Update all IP lists (#2515)

The `suffix_id` is simply an incremental index (see `ndpi_load_domain_suffixes`), so its value might changes every time we update the public suffix list.
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2024-08-02 15:06:08 +0200
committer: GitHub <noreply@github.com> 2024-08-02 15:06:08 +0200
commit: 2740a4f4e3d56f992b37e1fa273b6e0f3490868e (patch)
tree: 839d7de0a913194efbc8db054e48f10b346dcd5b /tests/cfgs/default
parent: dbfeb06e26bb91769b870a1694f85fb6f44e2499 (diff)
4 files changed, 9 insertions, 9 deletions
diff --git a/tests/cfgs/default/result/malware.pcap.out b/tests/cfgs/default/result/malware.pcap.out
index 15f486895..343355676 100644
--- a/tests/cfgs/default/result/malware.pcap.out
+++ b/tests/cfgs/default/result/malware.pcap.out
@@ -22,7 +22,7 @@ Patricia risk mask:   8/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        0/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   10/2 (search/found)
+Patricia protocols:   12/0 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 
 DNS	2	216	1
@@ -40,8 +40,8 @@ JA3 Host Stats:
 
 
 	1	TCP 192.168.0.20:41240 <-> 193.109.85.123:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Malware/100][22 pkts/4006 bytes <-> 52 pkts/49048 bytes][Goodput ratio: 70/94][0.89 sec][Hostname/SNI: hobbeach.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/18 159/269 55/55][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 182/943 847/1506 265/684][TLSv1.2][JA3C: 9a7f6a45c84d90c9e8baecb0c9ae8dff][JA4: t13d1515h2_8daaf6152771_6a09c78d0dc2][JA3S: d154fcfa5bb4f0748e1dd1992c681104][ECH: version 0xfe0d][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,5,0,2,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,5,0,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,2,0,0,0,75,0,0]
-	2	TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91/TLS][IP: 225/OpenDNS][Encrypted][Confidence: DPI][FPC: 225/OpenDNS, Confidence: IP address][DPI packets: 10][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][Goodput ratio: 53/91][0.64 sec][Hostname/SNI: www.internetbadguys.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/75 240/249 99/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/651 571/1514 148/644][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.internetbadguys.com vs api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.o][TLSv1.2][JA3C: b20b44b18b853ef29ab773e921b03422][JA4: t13d1814h2_29a2cd9e9f10_d267a5f792d4][ServerNames: api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Firefox][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0]
-	3	TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7/HTTP][IP: 225/OpenDNS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Goodput ratio: 86/44][0.21 sec][Hostname/SNI: www.internetbadguys.com][URL: www.internetbadguys.com/][User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][Goodput ratio: 53/91][0.64 sec][Hostname/SNI: www.internetbadguys.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/75 240/249 99/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/651 571/1514 148/644][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.internetbadguys.com vs api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.o][TLSv1.2][JA3C: b20b44b18b853ef29ab773e921b03422][JA4: t13d1814h2_29a2cd9e9f10_d267a5f792d4][ServerNames: api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Firefox][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0]
+	3	TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Goodput ratio: 86/44][0.21 sec][Hostname/SNI: www.internetbadguys.com][URL: www.internetbadguys.com/][User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/106 bytes <-> 1 pkts/110 bytes][Goodput ratio: 60/61][0.02 sec][Hostname/SNI: www.internetbadguys.com][67.215.92.210][PLAIN TEXT (internetbadguys)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	5	ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **** Client contacted a malware host **][Risk Score: 170][Risk Info: No server to client traffic / Entropy: 5.298 (Executable?) / Client contacted malware host][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Client contacted a malware host **** Probing attempt **][Risk Score: 210][Risk Info: No server to client traffic / Client contacted malware host / TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/srvloc.pcap.out b/tests/cfgs/default/result/srvloc.pcap.out
