default/result/stun_classic.pcap.out index f9d87ca65..904c92789 100644 --- a/tests/cfgs/default/result/stun_classic.pcap.out +++ b/tests/cfgs/default/result/stun_classic.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) RTP 22 1624 1 +Acceptable 22 1624 1 + 1 UDP 172.16.63.224:55050 <-> 172.16.63.21:13958 [proto: 78.87/STUN.RTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][9 pkts/662 bytes <-> 13 pkts/962 bytes][Goodput ratio: 43/43][0.23 sec][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 32/17 101/42 32/11][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 74/74 74/74 1/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 4,95,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out b/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out index 7046bf501..8934a1956 100644 --- a/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out +++ b/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) GoogleMeet 39 8413 1 +Acceptable 39 8413 1 + 1 UDP 192.168.12.156:37967 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][25 pkts/4202 bytes <-> 14 pkts/4211 bytes][Goodput ratio: 75/86][0.88 sec][bytes ratio: -0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/35 203/107 47/36][Pkt Len c2s/s2c min/avg/max/stddev: 103/82 168/301 587/1245 125/320][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (ShSURJhNF)][Plen Bins: 0,5,47,30,2,0,0,0,0,0,0,0,0,2,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out b/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out index cba5624e2..1506ee9e3 100644 --- a/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out +++ b/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) STUN 43 10358 2 +Acceptable 43 10358 2 + 1 UDP 10.1.0.3:5853 -> 10.10.0.1:2808 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][18 pkts/5384 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][7.17 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 386/0 4001/0 979/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/0 299/0 750/0 221/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (Coturn)][Plen Bins: 0,5,5,5,34,22,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.10.0.1:65226 -> 10.1.0.3:57730 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][25 pkts/4974 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][7.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/0 4001/0 904/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 199/0 478/0 92/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (username1)][Plen Bins: 0,8,16,16,32,0,4,8,0,12,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out b/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out index 53e6c5010..279f4d525 100644 --- a/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out +++ b/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 6 1708 1 +Safe 6 1708 1 + JA3 Host Stats: IP Address # JA3C 1 26.83.9.81 1 diff --git a/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out b/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out index ec0744e3d..c783d4a2f 100644 --- a/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out +++ b/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DTLS 6 1563 1 +Safe 6 1563 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/stun_google_meet.pcapng.out b/tests/cfgs/default/result/stun_google_meet.pcapng.out index b5887a354..c572c1b1b 100644 --- a/tests/cfgs/default/result/stun_google_meet.pcapng.out +++ b/tests/cfgs/default/result/stun_google_meet.pcapng.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 1/1 (search/found) GoogleMeet 362 74597 7 +Acceptable 362 74597 7 + 1 UDP [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572 <-> [2001:4860:4864:6::81]:19305 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][30 pkts/4693 bytes <-> 118 pkts/36197 bytes][Goodput ratio: 60/80][0.71 sec][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/2 152/74 32/9][Pkt Len c2s/s2c min/avg/max/stddev: 106/99 156/307 608/1265 88/113][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (igoKAAiKAiADEA)][Plen Bins: 0,6,16,5,2,0,0,0,68,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:38152 <-> 142.250.82.76:19305 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][28 pkts/4034 bytes <-> 46 pkts/12188 bytes][Goodput ratio: 71/84][0.87 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/10 205/154 50/29][Pkt Len c2s/s2c min/avg/max/stddev: 87/79 144/265 587/1245 89/180][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (HrRgpad)][Plen Bins: 0,8,37,9,4,0,0,0,38,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:38152 <-> 142.250.82.76:3478 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][55 pkts/7402 bytes <-> 24 pkts/3525 bytes][Goodput ratio: 69/71][6.63 sec][bytes ratio: 0.355 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 109/184 402/761 143/224][Pkt Len c2s/s2c min/avg/max/stddev: 87/82 135/147 423/579 69/115][PLAIN TEXT (HrRgpad)][Plen Bins: 0,39,34,15,0,1,0,0,5,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out b/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out index 110239c4b..6ae9b65d5 100644 --- a/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out +++ b/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Skype_TeamsCall 12 5944 1 +Acceptable 12 5944 1 + 1 UDP 52.115.136.55:3479 -> 10.0.0.1:50006 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][12 pkts/5944 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][4.53 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 453/0 1210/0 379/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 495/0 1257/0 539/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,16,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_signal.pcapng.out b/tests/cfgs/default/result/stun_signal.pcapng.out index 0b9e2b5aa..1be1073a1 100644 --- a/tests/cfgs/default/result/stun_signal.pcapng.out +++ b/tests/cfgs/default/result/stun_signal.pcapng.out @@ -27,6 +27,8 @@ STUN 106 12322 1 ICMP 53 5186 2 SignalVoip 301 30988 20 +Acceptable 460 48496 23 + 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78/STUN][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 ICMP 35.158.183.167:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][30 pkts/2780 bytes <-> 4 pkts/552 bytes][Goodput ratio: 55/69][51.83 sec][bytes ratio: 0.669 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 906/1 7931/1 2120/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 0,88,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_tcp_multiple_msgs_same_pkt.pcap.out b/tests/cfgs/default/result/stun_tcp_multiple_msgs_same_pkt.pcap.out index 3e348be86..e45b4ced0 100644 --- a/tests/cfgs/default/result/stun_tcp_multiple_msgs_same_pkt.pcap.out +++ b/tests/cfgs/default/result/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) STUN 5 506 1 +Acceptable 5 506 1 + 1 TCP 166.172.142.131:3479 <-> 23.183.197.71:42849 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][1 pkts/74 bytes <-> 4 pkts/432 bytes][Goodput ratio: 0/39][10.93 sec][PLAIN TEXT (RXgFYlY)][Plen Bins: 75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_wa_call.pcapng.out b/tests/cfgs/default/result/stun_wa_call.pcapng.out index 5adb04b15..a6e20c44b 100644 --- a/tests/cfgs/default/result/stun_wa_call.pcapng.out +++ b/tests/cfgs/default/result/stun_wa_call.pcapng.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) WhatsAppCall 590 133579 12 ICMP 1 110 1 +Acceptable 591 133689 13 + 1 UDP 192.168.12.156:46652 <-> 93.57.123.227:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][171 pkts/28371 bytes <-> 206 pkts/29803 bytes][Goodput ratio: 75/71][31.78 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 178/151 2505/2463 255/222][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 166/145 434/446 100/85][Plen Bins: 14,41,11,8,2,2,3,2,5,4,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:49526 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][48 pkts/12953 bytes <-> 73 pkts/40083 bytes][Goodput ratio: 84/92][14.68 sec][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 191/164 3009/3009 684/623][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 270/549 542/1155 203/421][PLAIN TEXT (dsUmpy)][Plen Bins: 8,18,19,1,0,0,0,0,3,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,2,4,2,1,2,3,4,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_zoom.pcapng.out b/tests/cfgs/default/result/stun_zoom.pcapng.out index 589f32cc0..7e944c0b2 100644 --- a/tests/cfgs/default/result/stun_zoom.pcapng.out +++ b/tests/cfgs/default/result/stun_zoom.pcapng.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) STUN 40 9877 1 Zoom 30 8381 1 +Acceptable 70 18258 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.43.169 1 diff --git a/tests/cfgs/default/result/syncthing.pcap.out b/tests/cfgs/default/result/syncthing.pcap.out index a7c5909e0..45fe810e7 100644 --- a/tests/cfgs/default/result/syncthing.pcap.out +++ b/tests/cfgs/default/result/syncthing.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 4/0 (search/found) Syncthing 34 15680 4 +Fun 34 15680 4 + 1 UDP [fe80::6238:e0ff:fec5:35a0]:47077 -> [ff12::8384]:21027 [proto: 313/Syncthing][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][15 pkts/7450 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][419.