Added support for RDP over TLS

author: Luca Deri <deri@ntop.org> 2024-10-19 16:24:11 +0200
committer: Luca Deri <deri@ntop.org> 2024-10-19 16:24:11 +0200
commit: 6dc4533c3cc0786c740f91cedab74e54623349b2 (patch)
tree: de45ebf23391686695bd1332025c4931a2b17bc2 /tests/cfgs/default
parent: e16b01c4c2d263750388854c5002536bbcaa904c (diff)
2 files changed, 32 insertions, 0 deletions
diff --git a/tests/cfgs/default/pcap/rdp_over_tls.pcap b/tests/cfgs/default/pcap/rdp_over_tls.pcap
new file mode 100644
index 000000000..98c5e8523
--- /dev/null
+++ b/tests/cfgs/default/pcap/rdp_over_tls.pcap
diff --git a/tests/cfgs/default/result/rdp_over_tls.pcap.out b/tests/cfgs/default/result/rdp_over_tls.pcap.out
new file mode 100644
index 000000000..a21a5dee5
--- /dev/null
+++ b/tests/cfgs/default/result/rdp_over_tls.pcap.out
@@ -0,0 +1,32 @@
+DPI Packets (TCP):	7	(7.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/1/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+RDP	19	3868	1
+
+Acceptable                      19 3868          1            
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 91.238.181.21            	 1      
+
+
+	1	TCP 91.238.181.21:35888 <-> 89.31.79.12:3389 [VLAN: 77][proto: 91.88/TLS.RDP][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: RemoteAccess/12][11 pkts/1862 bytes <-> 8 pkts/2006 bytes][Goodput ratio: 64/76][1.25 sec][bytes ratio: -0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/34 135/196 1035/961 319/342][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 169/251 696/1255 175/385][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 170][Risk Info: Found RDP / No ALPN / SNI should always be present / CN=topsalon][TCP Fingerprint: 32962_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA3C: 043c543b63b895881d9abfbc320cb863][JA4: t12d280600_bbd4f008d9b2_f28add8e7af0][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: CN=topsalon][Subject: CN=topsalon][Certificate SHA-1: A2:FF:78:9D:71:42:7A:00:97:9C:96:C2:E7:D1:C1:AD:A1:82:CC:2C][Firefox][Validity: 2024-07-26 06:03:40 - 2025-01-25 06:03:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,25,16,0,8,8,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0]
author	Luca Deri <deri@ntop.org>	2024-10-19 16:24:11 +0200
committer	Luca Deri <deri@ntop.org>	2024-10-19 16:24:11 +0200
commit	6dc4533c3cc0786c740f91cedab74e54623349b2 (patch)
tree	de45ebf23391686695bd1332025c4931a2b17bc2 /tests/cfgs/default
parent	e16b01c4c2d263750388854c5002536bbcaa904c (diff)