aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/openvpn_heuristic_enabled
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2024-10-18 23:47:34 +0200
committerLuca Deri <deri@ntop.org>2024-10-18 23:47:34 +0200
commit0cc84e4fdd3057826355596fc2cc5a6c783048d5 (patch)
tree4e8959e9dd33136847d7606fffcbbf68f2f9fd58 /tests/cfgs/openvpn_heuristic_enabled
parent819291b7e42afca856ef1a3fa611ddd926da6549 (diff)
Improved TCP fingepring calculation
Adde basidc OS detection based on TCP fingerprint
Diffstat (limited to 'tests/cfgs/openvpn_heuristic_enabled')
-rw-r--r--tests/cfgs/openvpn_heuristic_enabled/result/openvpn_obfuscated.pcapng.out4
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/cfgs/openvpn_heuristic_enabled/result/openvpn_obfuscated.pcapng.out b/tests/cfgs/openvpn_heuristic_enabled/result/openvpn_obfuscated.pcapng.out
index ab815ae1c..69e20c862 100644
--- a/tests/cfgs/openvpn_heuristic_enabled/result/openvpn_obfuscated.pcapng.out
+++ b/tests/cfgs/openvpn_heuristic_enabled/result/openvpn_obfuscated.pcapng.out
@@ -26,6 +26,6 @@ NordVPN 90 27820 2
Acceptable 177 53289 3
- 1 TCP 107.161.86.131:443 <-> 192.168.12.156:48072 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 40][cat: VPN/2][40 pkts/9272 bytes <-> 47 pkts/16197 bytes][Goodput ratio: 70/81][3.15 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 212/303 66/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/345 1514/1090 370/406][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN / Expected on port 1194][TCP Fingerprint: 64_65535_1596d0698b3d][PLAIN TEXT (MhLYoT)][Plen Bins: 35,3,3,15,1,1,0,0,1,3,5,1,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,18,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
- 2 TCP 192.168.12.156:37976 <-> 185.128.25.99:465 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 19][cat: VPN/2][29 pkts/7410 bytes <-> 31 pkts/9812 bytes][Goodput ratio: 74/79][1.73 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/26 1019/153 204/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/317 1090/1514 256/424][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN / Expected on port 1194][TCP Fingerprint: 64_65535_685ad951a756][PLAIN TEXT (HrFTzP)][Plen Bins: 0,0,14,30,14,2,0,2,5,0,5,5,2,0,0,2,0,0,0,0,0,2,0,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
+ 1 TCP 107.161.86.131:443 <-> 192.168.12.156:48072 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 40][cat: VPN/2][40 pkts/9272 bytes <-> 47 pkts/16197 bytes][Goodput ratio: 70/81][3.15 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 212/303 66/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/345 1514/1090 370/406][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN / Expected on port 1194][PLAIN TEXT (MhLYoT)][Plen Bins: 35,3,3,15,1,1,0,0,1,3,5,1,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,18,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
+ 2 TCP 192.168.12.156:37976 <-> 185.128.25.99:465 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 19][cat: VPN/2][29 pkts/7410 bytes <-> 31 pkts/9812 bytes][Goodput ratio: 74/79][1.73 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/26 1019/153 204/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/317 1090/1514 256/424][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN / Expected on port 1194][TCP Fingerprint: 40962_64_65535_685ad951a756/Unknown][PLAIN TEXT (HrFTzP)][Plen Bins: 0,0,14,30,14,2,0,2,5,0,5,5,2,0,0,2,0,0,0,0,0,2,0,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
3 UDP 192.168.12.156:47128 <-> 149.102.238.108:1214 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 10][cat: VPN/2][19 pkts/3629 bytes <-> 11 pkts/6969 bytes][Goodput ratio: 78/93][1.26 sec][bytes ratio: -0.315 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/132 1156/1023 278/337][Pkt Len c2s/s2c min/avg/max/stddev: 115/136 191/634 782/1158 153/438][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Obfuscated Traffic **][Risk Score: 160][Risk Info: Entropy: 6.051 (Executable?) / Obfuscated OpenVPN][PLAIN TEXT (SFhAFI)][Plen Bins: 0,0,23,41,3,0,0,0,3,0,3,6,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.