diff options
| author | Liam Wilson <37528501+liwilson1@users.noreply.github.com> | 2024-09-27 19:23:22 +1200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-27 09:23:22 +0200 |
| commit | cdda369e92d7581242c0c436d76569faf9860056 (patch) | |
| tree | 6708accaf79ae8954945eed01238d1328cadfef3 /tests/cfgs/disable_use_client_ip | |
| parent | 288c1f5c22789660b272ed95fcfada43f7d9e35c (diff) | |
Add enable/disable guessing using client IP/port (#2569)
Add configurable options for whether to include client port or client IP
in the flow's protocol guesses. This defaults to include both client
port/IP if the protocol is not guessed with the server IP/port.
This is intended for when flow direction detection is enabled, so we
know that sport = client port, dport = server port.
Diffstat (limited to 'tests/cfgs/disable_use_client_ip')
| -rw-r--r-- | tests/cfgs/disable_use_client_ip/config.txt | 1 | ||||
| l--------- | tests/cfgs/disable_use_client_ip/pcap/bot.pcap | 1 | ||||
| -rw-r--r-- | tests/cfgs/disable_use_client_ip/result/bot.pcap.out | 27 |
3 files changed, 29 insertions, 0 deletions
diff --git a/tests/cfgs/disable_use_client_ip/config.txt b/tests/cfgs/disable_use_client_ip/config.txt new file mode 100644 index 000000000..b00220496 --- /dev/null +++ b/tests/cfgs/disable_use_client_ip/config.txt @@ -0,0 +1 @@ +--cfg=flow.use_client_ip_in_guess,0
\ No newline at end of file diff --git a/tests/cfgs/disable_use_client_ip/pcap/bot.pcap b/tests/cfgs/disable_use_client_ip/pcap/bot.pcap new file mode 120000 index 000000000..7913e48b9 --- /dev/null +++ b/tests/cfgs/disable_use_client_ip/pcap/bot.pcap @@ -0,0 +1 @@ +../../default/pcap/bot.pcap
\ No newline at end of file diff --git a/tests/cfgs/disable_use_client_ip/result/bot.pcap.out b/tests/cfgs/disable_use_client_ip/result/bot.pcap.out new file mode 100644 index 000000000..1a9f583a5 --- /dev/null +++ b/tests/cfgs/disable_use_client_ip/result/bot.pcap.out @@ -0,0 +1,27 @@ +DPI Packets (TCP): 6 (6.00 pkts/flow) +Confidence DPI : 1 (flows) +Num dissector calls: 15 (15.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 0/1/0 (insert/search/found) +Automa host: 1/0 (search/found) +Automa domain: 1/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 1/1 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 1/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +HTTP 402 431124 1 + +Acceptable 402 431124 1 + + 1 TCP 40.77.167.36:64768 <-> 89.31.72.220:80 [VLAN: 77][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][115 pkts/7672 bytes <-> 287 pkts/423452 bytes][Goodput ratio: 4/96][5.66 sec][Hostname/SNI: atlanteditorino.it][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/3 4532/106 489/16][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 67/1475 374/1498 29/171][URL: atlanteditorino.it/quartieri/img/S.Donato_M.Vittoria1930_B.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)][Risk: ** Crawler/Bot **][Risk Score: 10][Risk Info: UA Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/b][PLAIN TEXT (GET /quartieri/im)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] |