index 9a2f078c1..259174491 100644
--- a/tests/cfgs/default/result/srvloc.pcap.out
+++ b/tests/cfgs/default/result/srvloc.pcap.out
@@ -17,7 +17,7 @@ Patricia risk mask:   1240/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        575/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   1240/28 (search/found)
+Patricia protocols:   1240/27 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 
 Service_Location_Protocol	629	57125	620
@@ -525,7 +525,7 @@ Acceptable                     629 57125         620
 	499	UDP 185.31.153.50:50851 -> 186.112.202.53:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	500	UDP 185.33.65.208:52802 -> 74.111.203.55:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	501	UDP 185.211.4.13:55127 -> 90.111.212.50:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	502	UDP 185.213.154.138:52528 -> 165.114.202.61:427 [proto: 347/Service_Location_Protocol][IP: 348/Mullvad][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	502	UDP 185.213.154.138:52528 -> 165.114.202.61:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	503	UDP 186.27.5.237:51315 -> 90.147.171.51:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	504	UDP 186.213.158.225:51349 -> 69.109.187.54:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	505	UDP 186.213.158.225:53551 -> 90.111.212.50:427 [proto: 347/Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tls_invalid_reads.pcap.out b/tests/cfgs/default/result/tls_invalid_reads.pcap.out
index 7f7356fc8..e481cf8ac 100644
--- a/tests/cfgs/default/result/tls_invalid_reads.pcap.out
+++ b/tests/cfgs/default/result/tls_invalid_reads.pcap.out
@@ -20,7 +20,7 @@ Patricia risk mask:   4/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        1/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   4/2 (search/found)
+Patricia protocols:   5/1 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 
 TLS	8	1891	2
@@ -36,4 +36,4 @@ JA3 Host Stats:
 
 	1	TCP 192.168.10.101:3967 <-> 206.33.61.113:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][4 pkts/330 bytes <-> 3 pkts/1497 bytes][Goodput ratio: 31/89][0.08 sec][bytes ratio: -0.639 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/38 25/19 58/38 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 82/499 156/905 43/346][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TLS/QUIC Probing][TLSv1][JA3S: 53611273a714cb4789c8222932efd5a7 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	TCP 10.191.139.17:58552 <-> 54.221.224.45:443 [VLAN: 2][proto: GTP:91.275/TLS.Crashlytics][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 3][cat: DataTransfer/4][2 pkts/442 bytes <-> 1 pkts/118 bytes][Goodput ratio: 41/0][0.23 sec][Hostname/SNI: e.crashlytics.com][(Advertised) ALPNs: ][Risk: ** Uncommon TLS ALPN **** TLS Susp Extn **** Probing attempt **][Risk Score: 200][TLSv1.2][JA3C: 9d5430e6dfce44459702b74d790df353][JA4: t12d200500_6e20beb92e8e_354730cf0bf0][Firefox][PLAIN TEXT (e.crashlytics.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 74.80.160.99:3258 -> 67.217.77.28:443 [proto: 91/TLS][IP: 293/GoTo][Encrypted][Confidence: Match by port][FPC: 293/GoTo, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/64 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 74.80.160.99:3258 -> 67.217.77.28:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/64 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out
index 0aad47515..faafca6b6 100644
--- a/tests/cfgs/default/result/zoom.pcap.out
+++ b/tests/cfgs/default/result/zoom.pcap.out
@@ -22,7 +22,7 @@ Patricia risk mask:   38/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        0/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   52/16 (search/found)
+Patricia protocols:   53/15 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 
 DNS	2	205	1
@@ -52,7 +52,7 @@ JA3 Host Stats:
 	2	TCP 192.168.1.117:54871 <-> 109.94.160.99:443 [proto: 91.189/TLS.Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 11][cat: Video/26][127 pkts/54118 bytes <-> 83 pkts/17526 bytes][Goodput ratio: 84/69][2.00 sec][Hostname/SNI: zoomfrn99mmr.zoom.us][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 950/156 93/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 426/211 1506/1506 458/364][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][JA4: t12d930700_72a4e8475a2e_4446390ac224][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,12,4,2,6,3,2,2,2,4,5,10,1,0,0,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