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 29994/0 30000/0 30004/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 267/0 497/0 530/0 85/0][PLAIN TEXT (//192.168.2.100)][Plen Bins: 0,0,0,0,0,0,6,6,0,0,0,0,0,0,87,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:54977 -> 192.168.2.255:21027 [proto: 313/Syncthing][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][15 pkts/7150 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 29994/0 30000/0 30005/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 247/0 477/0 510/0 85/0][PLAIN TEXT (//192.168.2.100)][Plen Bins: 0,0,0,0,0,0,6,6,0,0,0,0,0,0,87,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP [fe80::6238:e0ff:fec5:35a0]:42370 -> [ff12::8384]:21027 [proto: 313/Syncthing][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/560 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][29.99 sec][PLAIN TEXT (//192.168.2.100)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index bb27ebbd7..04a204276 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -84,6 +84,12 @@ NoMachine 2 116 2 Ceph 4 232 4 iSCSI 2 116 2 +Safe 14 812 14 +Acceptable 125 7276 112 +Fun 6 348 6 +Unsafe 8 464 8 +Unrated 1858 107772 1854 + 1 TCP 172.16.0.8:36050 <-> 64.13.134.52:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 5][cat: RemoteAccess/12][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.68 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Network/14][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][::][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 172.16.0.8:36050 <-> 64.13.134.52:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Web/5][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.27 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/syslog.pcap.out b/tests/cfgs/default/result/syslog.pcap.out index 54e46b775..bc347e1b8 100644 --- a/tests/cfgs/default/result/syslog.pcap.out +++ b/tests/cfgs/default/result/syslog.pcap.out @@ -26,6 +26,9 @@ Patricia protocols IPv6: 2/0 (search/found) Unknown 1 78 1 Syslog 93 20321 21 +Acceptable 93 20321 21 +Unrated 1 78 1 + 1 UDP [2001:470:6c:a1::2]:38159 -> [2001:470:765b::b15:22]:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/2994 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][12.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/0 2400/0 7985/0 3185/0][Pkt Len c2s/s2c min/avg/max/stddev: 480/0 499/0 537/0 27/0][PLAIN TEXT ( NetScreen device)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 172.20.51.54:514 -> 172.31.110.40:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][15 pkts/2925 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][22.45 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8/0 1495/0 5398/0 2274/0][Pkt Len c2s/s2c min/avg/max/stddev: 150/0 195/0 234/0 34/0][PLAIN TEXT (854 08/20/2013)][Plen Bins: 0,0,0,20,40,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 172.26.229.190:514 -> 172.23.80.196:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][20 pkts/2084 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][31.18 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 14/0 1731/0 15022/0 4686/0][Pkt Len c2s/s2c min/avg/max/stddev: 99/0 104/0 112/0 6/0][PLAIN TEXT ( Connection from UDP)][Plen Bins: 0,60,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tailscale.pcap.out b/tests/cfgs/default/result/tailscale.pcap.out index be94cf72e..205715183 100644 --- a/tests/cfgs/default/result/tailscale.pcap.out +++ b/tests/cfgs/default/result/tailscale.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Tailscale 107 16516 1 +Acceptable 107 16516 1 + 1 UDP 192.168.88.3:41641 <-> 18.196.71.179:41641 [proto: 24/Tailscale][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][51 pkts/7842 bytes <-> 56 pkts/8674 bytes][Goodput ratio: 73/73][31.88 sec][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/0 586/517 2000/1880 588/502][Pkt Len c2s/s2c min/avg/max/stddev: 134/134 154/155 170/170 15/16][Plen Bins: 0,0,29,27,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/targusdataspeed_false_positives.pcap.out b/tests/cfgs/default/result/targusdataspeed_false_positives.pcap.out index 6cf9c29a1..3ea17ef62 100644 --- a/tests/cfgs/default/result/targusdataspeed_false_positives.pcap.out +++ b/tests/cfgs/default/result/targusdataspeed_false_positives.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 4 939 2 +Acceptable 4 939 2 + 1 UDP 10.0.2.15:23994 <-> 89.64.45.227:5201 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/140 bytes <-> 1 pkts/345 bytes][Goodput ratio: 70/88][0.72 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (target20)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.0.2.15:23994 <-> 79.164.55.123:5001 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/140 bytes <-> 1 pkts/314 bytes][Goodput ratio: 70/86][0.07 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (target20)][Plen Bins: 0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tcp_scan.pcapng.out b/tests/cfgs/default/result/tcp_scan.pcapng.out index c043935a8..0c297dc97 100644 --- a/tests/cfgs/default/result/tcp_scan.pcapng.out +++ b/tests/cfgs/default/result/tcp_scan.pcapng.out @@ -30,6 +30,10 @@ SMBv23 2 138 1 RDP 2 118 1 TLS 4 272 1 +Safe 4 272 1 +Acceptable 8 528 3 +Unrated 6 342 3 + 1 TCP 192.168.1.178:56272 <-> 192.168.1.2:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 4][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.178:56273 <-> 192.168.1.2:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 4][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.178:56274 <-> 192.168.1.2:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/78 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index 4cae48b32..c1fb9b632 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -44,6 +44,11 @@ Microsoft365 136 52120 6 Teams 595 215358 26 Azure 2 294 1 +Safe 1065 521113 45 +Acceptable 428 155344 36 +Fun 1 82 1 +Unrated 4 456 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.6 6 diff --git a/tests/cfgs/default/result/teamspeak3.pcap.out b/tests/cfgs/default/result/teamspeak3.pcap.out index 44c83d80d..3268f4c6d 100644 --- a/tests/cfgs/default/result/teamspeak3.pcap.out +++ b/tests/cfgs/default/result/teamspeak3.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) TeamSpeak 589 33015 2 +Fun 589 33015 2 + 1 UDP 193.31.25.70:2011 <-> 51.68.181.92:2010 [proto: 162/TeamSpeak][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][288 pkts/14976 bytes <-> 288 pkts/16128 bytes][Goodput ratio: 19/12][85808.12 sec][bytes ratio: -0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 300028/300028 600231/600231 300023/300023][Pkt Len c2s/s2c min/avg/max/stddev: 46/56 52/56 58/56 6/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.0.0.1:53187 -> 10.0.0.2:9987 [proto: 162/TeamSpeak][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][13 pkts/1911 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][37.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 387/0 1301/0 449/0][Pkt Len c2s/s2c min/avg/max/stddev: 76/0 147/0 230/0 77/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,53,0,0,0,46,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teamviewer.pcap.out b/tests/cfgs/default/result/teamviewer.pcap.out index bc4fdfda0..6c5194cd7 100644 --- a/tests/cfgs/default/result/teamviewer.pcap.out +++ b/tests/cfgs/default/result/teamviewer.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) TeamViewer 352 172990 2 +Acceptable 352 172990 2 + 1 TCP 10.0.2.15:35732 <-> 162.250.2.170:5938 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][129 pkts/67997 bytes <-> 160 pkts/73349 bytes][Goodput ratio: 89/88][399.56 sec][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3451/2522 50678/50677 9036/8571][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 527/458 1514/1514 537/563][PLAIN TEXT (XDsiBZ)][Plen Bins: 9,4,0,2,0,2,8,0,2,0,0,1,0,1,2,0,0,2,2,0,0,0,2,1,0,0,1,0,0,0,0,0,0,23,1,0,0,2,1,1,1,1,0,0,1,23,0,0] 2 UDP 10.0.2.15:34417 <-> 93.47.224.241:36037 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][1 pkts/138 bytes <-> 62 pkts/31506 bytes][Goodput ratio: 69/92][1.32 sec][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/23 0/442 0/75][Pkt Len c2s/s2c min/avg/max/stddev: 138/58 138/508 138/1066 0/452][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found TeamViewer][PLAIN TEXT (93.47.224.241)][Plen Bins: 11,17,14,3,3,1,3,1,0,0,0,1,0,0,3,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index 1d5ff7d7d..545946bc4 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -37,6 +37,12 @@ Telegram 908 185304 12 Microsoft 2 284 1 GoogleServices 2 186 1 +Safe 7 780 3 +Acceptable 1243 262352 39 +Fun 9 742 2 +Dangerous 1 243 1 +Unrated 306 72708 3 + 1 UDP 192.168.1.77:28150 <-> 91.108.8.1:533 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][DPI packets: 1][cat: Chat/9][12 pkts/1272 bytes <-> 276 pkts/68136 bytes][Goodput ratio: 60/83][16.92 sec][bytes ratio: -0.963 (Download)][IAT c2s/s2c min/avg/max/stddev: 48/0 290/61 504/476 186/43][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/247 138/330 24/41][Plen Bins: 0,2,4,3,0,19,37,21,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.77:28150 <-> 91.108.8.8:529 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][DPI packets: 1][cat: Chat/9][285 pkts/65890 bytes <-> 13 pkts/1522 bytes][Goodput ratio: 82/64][16.92 sec][bytes ratio: 0.955 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/27 59/210 504/472 30/201][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 231/117 314/138 44/16][Plen Bins: 0,2,4,3,8,28,14,37,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP [fe80::4ba:91a:7817:e318]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][120 pkts/27243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][58.59 sec][Hostname/SNI: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17386/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 162/0 227/0 489/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/telegram_videocall.pcapng.out b/tests/cfgs/default/result/telegram_videocall.pcapng.out index 2f4fac437..6a95c52bb 100644 --- a/tests/cfgs/default/result/telegram_videocall.pcapng.out +++ b/tests/cfgs/default/result/telegram_videocall.pcapng.out @@ -36,6 +36,9 @@ Dropbox 2 348 1 AmazonAWS 4 288 1 TelegramVoip 228 41561 16 +Safe 640 339548 9 +Acceptable 247 43569 25 + 1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 91/TLS][IP: 185/Telegram][Encrypted][Confidence: Match by port][DPI packets: 18][cat: Web/5][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 91/TLS][IP: 185/Telegram][Encrypted][Confidence: Match by port][DPI packets: 18][cat: Web/5][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/telnet.pcap.out b/tests/cfgs/default/result/telnet.pcap.out index 89e71b3ba..e61e63322 100644 --- a/tests/cfgs/default/result/telnet.pcap.out +++ b/tests/cfgs/default/result/telnet.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) Telnet 87 7418 1 +Unsafe 87 7418 1 + 1 TCP 192.168.0.2:1550 <-> 192.168.0.1:23 [proto: 77/Telnet][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 33][cat: RemoteAccess/12][43 pkts/3135 bytes <-> 44 pkts/4283 bytes][Goodput ratio: 9/32][39.57 sec][Username: fake][bytes ratio: -0.155 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1130/544 14699/8799 2838/1502][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/97 151/554 17/76][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (bam.zing.org)][Plen Bins: 70,6,19,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teredo.pcap.out b/tests/cfgs/default/result/teredo.pcap.out index e493d1f98..cb692b8f2 100644 --- a/tests/cfgs/default/result/teredo.pcap.out +++ b/tests/cfgs/default/result/teredo.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Teredo 24 2574 5 +Acceptable 24 2574 5 + 1 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/930 bytes <-> 4 pkts/374 bytes][Goodput ratio: 55/55][17.48 sec][bytes ratio: 0.426 (Upload)][IAT c2s/s2c min/avg/max/stddev: 42/10 2184/2486 8524/4963 2528/2476][Pkt Len c2s/s2c min/avg/max/stddev: 82/90 93/94 95/95 4/2][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/206 bytes <-> 2 pkts/302 bytes][Goodput ratio: 59/72][38.10 sec][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/151 bytes][Goodput ratio: 59/72][0.05 sec][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out index 7857e4b2a..144e1d7b8 100644 --- a/tests/cfgs/default/result/tftp.pcap.out +++ b/tests/cfgs/default/result/tftp.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) TFTP 109 31453 9 +Acceptable 109 31453 9 + 1 UDP 192.168.0.10:3445 <-> 192.168.0.253:50618 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][49 pkts/26853 bytes <-> 49 pkts/2940 bytes][Goodput ratio: 92/7][< 1 sec][bytes ratio: 0.803 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2 3/3 9/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 69/60 548/60 558/60 69/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Network Working Group )][Plen Bins: 51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 172.28.5.170:62058 <-> 172.28.5.91:44618 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: DataTransfer/4][2 pkts/92 bytes <-> 2 pkts/1116 bytes][Goodput ratio: 9/92][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BCCCCCC)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.45:35840 -> 192.168.2.200:69 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Filename: empty100KB][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (blksize)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/threema.pcap.out b/tests/cfgs/default/result/threema.pcap.out index 2ed7fc4ce..bb2064748 100644 --- a/tests/cfgs/default/result/threema.pcap.out +++ b/tests/cfgs/default/result/threema.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) Threema 83 11578 6 +Fun 83 11578 6 + 1 TCP 192.168.2.100:50484 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][DPI packets: 10][cat: Chat/9][9 pkts/1998 bytes <-> 6 pkts/1066 bytes][Goodput ratio: 70/62][30.23 sec][bytes ratio: 0.304 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/28 347/6958 2277/27743 788/12000][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 222/178 801/534 238/162][Plen Bins: 0,33,22,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:50298 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][DPI packets: 10][cat: Chat/9][10 pkts/2025 bytes <-> 5 pkts/548 bytes][Goodput ratio: 67/38][46.73 sec][bytes ratio: 0.574 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/31 5838/33 46525/38 15378/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 202/110 510/146 167/24][Plen Bins: 0,44,11,0,0,11,0,0,0,11,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:50618 <-> 185.88.236.110:5222 [proto: 305/Threema][IP: 305/Threema][Encrypted][Confidence: DPI][DPI packets: 10][cat: Chat/9][9 pkts/879 bytes <-> 6 pkts/1079 bytes][Goodput ratio: 31/62][5.39 sec][bytes ratio: -0.102 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/28 52/1686 209/4996 67/2340][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/180 257/661 59/217][Plen Bins: 0,40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/thrift.pcap.out b/tests/cfgs/default/result/thrift.pcap.out index f30a88265..bed3c7919 100644 --- a/tests/cfgs/default/result/thrift.pcap.out +++ b/tests/cfgs/default/result/thrift.pcap.out @@ -24,5 +24,7 @@ Patricia protocols IPv6: 0/0 (search/found) Thrift 172 104345 2 +Acceptable 172 104345 2 + 1 TCP 169.254.59.247:53387 <-> 169.254.46.4:11010 [proto: 345/Thrift][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RPC/16][66 pkts/18026 bytes <-> 104 pkts/77061 bytes][Goodput ratio: 80/93][0.01 sec][bytes ratio: -0.621 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 273/741 6929/1514 1017/585][PLAIN TEXT (devicedriver)][Plen Bins: 0,18,3,2,0,0,1,0,1,0,0,0,0,0,0,0,0,2,31,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,34,0,3] 2 UDP 127.0.0.1:49164 -> 127.0.0.1:6831 [proto: 345/Thrift][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/9258 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][11.73 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (emitBatch)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] diff --git a/tests/cfgs/default/result/tinc.pcap.out b/tests/cfgs/default/result/tinc.pcap.out index 1bbdc6c33..0abe06d3a 100644 --- a/tests/cfgs/default/result/tinc.pcap.out +++ b/tests/cfgs/default/result/tinc.pcap.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found) TINC 317 352291 4 +Acceptable 317 352291 4 + 1 UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VPN/2][29 pkts/30038 bytes <-> 105 pkts/139726 bytes][Goodput ratio: 96/97][35.82 sec][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244/335 1049/2670 434/517][Pkt Len c2s/s2c min/avg/max/stddev: 158/118 1036/1331 1502/1510 544/412][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (E@zUIs1)][Plen Bins: 0,0,2,7,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,2,3,1,0,2,73,0,0] 2 UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VPN/2][101 pkts/136966 bytes <-> 29 pkts/32550 bytes][Goodput ratio: 97/96][42.97 sec][bytes ratio: 0.616 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 442/280 10377/1045 1172/448][Pkt Len c2s/s2c min/avg/max/stddev: 118/158 1356/1122 1510/1502 400/534][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (Cr64lS)][Plen Bins: 0,0,2,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,3,0,0,1,81,0,0] 3 TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: VPN/2][14 pkts/3812 bytes <-> 13 pkts/3098 bytes][Goodput ratio: 80/76][47.37 sec][bytes ratio: 0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4297/19 46927/55 13481/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/238 1093/1091 380/363][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (1 94 64 0 0 5861ABF)][Plen Bins: 21,7,28,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tk.pcap.out b/tests/cfgs/default/result/tk.pcap.out index b2622d788..afb86bea2 100644 --- a/tests/cfgs/default/result/tk.pcap.out +++ b/tests/cfgs/default/result/tk.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) DNS 6 566 3 +Acceptable 6 566 3 + 1 UDP 192.168.1.178:53820 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/131 bytes][Goodput ratio: 41/67][0.05 sec][Hostname/SNI: whois.dot.tk][::][Risk: ** Risky Domain Name **][Risk Score: 50][Risk Info: whois.dot.tk][PLAIN TEXT (freenom)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.178:55591 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/131 bytes][Goodput ratio: 41/67][0.06 sec][Hostname/SNI: whois.dot.tk][::][Risk: ** Risky Domain Name **][Risk Score: 50][Risk Info: whois.dot.tk][PLAIN TEXT (freenom)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.178:51954 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.10 sec][Hostname/SNI: whois.dot.tk][104.155.55.158][Risk: ** Risky Domain Name **][Risk Score: 50][Risk Info: whois.dot.tk][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls-appdata.pcap.out b/tests/cfgs/default/result/tls-appdata.pcap.out index 6c207da92..b6bb9fe28 100644 --- a/tests/cfgs/default/result/tls-appdata.pcap.out +++ b/tests/cfgs/default/result/tls-appdata.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 120 119945 2 +Safe 120 119945 2 + 1 TCP 192.168.2.100:58976 <-> 52.223.198.7:443 [proto: 91/TLS][IP: 195/Twitch][Encrypted][Confidence: DPI][DPI packets: 11][cat: Web/5][65 pkts/15286 bytes <-> 49 pkts/103870 bytes][Goodput ratio: 77/97][4470.16 sec][bytes ratio: -0.743 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 86847/10887 1637911/18446744073709505728 325792/64809][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 235/2120 1506/2958 476/1092][Plen Bins: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,33,0,51] 2 TCP 179.60.195.173:443 <-> 192.168.2.100:60636 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][3 pkts/627 bytes <-> 3 pkts/162 bytes][Goodput ratio: 68/0][0.22 sec][bytes ratio: 0.589 (Upload)][IAT c2s/s2c min/avg/max/stddev: 11/0 56/0 101/0 45/0][Pkt Len c2s/s2c min/avg/max/stddev: 201/54 209/54 225/54 11/0][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out b/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out index 791c9a5b6..015321708 100644 --- a/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out +++ b/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 3 2310 3 +Safe 3 2310 3 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.12 1 diff --git a/tests/cfgs/default/result/tls-rdn-extract.pcap.out b/tests/cfgs/default/result/tls-rdn-extract.pcap.out index 186efad52..1bace5db8 100644 --- a/tests/cfgs/default/result/tls-rdn-extract.pcap.out +++ b/tests/cfgs/default/result/tls-rdn-extract.