 	3	TCP 192.168.1.117:54866 <-> 52.202.62.236:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 10][cat: Video/26][16 pkts/3097 bytes <-> 17 pkts/18622 bytes][Goodput ratio: 71/95][0.61 sec][Hostname/SNI: www3.zoom.us][(Advertised) ALPNs: http/1.1][bytes ratio: -0.715 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 114/143 47/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 194/1095 864/1506 265/618][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][JA4: t12d8008ht_9cedc1f1428b_046e095b7c4a][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,63,0,0]
 	4	TCP 192.168.1.117:54865 <-> 52.202.62.196:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: IP address][DPI packets: 10][cat: Video/26][15 pkts/2448 bytes <-> 15 pkts/16505 bytes][Goodput ratio: 66/95][0.50 sec][Hostname/SNI: zoom.us][(Advertised) ALPNs: http/1.1][bytes ratio: -0.742 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/22 112/136 46/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 163/1100 687/1506 200/623][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][JA4: t12d8008ht_9cedc1f1428b_046e095b7c4a][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,57,0,0]
-	5	UDP 10.140.117.35:45634 <-> 193.122.35.237:8801 [VLAN: 113][proto: GTP:189/Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: IP address][DPI packets: 8][cat: Video/26][34 pkts/5678 bytes <-> 47 pkts/7940 bytes][Goodput ratio: 48/49][154.35 sec][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/2 1919/1250 3741/3741 1619/1357][Pkt Len c2s/s2c min/avg/max/stddev: 167/167 167/169 167/174 0/3][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP 10.140.117.35:45634 <-> 193.122.35.237:8801 [VLAN: 113][proto: GTP:189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Video/26][34 pkts/5678 bytes <-> 47 pkts/7940 bytes][Goodput ratio: 48/49][154.35 sec][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/2 1919/1250 3741/3741 1619/1357][Pkt Len c2s/s2c min/avg/max/stddev: 167/167 167/169 167/174 0/3][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	TCP 192.168.1.117:54868 <-> 213.19.144.104:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: IP address][DPI packets: 11][cat: Video/26][17 pkts/2534 bytes <-> 13 pkts/7180 bytes][Goodput ratio: 56/88][0.41 sec][Hostname/SNI: zoomam104zc.zoom.us][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/41 87/168 27/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149/552 642/1506 175/612][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][JA4: t12d930700_72a4e8475a2e_4446390ac224][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 21,6,6,6,6,0,0,6,0,0,0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0]
 	7	TCP 192.168.1.117:54869 <-> 213.244.140.85:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 11][cat: Video/26][16 pkts/2480 bytes <-> 13 pkts/7182 bytes][Goodput ratio: 57/88][0.39 sec][Hostname/SNI: zoomfr85zc.zoom.us][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/41 202/224 52/72][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 155/552 642/1506 178/612][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][JA4: t12d930700_72a4e8475a2e_4446390ac224][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 21,6,6,6,6,0,0,6,0,0,0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0]
 	8	TCP 192.168.1.117:54867 <-> 213.19.144.105:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: IP address][DPI packets: 11][cat: Video/26][16 pkts/2468 bytes <-> 13 pkts/7188 bytes][Goodput ratio: 58/88][0.42 sec][Hostname/SNI: zoomam105zc.zoom.us][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/43 147/178 40/63][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/553 642/1506 179/612][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][JA4: t12d930700_72a4e8475a2e_4446390ac224][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 21,6,6,6,6,0,0,6,0,0,0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0]
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2024-08-02 15:06:08 +0200
committer	GitHub <noreply@github.com>	2024-08-02 15:06:08 +0200
commit	2740a4f4e3d56f992b37e1fa273b6e0f3490868e (patch)
tree	839d7de0a913194efbc8db054e48f10b346dcd5b /tests/cfgs/default
parent	dbfeb06e26bb91769b870a1694f85fb6f44e2499 (diff)