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Microsoft 6 7205 1 +Safe 6 7205 1 + JA3 Host Stats: IP Address # JA3C 1 10.0.0.1 1 diff --git a/tests/cfgs/default/result/tls_2_reasms.pcapng.out b/tests/cfgs/default/result/tls_2_reasms.pcapng.out index 996dad2b4..1527c0f0c 100644 --- a/tests/cfgs/default/result/tls_2_reasms.pcapng.out +++ b/tests/cfgs/default/result/tls_2_reasms.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Instagram 14 6907 1 +Fun 14 6907 1 + JA3 Host Stats: IP Address # JA3C 1 192.91.186.174 1 diff --git a/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out b/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out index ac7859b6b..6a77799fd 100644 --- a/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out +++ b/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) FbookReelStory 15 13455 1 +Fun 15 13455 1 + JA3 Host Stats: IP Address # JA3C 1 88.14.137.195 1 diff --git a/tests/cfgs/default/result/tls_alert.pcap.out b/tests/cfgs/default/result/tls_alert.pcap.out index 159d77935..dbf88e002 100644 --- a/tests/cfgs/default/result/tls_alert.pcap.out +++ b/tests/cfgs/default/result/tls_alert.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 7 533 1 Google 11 952 1 +Safe 7 533 1 +Acceptable 11 952 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.192 1 diff --git a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out index 232c3b424..53145ced5 100644 --- a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out +++ b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out @@ -37,6 +37,10 @@ Apple 2 273 1 Microsoft 121 47561 14 Azure 2 306 1 +Safe 259 102331 20 +Acceptable 43 5081 14 +Unrated 13 5582 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.121 1 diff --git a/tests/cfgs/default/result/tls_cipher_lens.pcap.out b/tests/cfgs/default/result/tls_cipher_lens.pcap.out index 7bf3928c4..7768c4b8c 100644 --- a/tests/cfgs/default/result/tls_cipher_lens.pcap.out +++ b/tests/cfgs/default/result/tls_cipher_lens.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 4 932 4 Google 1 233 1 +Safe 4 932 4 +Acceptable 1 233 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.11.11 2 diff --git a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out index 64c1b84bb..be50172b9 100644 --- a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 8 2093 1 AnyDesk 9 3433 1 +Safe 8 2093 1 +Acceptable 9 3433 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/tls_ech.pcapng.out b/tests/cfgs/default/result/tls_ech.pcapng.out index d523c71e8..7b862be6f 100644 --- a/tests/cfgs/default/result/tls_ech.pcapng.out +++ b/tests/cfgs/default/result/tls_ech.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 1/1 (search/found) Cloudflare 10 4226 1 +Acceptable 10 4226 1 + JA3 Host Stats: IP Address # JA3C 1 2001:b07:a3d:c112:ce16:b409:3d0a:9177 1 diff --git a/tests/cfgs/default/result/tls_esni_sni_both.pcap.out b/tests/cfgs/default/result/tls_esni_sni_both.pcap.out index 95b87a78c..f6fcee58d 100644 --- a/tests/cfgs/default/result/tls_esni_sni_both.pcap.out +++ b/tests/cfgs/default/result/tls_esni_sni_both.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 38 15899 2 +Safe 38 15899 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.21 1 diff --git a/tests/cfgs/default/result/tls_false_positives.pcapng.out b/tests/cfgs/default/result/tls_false_positives.pcapng.out index 0ce3f370e..15605ea47 100644 --- a/tests/cfgs/default/result/tls_false_positives.pcapng.out +++ b/tests/cfgs/default/result/tls_false_positives.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Unknown 30 37313 1 +Unrated 30 37313 1 + Undetected flows: diff --git a/tests/cfgs/default/result/tls_invalid_reads.pcap.out b/tests/cfgs/default/result/tls_invalid_reads.pcap.out index 8a175841e..fe7507438 100644 --- a/tests/cfgs/default/result/tls_invalid_reads.pcap.out +++ b/tests/cfgs/default/result/tls_invalid_reads.pcap.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 8 1891 2 Crashlytics 3 560 1 +Safe 8 1891 2 +Acceptable 3 560 1 + JA3 Host Stats: IP Address # JA3C 1 10.191.139.17 1 diff --git a/tests/cfgs/default/result/tls_long_cert.pcap.out b/tests/cfgs/default/result/tls_long_cert.pcap.out index 353894acc..4e9fc5563 100644 --- a/tests/cfgs/default/result/tls_long_cert.pcap.out +++ b/tests/cfgs/default/result/tls_long_cert.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 182 117601 1 +Safe 182 117601 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.126 1 diff --git a/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out b/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out index 134a94739..98a7b5d84 100644 --- a/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out +++ b/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 1/1 (search/found) TLS 22 7204 1 +Safe 22 7204 1 + JA3 Host Stats: IP Address # JA3C 1 2001:b07:a3d:c112:9726:f643:a838:b0c4 1 diff --git a/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out b/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out index e9f123277..8a41aa590 100644 --- a/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out +++ b/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 14 10082 1 +Safe 14 10082 1 + JA3 Host Stats: IP Address # JA3C diff --git a/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out b/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out index 47ef91206..c76e6b16c 100644 --- a/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out +++ b/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) AmazonAWS 10 6532 1 +Acceptable 10 6532 1 + JA3 Host Stats: IP Address # JA3C 1 10.10.10.1 1 diff --git a/tests/cfgs/default/result/tls_port_80.pcapng.out b/tests/cfgs/default/result/tls_port_80.pcapng.out index 2a1d61926..4666359e1 100644 --- a/tests/cfgs/default/result/tls_port_80.pcapng.out +++ b/tests/cfgs/default/result/tls_port_80.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 13 2439 1 +Safe 13 2439 1 + JA3 Host Stats: IP Address # JA3C 1 57.91.202.194 1 diff --git a/tests/cfgs/default/result/tls_torrent.pcapng.out b/tests/cfgs/default/result/tls_torrent.pcapng.out index f3499a0c9..7d77f2aa5 100644 --- a/tests/cfgs/default/result/tls_torrent.pcapng.out +++ b/tests/cfgs/default/result/tls_torrent.pcapng.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) BitTorrent 7 6308 1 +Acceptable 7 6308 1 + JA3 Host Stats: IP Address # JA3C 1 10.10.10.1 1 diff --git a/tests/cfgs/default/result/tls_unidirectional.pcap.out b/tests/cfgs/default/result/tls_unidirectional.pcap.out index c7815a548..2031a1186 100644 --- a/tests/cfgs/default/result/tls_unidirectional.pcap.out +++ b/tests/cfgs/default/result/tls_unidirectional.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Google 6 6972 1 AnyDesk 27 7693 1 +Acceptable 33 14665 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/tls_verylong_certificate.pcap.out b/tests/cfgs/default/result/tls_verylong_certificate.pcap.out index b4fe2b5c4..dc67b13ee 100644 --- a/tests/cfgs/default/result/tls_verylong_certificate.pcap.out +++ b/tests/cfgs/default/result/tls_verylong_certificate.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Cybersec 48 22229 1 +Safe 48 22229 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.160 1 diff --git a/tests/cfgs/default/result/toca-boca.pcap.out b/tests/cfgs/default/result/toca-boca.pcap.out index fce78ab89..ecc6da9a9 100644 --- a/tests/cfgs/default/result/toca-boca.pcap.out +++ b/tests/cfgs/default/result/toca-boca.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) TocaBoca 77 15576 21 +Fun 77 15576 21 + 1 UDP 192.168.2.100:55544 <-> 92.38.154.49:5055 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1266 bytes <-> 7 pkts/1556 bytes][Goodput ratio: 73/81][1.22 sec][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/11 35/31 48/47 14/15][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/222 458/522 120/185][PLAIN TEXT (HlvlwYJ)][Plen Bins: 13,27,27,0,13,0,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:50173 <-> 91.199.81.225:5055 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1134 bytes <-> 8 pkts/1327 bytes][Goodput ratio: 74/75][2.41 sec][bytes ratio: -0.078 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 46/31 256/383 982/1078 363/465][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 162/166 458/428 127/122][PLAIN TEXT (AstGDGW)][Plen Bins: 13,41,13,0,13,0,0,6,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:44818 <-> 91.199.81.123:5055 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1177 bytes <-> 7 pkts/1167 bytes][Goodput ratio: 71/75][2.29 sec][bytes ratio: 0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 51/15 360/435 985/1007 340/380][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 147/167 478/515 129/147][PLAIN TEXT (82620531)][Plen Bins: 0,61,13,0,13,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tor.pcap.out b/tests/cfgs/default/result/tor.pcap.out index ea41102b1..4f6c88097 100644 --- a/tests/cfgs/default/result/tor.pcap.out +++ b/tests/cfgs/default/result/tor.pcap.out @@ -31,6 +31,11 @@ DHCPV6 6 906 1 Dropbox 10 1860 1 Tor 112 39736 3 +Safe 220 93832 5 +Acceptable 16 2766 2 +Potentially Dangerous 112 39736 3 +Dangerous 1 252 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.252 1 diff --git a/tests/cfgs/default/result/tplink_shp.pcap.out b/tests/cfgs/default/result/tplink_shp.pcap.out index 31572621a..f011471b6 100644 --- a/tests/cfgs/default/result/tplink_shp.pcap.out +++ b/tests/cfgs/default/result/tplink_shp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TPLINK_SHP 251 17821 8 +Acceptable 251 17821 8 + 1 UDP 192.168.242.40:9999 -> 255.255.255.255:9999 [proto: 332/TPLINK_SHP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][32 pkts/2272 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][1860.44 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 58157/0 60014/0 62682/0 801/0][Pkt Len c2s/s2c min/avg/max/stddev: 71/0 71/0 71/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.242.41:9999 -> 255.255.255.255:9999 [proto: 332/TPLINK_SHP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][32 pkts/2272 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][1860.44 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 59941/0 60012/0 60058/0 30/0][Pkt Len c2s/s2c min/avg/max/stddev: 71/0 71/0 71/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.242.99:9999 -> 255.255.255.255:9999 [proto: 332/TPLINK_SHP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][32 pkts/2272 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][1860.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 59882/0 59999/0 60106/0 30/0][Pkt Len c2s/s2c min/avg/max/stddev: 71/0 71/0 71/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/trickbot.pcap.out b/tests/cfgs/default/result/trickbot.pcap.out index 00b958ef1..a826d2eb7 100644 --- a/tests/cfgs/default/result/trickbot.pcap.out +++ b/tests/cfgs/default/result/trickbot.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 74 62002 1 +Acceptable 74 62002 1 + 1 TCP 10.12.29.101:61318 <-> 82.118.225.196:7080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][28 pkts/2801 bytes <-> 46 pkts/59201 bytes][Goodput ratio: 46/96][8.40 sec][Hostname/SNI: 82.118.225.196][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 327/167 1000/1000 339/292][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 100/1287 982/1514 182/426][URL: 82.118.225.196:7080/OK21pqJAtyyGBEo00sk][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: text/html][Server: nginx][User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Content **][Risk Score: 160][Risk Info: Found host 82.118.225.196 / Susp content DF6A56F8][PLAIN TEXT (POST /OK21p)][Plen Bins: 0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,4,0,0,6,2,0,35,0,0,44,0,0] diff --git a/tests/cfgs/default/result/tumblr.pcap.out b/tests/cfgs/default/result/tumblr.pcap.out index 49545eed9..9b16d952e 100644 --- a/tests/cfgs/default/result/tumblr.pcap.out +++ b/tests/cfgs/default/result/tumblr.pcap.out @@ -31,6 +31,11 @@ ADS_Analytic_Track 54 17122 2 Google 107 85437 1 GoogleServices 63 44980 1 +Safe 447 173873 41 +Acceptable 170 130417 2 +Fun 84 38260 2 +Tracker/Ads 54 17122 2 + JA3 Host Stats: IP Address # JA3C 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 2 diff --git a/tests/cfgs/default/result/tunnelbear.pcap.out b/tests/cfgs/default/result/tunnelbear.pcap.out index 96e8739eb..d55e788c3 100644 --- a/tests/cfgs/default/result/tunnelbear.pcap.out +++ b/tests/cfgs/default/result/tunnelbear.pcap.out @@ -31,6 +31,10 @@ Messenger 18 5263 1 GoogleServices 15 2661 1 TunnelBear 325 84150 15 +Safe 24 9110 1 +Acceptable 363 92380 18 +Tracker/Ads 34 13737 2 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 6 diff --git a/tests/cfgs/default/result/tuya_lp.pcap.out b/tests/cfgs/default/result/tuya_lp.pcap.out index 357e3f536..74d84b4c0 100644 --- a/tests/cfgs/default/result/tuya_lp.pcap.out +++ b/tests/cfgs/default/result/tuya_lp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) TuyaLP 98 21948 13 +Acceptable 98 21948 13 + 1 UDP 192.168.242.170:49154 -> 255.255.255.255:6667 [proto: 331/TuyaLP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][8 pkts/1840 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][35.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4999/0 5000/0 5001/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 230/0 230/0 230/0 0/0][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.242.172:49154 -> 255.255.255.255:6667 [proto: 331/TuyaLP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][8 pkts/1840 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][35.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4997/0 5000/0 5001/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 230/0 230/0 230/0 0/0][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.242.174:49154 -> 255.255.255.255:6667 [proto: 331/TuyaLP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][8 pkts/1840 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][35.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4998/0 5000/0 5003/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 230/0 230/0 230/0 0/0][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ubntac2.pcap.out b/tests/cfgs/default/result/ubntac2.pcap.out index 46944980c..5503dc9a7 100644 --- a/tests/cfgs/default/result/ubntac2.pcap.out +++ b/tests/cfgs/default/result/ubntac2.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) UBNTAC2 8 1736 8 +Safe 8 1736 8 + 1 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/uftp_v4_v5.pcap.out b/tests/cfgs/default/result/uftp_v4_v5.pcap.out index 93c46f0b3..8123ee730 100644 --- a/tests/cfgs/default/result/uftp_v4_v5.pcap.out +++ b/tests/cfgs/default/result/uftp_v4_v5.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) UFTP 260 296340 3 +Acceptable 260 296340 3 + 1 UDP 10.0.0.1:37173 -> 230.5.5.56:1044 [proto: 373/UFTP][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][220 pkts/293060 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.35 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/0 391/0 27/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 1332/0 1366/0 203/0][Plen Bins: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0,0,0,0,0] 2 UDP 10.0.0.1:37173 -> 230.4.4.1:1044 [proto: 373/UFTP][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][20 pkts/1640 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][10.87 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 18/0 602/0 1511/0 718/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.1.186:37457 -> 230.4.4.1:1044 [proto: 373/UFTP][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Download/7][20 pkts/1640 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][2.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 113/0 1513/0 340/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ultrasurf.pcap.out b/tests/cfgs/default/result/ultrasurf.pcap.out index a738882c1..219c3033c 100644 --- a/tests/cfgs/default/result/ultrasurf.pcap.out +++ b/tests/cfgs/default/result/ultrasurf.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 233 106228 2 UltraSurf 100 120543 1 +Safe 233 106228 2 +Acceptable 100 120543 1 + JA3 Host Stats: IP Address # JA3C 1 10.132.0.23 1 diff --git a/tests/cfgs/default/result/umas.pcap.out b/tests/cfgs/default/result/umas.pcap.out index a18de9715..2730c6f2a 100644 --- a/tests/cfgs/default/result/umas.pcap.out +++ b/tests/cfgs/default/result/umas.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) UMAS 191 29046 1 +Acceptable 191 29046 1 + 1 TCP 192.168.63.100:7718 <-> 192.168.63.253:502 [proto: 44.364/Modbus.UMAS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][94 pkts/6876 bytes <-> 97 pkts/22170 bytes][Goodput ratio: 26/76][0.77 sec][bytes ratio: -0.527 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 8/8 183/183 21/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/64 73/229 315/315 36/105][PLAIN TEXT (PU 311 10)][Plen Bins: 57,1,5,2,0,1,0,4,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/upnp.pcap.out b/tests/cfgs/default/result/upnp.pcap.out index 0dcecc1d2..a1c5e519f 100644 --- a/tests/cfgs/default/result/upnp.pcap.out +++ b/tests/cfgs/default/result/upnp.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 2/0 (search/found) WSD 14 9912 2 +Acceptable 14 9912 2 + 1 UDP [fe80::3441:3d24:6d30:a807]:58932 -> [ff02::c]:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][7 pkts/5026 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][5.63 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 118/0 938/0 2000/0 752/0][Pkt Len c2s/s2c min/avg/max/stddev: 718/0 718/0 718/0 0/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.61.66:58931 -> 239.255.255.250:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][7 pkts/4886 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][6.64 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 179/0 1107/0 2004/0 740/0][Pkt Len c2s/s2c min/avg/max/stddev: 698/0 698/0 698/0 0/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index a52619a84..5f7b8d765 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -37,6 +37,11 @@ Google 31 9113 3 Viber 295 105504 12 QUIC 3 194 1 +Safe 102 33446 6 +Acceptable 46 13603 9 +Fun 297 105785 13 +Tracker/Ads 2 377 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.0.17 2 diff --git a/tests/cfgs/default/result/vk.pcapng.out b/tests/cfgs/default/result/vk.pcapng.out index cc12023d3..8d6c80090 100644 --- a/tests/cfgs/default/result/vk.pcapng.out +++ b/tests/cfgs/default/result/vk.pcapng.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) VK 82 10228 4 TLS 827 116853 6 +Safe 827 116853 6 +Fun 82 10228 4 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.249 1 diff --git a/tests/cfgs/default/result/vnc.pcap.out b/tests/cfgs/default/result/vnc.pcap.out index d65e5bebe..a79fa1493 100644 --- a/tests/cfgs/default/result/vnc.pcap.out +++ b/tests/cfgs/default/result/vnc.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) VNC 4551 329158 2 +Acceptable 4551 329158 2 + 1 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: RemoteAccess/12][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes][Goodput ratio: 32/1][16.52 sec][bytes ratio: 0.552 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 841/845 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/54 89/88 5/3][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found VNC][Plen Bins: 88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: RemoteAccess/12][684 pkts/54893 bytes <-> 324 pkts/17720 bytes][Goodput ratio: 32/1][4.15 sec][bytes ratio: 0.512 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/12 538/501 32/43][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/55 89/88 5/4][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found VNC][Plen Bins: 90,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/vrrp3.pcapng.out b/tests/cfgs/default/result/vrrp3.pcapng.out index 9c3f80e5a..387356fc7 100644 --- a/tests/cfgs/default/result/vrrp3.pcapng.out +++ b/tests/cfgs/default/result/vrrp3.pcapng.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 4/0 (search/found) VRRP 10 820 2 +Acceptable 10 820 2 + 1 VRRP [fe80::1]:0 -> [ff02::12]:0 [VLAN: 36][proto: 73/VRRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][9 pkts/738 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][73.79 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8603/0 9223/0 10004/0 503/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 VRRP [fe80::2]:0 -> [ff02::12]:0 [VLAN: 36][proto: 73/VRRP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/vxlan.pcap.out b/tests/cfgs/default/result/vxlan.pcap.out index e067876e9..171e01703 100644 --- a/tests/cfgs/default/result/vxlan.pcap.out +++ b/tests/cfgs/default/result/vxlan.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) Facebook 127 85322 4 +Fun 127 85322 4 + JA3 Host Stats: IP Address # JA3C 1 10.10.20.4 1 diff --git a/tests/cfgs/default/result/wa_video.pcap.out b/tests/cfgs/default/result/wa_video.pcap.out index dc0b3b497..f98c3634a 100644 --- a/tests/cfgs/default/result/wa_video.pcap.out +++ b/tests/cfgs/default/result/wa_video.pcap.out @@ -33,6 +33,9 @@ Dropbox 2 764 1 WhatsApp 133 20568 1 Spotify 1 86 1 +Acceptable 780 347731 13 +Fun 1 86 1 + 1 UDP 192.168.2.12:53688 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][347 pkts/223797 bytes <-> 146 pkts/24878 bytes][Goodput ratio: 93/75][22.48 sec][bytes ratio: 0.800 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/77 2891/3013 278/400][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 645/170 1181/1095 402/174][PLAIN TEXT (hw3@PydH)][Plen Bins: 11,29,10,5,5,0,0,0,0,0,0,0,0,0,14,0,3,0,0,0,0,0,0,0,0,1,1,0,1,3,2,0,2,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.12:53688 <-> 91.252.56.51:32641 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: VoIP/10][72 pkts/48848 bytes <-> 35 pkts/22821 bytes][Goodput ratio: 94/94][3.05 sec][bytes ratio: 0.363 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/19 707/132 139/32][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 678/652 1160/1140 376/376][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (dBXAnF)][Plen Bins: 1,8,0,8,2,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,1,5,5,14,2,5,1,8,4,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: Match by IP][DPI packets: 22][cat: Chat/9][66 pkts/8810 bytes <-> 67 pkts/11758 bytes][Goodput ratio: 50/62][27.94 sec][bytes ratio: -0.143 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 365/429 6456/7033 1181/1216][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/175 1454/1454 183/248][PLAIN TEXT (AaPKuGR)][Plen Bins: 2,50,0,5,13,17,0,0,2,0,0,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] diff --git a/tests/cfgs/default/result/wa_voice.pcap.out b/tests/cfgs/default/result/wa_voice.pcap.out index 1e72de3f5..729b61929 100644 --- a/tests/cfgs/default/result/wa_voice.pcap.out +++ b/tests/cfgs/default/result/wa_voice.pcap.out @@ -39,6 +39,11 @@ Spotify 2 172 1 ApplePush 24 8007 1 WhatsAppFiles 52 24946 2 +Safe 8 542 1 +Acceptable 722 169382 25 +Fun 2 172 1 +Unrated 2 120 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.12 2 diff --git a/tests/cfgs/default/result/waze.pcap.out b/tests/cfgs/default/result/waze.pcap.out index f48408815..3d40dadc5 100644 --- a/tests/cfgs/default/result/waze.pcap.out +++ b/tests/cfgs/default/result/waze.pcap.out @@ -33,6 +33,10 @@ TLS 21 2574 3 Waze 484 289335 19 WhatsApp 15 1341 1 +Safe 21 2574 3 +Acceptable 566 355633 29 +Unrated 10 786 1 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 2 diff --git a/tests/cfgs/default/result/webdav.pcap.out b/tests/cfgs/default/result/webdav.pcap.out index 6987abcd0..ee1c0d84e 100644 --- a/tests/cfgs/default/result/webdav.pcap.out +++ b/tests/cfgs/default/result/webdav.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) WebDAV 14 2742 1 +Acceptable 14 2742 1 + 1 TCP 10.24.8.189:50652 <-> 104.156.149.6:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Collaborative/15][7 pkts/727 bytes <-> 7 pkts/2015 bytes][Goodput ratio: 46/81][5.07 sec][Hostname/SNI: 104.156.149.6][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/8 67/20 24/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 104/288 223/1107 75/390][URL: 104.156.149.6/webdav][StatusCode: 301][Content-Type: text/html][Server: Apache/2.4.52 (Ubuntu)][User-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 104.156.149.6][PLAIN TEXT (PROPFIND /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 0dea74527..0825e890b 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -32,6 +32,9 @@ SIP 22 15356 1 Google 17 6375 1 Webex 790 500686 30 +Safe 259 29507 23 +Acceptable 851 525599 34 + JA3 Host Stats: IP Address # JA3C 1 10.8.0.1 6 diff --git a/tests/cfgs/default/result/websocket.pcap.out b/tests/cfgs/default/result/websocket.pcap.out index 5e8baf685..d62ea800e 100644 --- a/tests/cfgs/default/result/websocket.pcap.out +++ b/tests/cfgs/default/result/websocket.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) WebSocket 5 441 1 +Acceptable 5 441 1 + 1 TCP 192.168.43.135:12345 <-> 192.168.43.1:50999 [proto: 251/WebSocket][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/294 bytes <-> 2 pkts/147 bytes][Goodput ratio: 45/26][77.63 sec][PLAIN TEXT (Welcome)][Plen Bins: 60,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/wechat.pcap.out b/tests/cfgs/default/result/wechat.pcap.out index 60fae4c7f..f4b948398 100644 --- a/tests/cfgs/default/result/wechat.pcap.out +++ b/tests/cfgs/default/result/wechat.pcap.out @@ -43,6 +43,11 @@ LLMNR 12 944 6 WeChat 989 520787 32 GoogleDocs 15 5114 2 +Safe 305 89209 22 +Acceptable 349 47161 46 +Fun 1015 530189 34 +Dangerous 3 751 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.103 3 diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index bac6e9cf9..ebbf6b3df 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -33,6 +33,10 @@ Sina 335 220149 11 Alibaba 8 877 3 SinaWeibo 84 37928 5 +Safe 23 1578 15 +Acceptable 56 7900 13 +Fun 419 258077 16 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.105 1 diff --git a/tests/cfgs/default/result/whatsapp.pcap.out b/tests/cfgs/default/result/whatsapp.pcap.out index 9f8d7b221..fa8ed0f8f 100644 --- a/tests/cfgs/default/result/whatsapp.pcap.out +++ b/tests/cfgs/default/result/whatsapp.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) WhatsApp 679 96293 86 +Acceptable 679 96293 86 + 1 TCP 192.168.2.100:49026 -> 179.60.195.33:5222 [proto: 142/WhatsApp][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][8 pkts/3049 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][0.19 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/0 125/0 41/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 381/0 1315/0 539/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:44804 -> 179.60.195.49:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][9 pkts/2139 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][0.33 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/0 131/0 41/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 238/0 1090/0 319/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 40,0,0,0,0,0,20,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:40108 -> 179.60.195.33:5222 [proto: 142/WhatsApp][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][9 pkts/1919 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.28 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/0 224/0 72/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 213/0 1324/0 393/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 60,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/whatsapp_login_call.pcap.out b/tests/cfgs/default/result/whatsapp_login_call.pcap.out index 562493461..e1cf3fbc0 100644 --- a/tests/cfgs/default/result/whatsapp_login_call.pcap.out +++ b/tests/cfgs/default/result/whatsapp_login_call.pcap.out @@ -41,6 +41,10 @@ Spotify 3 258 1 AppleStore 85 28087 2 ApplePush 22 5926 1 +Safe 198 50852 23 +Acceptable 1050 141996 33 +Fun 3 258 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.4 1 diff --git a/tests/cfgs/default/result/whatsapp_login_chat.pcap.out b/tests/cfgs/default/result/whatsapp_login_chat.pcap.out index 9f7aca2f3..ee6b59add 100644 --- a/tests/cfgs/default/result/whatsapp_login_chat.pcap.out +++ b/tests/cfgs/default/result/whatsapp_login_chat.pcap.out @@ -29,6 +29,10 @@ Dropbox 2 1088 1 WhatsApp 32 3243 2 Spotify 1 86 1 +Safe 50 23466 2 +Acceptable 42 6585 6 +Fun 1 86 1 + 1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][24 pkts/15117 bytes <-> 20 pkts/6254 bytes][Goodput ratio: 91/83][3.89 sec][bytes ratio: 0.415 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 180/27 2803/212 622/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 630/313 1494/1002 544/370][Plen Bins: 0,0,4,0,0,0,0,0,0,0,16,0,0,0,8,4,0,16,0,0,0,0,4,0,0,0,0,0,0,16,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,16,0,0] 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes][Goodput ratio: 37/26][19.72 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 1371/2066 10513/10479 2988/3556][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/90 267/144 68/22][PLAIN TEXT (iPhone)][Plen Bins: 21,50,7,0,0,14,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/2095 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][20.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 659/0 4000/0 10199/0 3476/0][Pkt Len c2s/s2c min/avg/max/stddev: 220/0 349/0 375/0 58/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,16,0,0,0,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/whatsapp_voice_and_message.pcap.out b/tests/cfgs/default/result/whatsapp_voice_and_message.pcap.out index df917e37a..7bb7856a2 100644 --- a/tests/cfgs/default/result/whatsapp_voice_and_message.pcap.out +++ b/tests/cfgs/default/result/whatsapp_voice_and_message.pcap.out @@ -25,6 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found) WhatsAppCall 44 5916 8 WhatsApp 217 22139 5 +Acceptable 261 28055 13 + 1 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][30 pkts/2539 bytes <-> 32 pkts/3070 bytes][Goodput ratio: 35/44][47.83 sec][bytes ratio: -0.095 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1858/1709 28667/28718 5783/5581][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 85/96 299/559 55/94][PLAIN TEXT (Android)][Plen Bins: 47,21,7,3,7,7,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][24 pkts/3029 bytes <-> 22 pkts/1961 bytes][Goodput ratio: 57/39][13.49 sec][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 681/812 10696/10748 2366/2570][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126/89 590/469 124/92][PLAIN TEXT (Android)][Plen Bins: 21,10,37,5,0,10,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes][Goodput ratio: 69/60][8.61 sec][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 717/767 8044/4043 2210/1535][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 179/135 590/1022 203/241][PLAIN TEXT (Android)][Plen Bins: 36,0,0,9,9,9,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/whatsappfiles.pcap.out b/tests/cfgs/default/result/whatsappfiles.pcap.out index 9cc51d849..0c22d6aeb 100644 --- a/tests/cfgs/default/result/whatsappfiles.pcap.out +++ b/tests/cfgs/default/result/whatsappfiles.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) WhatsAppFiles 620 452233 2 +Acceptable 620 452233 2 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.29 2 diff --git a/tests/cfgs/default/result/whois.pcapng.out b/tests/cfgs/default/result/whois.pcapng.out index a4c4204e9..4b60f0fa2 100644 --- a/tests/cfgs/default/result/whois.pcapng.out +++ b/tests/cfgs/default/result/whois.pcapng.out @@ -27,6 +27,9 @@ Patricia protocols IPv6: 0/0 (search/found) TLS 7 2046 1 Whois-DAS 16 4294 2 +Safe 7 2046 1 +Acceptable 16 4294 2 + JA3 Host Stats: IP Address # JA3C 1 10.17.34.139 1 diff --git a/tests/cfgs/default/result/windowsupdate_over_http.pcap.out b/tests/cfgs/default/result/windowsupdate_over_http.pcap.out index 201d3a352..2b4e7472c 100644 --- a/tests/cfgs/default/result/windowsupdate_over_http.pcap.out +++ b/tests/cfgs/default/result/windowsupdate_over_http.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) WindowsUpdate 20 15975 1 +Safe 20 15975 1 + 1 TCP 10.0.2.15:49815 <-> 151.99.72.125:80 [proto: 7.147/HTTP.WindowsUpdate][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][8 pkts/923 bytes <-> 12 pkts/15052 bytes][Goodput ratio: 52/96][0.02 sec][Hostname/SNI: 151.99.72.125][bytes ratio: -0.884 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 9/8 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/1254 533/1514 158/536][URL: 151.99.72.125/data/0783dedfb62fa709/msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVp][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: Microsoft-Delivery-Optimization/10.0][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 160][Risk Info: Found host 151.99.72.125 / Found mime exe octet-stream][PLAIN TEXT (GET /data/0783dedfb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,72,0,0] diff --git a/tests/cfgs/default/result/wireguard.pcap.out b/tests/cfgs/default/result/wireguard.pcap.out index 4f8af14b5..b921a6abf 100644 --- a/tests/cfgs/default/result/wireguard.pcap.out +++ b/tests/cfgs/default/result/wireguard.pcap.out @@ -23,5 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found) WireGuard 52 12740 2 +Acceptable 52 12740 2 + 1 UDP 139.162.192.157:51820 <-> 192.168.0.14:36116 [proto: 206/WireGuard][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: VPN/2][18 pkts/5428 bytes <-> 12 pkts/2568 bytes][Goodput ratio: 86/80][9.40 sec][bytes ratio: 0.358 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 414/661 5525/5525 1367/1721][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 302/214 842/314 223/80][Plen Bins: 0,0,0,41,23,0,0,0,16,3,3,0,0,0,0,0,3,0,0,3,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 10.9.0.1:43462 <-> 10.9.0.2:51820 [proto: 206/WireGuard][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: VPN/2][12 pkts/3100 bytes <-> 10 pkts/1644 bytes][Goodput ratio: 84/74][140.28 sec][bytes ratio: 0.307 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1369/17528 10176/138081 3139/45567][Pkt Len c2s/s2c min/avg/max/stddev: 74/122 258/164 1494/330 375/58][Plen Bins: 0,9,22,18,41,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] diff --git a/tests/cfgs/default/result/wow.pcap.out b/tests/cfgs/default/result/wow.pcap.out index cbd458f60..d29d6fe6e 100644 --- a/tests/cfgs/default/result/wow.pcap.out +++ b/tests/cfgs/default/result/wow.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) WorldOfWarcraft 95 10688 5 +Fun 95 10688 5 + 1 TCP 192.168.178.20:39329 <-> 12.129.228.153:3724 [proto: 76/WorldOfWarcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Game/8][10 pkts/2788 bytes <-> 6 pkts/898 bytes][Goodput ratio: 76/55][1.83 sec][bytes ratio: 0.513 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/125 121/183 537/222 182/38][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/150 569/467 238/143][PLAIN TEXT (WORLD OF WARCRAFT CONNECTION )][Plen Bins: 0,44,0,0,0,0,0,0,0,0,0,0,11,0,0,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.178.20:39309 <-> 12.129.222.53:80 [proto: 7.76/HTTP.WorldOfWarcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Game/8][18 pkts/1350 bytes <-> 6 pkts/950 bytes][Goodput ratio: 13/57][11.01 sec][Hostname/SNI: us.scan.worldofwarcraft.com][bytes ratio: 0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/219 733/298 8393/378 2077/80][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 75/158 151/339 28/128][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][Content-Type: text/plain][Server: Apache/2.2.3 (CentOS)][Risk: ** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 150][Risk Info: Empty or missing User-Agent / Obsolete Apache server 2.2.3][PLAIN TEXT (FGET /update/Launcher.t)][Plen Bins: 0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.178.20:39312 <-> 24.105.29.21:80 [proto: 7.76/HTTP.WorldOfWarcraft][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 9][cat: Game/8][18 pkts/1156 bytes <-> 6 pkts/876 bytes][Goodput ratio: 12/62][11.13 sec][Hostname/SNI: launcher.worldofwarcraft.com][bytes ratio: 0.138 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/157 741/904 8457/1650 2112/746][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 64/146 126/598 23/202][URL: launcher.worldofwarcraft.com/alert][StatusCode: 200][Content-Type: text/plain][Server: Apache][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /alert HTTP/1.1)][Plen Bins: 0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/xdmcp.pcap.out b/tests/cfgs/default/result/xdmcp.pcap.out index 1bf4890ab..1de312539 100644 --- a/tests/cfgs/default/result/xdmcp.pcap.out +++ b/tests/cfgs/default/result/xdmcp.pcap.out @@ -23,4 +23,6 @@ Patricia protocols IPv6: 0/0 (search/found) XDMCP 6 598 1 +Acceptable 6 598 1 + 1 UDP 10.1.2.2:61426 <-> 10.1.2.4:177 [proto: 15/XDMCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: RemoteAccess/12][4 pkts/433 bytes <-> 2 pkts/165 bytes][Goodput ratio: 59/49][3.02 sec][bytes ratio: 0.448 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/144 1006/144 1992/144 811/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/71 108/82 231/94 71/12][PLAIN TEXT (COOKIEg to manag)][Plen Bins: 67,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/xiaomi.pcap.out b/tests/cfgs/default/result/xiaomi.pcap.out index d485377e7..88f2404d6 100644 --- a/tests/cfgs/default/result/xiaomi.pcap.out +++ b/tests/cfgs/default/result/xiaomi.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Xiaomi 52 11467 7 +Acceptable 52 11467 7 + 1 TCP 192.168.2.100:45106 <-> 18.193.233.122:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][8 pkts/2061 bytes <-> 7 pkts/1063 bytes][Goodput ratio: 74/56][359.14 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com][bytes ratio: 0.319 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/1 59816/100 358553/211 133599/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 258/152 1014/488 311/142][User-Agent: Redmi Note 8T][PLAIN TEXT (xiaomi.com)][Plen Bins: 14,0,14,14,0,0,14,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:37708 <-> 3.127.176.74:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][8 pkts/1983 bytes <-> 7 pkts/641 bytes][Goodput ratio: 73/27][455.15 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 75808/90740 453408/453409 168869/181335][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/92 999/171 303/39][User-Agent: Redmi Note 9 Pro][PLAIN TEXT (xiaomi.com)][Plen Bins: 16,0,16,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 115.164.74.232:5222 <-> 192.168.247.13:38018 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/456 bytes <-> 3 pkts/1283 bytes][Goodput ratio: 40/85][149.32 sec][Hostname/SNI: 47.241.35.73][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 143/153 49772/74586 149015/149020 70175/74434][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 114/428 172/980 41/395][User-Agent: M2010J19SG][PLAIN TEXT (xiaomi.com)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/xss.pcap.out b/tests/cfgs/default/result/xss.pcap.out index 6c8822e50..999189f91 100644 --- a/tests/cfgs/default/result/xss.pcap.out +++ b/tests/cfgs/default/result/xss.pcap.out @@ -26,5 +26,7 @@ Patricia protocols IPv6: 0/0 (search/found) HTTP 11 3209 2 +Acceptable 11 3209 2 + 1 TCP 192.168.3.109:53514 <-> 192.168.3.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][4 pkts/880 bytes <-> 4 pkts/2115 bytes][Goodput ratio: 69/87][0.01 sec][Hostname/SNI: 192.168.3.107][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 5/4 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/529 674/1514 262/591][URL: 192.168.3.107/DVWA-master/vulnerabilities/xss_d/?default=English%3Cscript%3Ealert(1)%3C/script%3E][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36][Risk: ** XSS Attack **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 160][Risk Info: Found host 192.168.3.107][PLAIN TEXT (FGET /DVWA)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] 2 TCP 192.168.3.109:53516 <-> 192.168.3.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/yandex.pcapng.out b/tests/cfgs/default/result/yandex.pcapng.out index 4b724f106..e14d19b25 100644 --- a/tests/cfgs/default/result/yandex.pcapng.out +++ b/tests/cfgs/default/result/yandex.pcapng.out @@ -30,6 +30,10 @@ YandexCloud 18 11310 1 YandexMetrika 16 9241 1 YandexDirect 18 8718 1 +Safe 94 40622 7 +Fun 18 8243 1 +Tracker/Ads 18 8718 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.249 1 diff --git a/tests/cfgs/default/result/youtube_quic.pcap.out b/tests/cfgs/default/result/youtube_quic.pcap.out index 4636cd18e..98e935215 100644 --- a/tests/cfgs/default/result/youtube_quic.pcap.out +++ b/tests/cfgs/default/result/youtube_quic.pcap.out @@ -24,6 +24,9 @@ Patricia protocols IPv6: 0/0 (search/found) YouTube 258 178495 1 Google 31 13144 2 +Acceptable 31 13144 2 +Fun 258 178495 1 + 1 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][113 pkts/16111 bytes <-> 145 pkts/162384 bytes][Goodput ratio: 71/96][3.12 sec][Hostname/SNI: yt3.ggpht.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 70/69 15/12][Pkt Len c2s/s2c min/avg/max/stddev: 77/73 143/1120 1392/1392 176/437][User-Agent: beta Chrome/57.0.2987.98 Intel Mac OS X 10_12_3][QUIC ver: Q035][PLAIN TEXT (yt3.ggpht.com)][Plen Bins: 0,31,1,12,8,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,41,0,0,0,0,0] 2 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Advertisement/101][9 pkts/3929 bytes <-> 9 pkts/4736 bytes][Goodput ratio: 90/92][0.44 sec][Hostname/SNI: googleads.g.doubleclick.net][bytes ratio: -0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 36/37 114/158 48/52][Pkt Len c2s/s2c min/avg/max/stddev: 80/69 437/526 1392/1392 524/546][User-Agent: beta Chrome/57.0.2987.98 Intel Mac OS X 10_12_3][QUIC ver: Q035][PLAIN TEXT (googleads.g.doubleclick.net)][Plen Bins: 16,39,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0] 3 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Advertisement/101][7 pkts/2312 bytes <-> 6 pkts/2167 bytes][Goodput ratio: 87/88][0.56 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: 0.032 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/8 40/17 89/44 35/17][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 330/361 1392/1392 449/479][User-Agent: beta Chrome/57.0.2987.98 Intel Mac OS X 10_12_3][QUIC ver: Q035][PLAIN TEXT (pagead2.googlesyndication.com)][Plen Bins: 23,30,7,0,7,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0] diff --git a/tests/cfgs/default/result/youtubeupload.pcap.out b/tests/cfgs/default/result/youtubeupload.pcap.out index f8ff136ce..f2ee85a09 100644 --- a/tests/cfgs/default/result/youtubeupload.pcap.out +++ b/tests/cfgs/default/result/youtubeupload.pcap.out @@ -24,6 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found) YouTubeUpload 137 127038 3 +Fun 137 127038 3 + JA3 Host Stats: IP Address # JA3C 1 192.168.2.27 1 diff --git a/tests/cfgs/default/result/z3950.pcapng.out b/tests/cfgs/default/result/z3950.pcapng.out index 57f7469a2..0de430071 100644 --- a/tests/cfgs/default/result/z3950.pcapng.out +++ b/tests/cfgs/default/result/z3950.pcapng.out @@ -26,5 +26,7 @@ Patricia protocols IPv6: 0/0 (search/found) Z3950 31 6308 2 +Acceptable 31 6308 2 + 1 TCP 192.168.2.100:58921 <-> 193.174.240.93:210 [proto: 260/Z3950][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 15][cat: Network/14][7 pkts/623 bytes <-> 8 pkts/4374 bytes][Goodput ratio: 37/90][1.55 sec][bytes ratio: -0.751 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 293/29 1341/73 524/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/547 170/1506 44/623][PLAIN TEXT (p.5.4.1 12b)][Plen Bins: 25,0,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 2 TCP 192.168.0.20:46524 <-> 129.187.139.43:9991 [proto: 260/Z3950][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Network/14][10 pkts/764 bytes <-> 6 pkts/547 bytes][Goodput ratio: 28/36][76.54 sec][bytes ratio: 0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 1539/3022 9007/9037 3003/4253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 76/91 138/167 32/37][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (p/5.27.1 872b)][Plen Bins: 0,50,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/zabbix.pcap.out b/tests/cfgs/default/result/zabbix.pcap.out index 7e9b1b264..6a1c7eb82 100644 --- a/tests/cfgs/default/result/zabbix.pcap.out +++ b/tests/cfgs/default/result/zabbix.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Zabbix 236 24571 24 +Acceptable 236 24571 24 + 1 TCP 192.168.7.16:36699 <-> 192.168.7.17:10051 [proto: 248/Zabbix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/429 bytes <-> 5 pkts/1083 bytes][Goodput ratio: 21/69][0.00 sec][bytes ratio: -0.433 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 2/2 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86/217 157/811 36/297][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.7.16:60217 <-> 192.168.7.17:10051 [proto: 248/Zabbix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/429 bytes <-> 5 pkts/1083 bytes][Goodput ratio: 21/69][0.00 sec][bytes ratio: -0.433 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 2/2 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86/217 157/811 36/297][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.7.16:50639 <-> 192.168.7.17:10051 [proto: 248/Zabbix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/669 bytes <-> 5 pkts/436 bytes][Goodput ratio: 49/22][0.00 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 134/87 397/164 132/39][Plen Bins: 0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/zattoo.pcap.out b/tests/cfgs/default/result/zattoo.pcap.out index 63b207f08..7ce3c0ab8 100644 --- a/tests/cfgs/default/result/zattoo.pcap.out +++ b/tests/cfgs/default/result/zattoo.pcap.out @@ -23,6 +23,8 @@ Patricia protocols IPv6: 0/0 (search/found) Zattoo 32 13467 2 +Fun 32 13467 2 + JA3 Host Stats: IP Address # JA3C 1 10.101.0.2 1 diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out index ae1454ba8..d0863243e 100644 --- a/tests/cfgs/default/result/zoom.pcap.out +++ b/tests/cfgs/default/result/zoom.pcap.out @@ -40,6 +40,10 @@ Spotify 1 86 1 Zoom 635 354005 19 GoogleServices 4 1060 1 +Safe 40 11444 4 +Acceptable 656 357338 28 +Fun 1 86 1 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.117 4 diff --git a/tests/cfgs/default/result/zoom2.pcap.out b/tests/cfgs/default/result/zoom2.pcap.out index f000bb544..c106b7a91 100644 --- a/tests/cfgs/default/result/zoom2.pcap.out +++ b/tests/cfgs/default/result/zoom2.pcap.out @@ -26,6 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found) ICMP 6 420 1 Zoom 2508 652095 4 +Acceptable 2514 652515 5 + JA3 Host Stats: IP Address # JA3C 1 192.168.1.178 1 diff --git a/tests/cfgs/default/result/zoom_p2p.pcapng.out b/tests/cfgs/default/result/zoom_p2p.pcapng.out index 98930cc82..d8d8c9e02 100644 --- a/tests/cfgs/default/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out @@ -30,6 +30,8 @@ ICMP 53 6042 2 Dropbox 16 2784 1 Zoom 691 262429 8 +Acceptable 763 271804 12 + 1 UDP 192.168.12.156:39065 <-> 192.168.1.226:46757 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 13][cat: Video/26][148 pkts/108673 bytes <-> 174 pkts/110457 bytes][Goodput ratio: 94/93][1.67 sec][bytes ratio: -0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 88/71 15/12][Pkt Len c2s/s2c min/avg/max/stddev: 127/98 734/635 1269/1302 277/371][PLAIN TEXT (192.168.1.226)][Plen Bins: 0,0,9,1,0,0,0,6,1,0,0,0,0,2,5,11,10,5,4,4,2,0,0,1,2,2,0,0,0,0,0,1,16,0,0,0,3,1,5,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:49579 -> 10.78.14.178:49586 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 13][cat: Video/26][154 pkts/19404 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][4.51 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/0 82/0 14/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:42208 -> 10.78.14.178:47312 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 13][cat: Video/26][130 pkts/16380 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][2.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/0 82/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |