aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs
diff options
context:
space:
mode:
authorIvan Nardi <12729895+IvanNardi@users.noreply.github.com>2024-01-19 08:57:39 +0100
committerGitHub <noreply@github.com>2024-01-19 08:57:39 +0100
commitc83698c957b3ebc21d9e5bc78928e5140f79c0f1 (patch)
tree43fd655023621979a7f2dde1b8f2fbb6a59d31a5 /tests/cfgs
parent6ac2ce84f8737bf4b22167cce9313cee3efff5c1 (diff)
STUN: fix flow risks when DTLS packets are found (#2266)
When switching to (D)TLS dissector from the STUN one, we need to clear any flow risks set from the latter (because we don't have anymore `NDPI_PROTOCOL_STUN` in the classification results)
Diffstat (limited to 'tests/cfgs')
-rw-r--r--tests/cfgs/default/result/geforcenow.pcapng.out2
-rw-r--r--tests/cfgs/default/result/stun.pcap.out2
-rw-r--r--tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out2
-rw-r--r--tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out2
-rw-r--r--tests/cfgs/default/result/stun_zoom.pcapng.out2
5 files changed, 5 insertions, 5 deletions
diff --git a/tests/cfgs/default/result/geforcenow.pcapng.out b/tests/cfgs/default/result/geforcenow.pcapng.out
index 84579150d..bad127947 100644
--- a/tests/cfgs/default/result/geforcenow.pcapng.out
+++ b/tests/cfgs/default/result/geforcenow.pcapng.out
@@ -32,4 +32,4 @@ JA3 Host Stats:
1 TCP 192.168.1.245:57490 <-> 80.84.167.206:49100 [proto: 91.341/TLS.GeForceNow][IP: 342/Nvidia][Encrypted][Confidence: DPI][DPI packets: 7][cat: Game/8][27 pkts/8759 bytes <-> 27 pkts/39892 bytes][Goodput ratio: 80/96][1.34 sec][Hostname/SNI: 80-84-167-206.cloudmatchbeta.nvidiagrid.net][(Advertised) ALPNs: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.640 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/12 946/84 200/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/1477 2962/2962 631/1355][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.2][JA3C: 021c7413ddeb0d58973451b0e3b19eca][JA4: t00d1516ht_8daaf6152771_e5627efa2ab1][ServerNames: prod.cloudmatchbeta.nvidiagrid.net,*.cloudmatchbeta.nvidiagrid.net][JA3S: 098e26e2609212ac1bfac552fbe04127][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, CN=prod.cloudmatchbeta.nvidiagrid.net][Certificate SHA-1: 8C:24:BC:2B:01:63:B9:AC:83:90:F3:A9:F9:EA:72:5E:F4:47:A2:77][Chrome][Validity: 2022-08-09 00:00:00 - 2023-08-09 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,23,2,0,0,5,0,0,14,0,2,0,0,0,0,0,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,42]
- 2 UDP 192.168.1.245:52441 <-> 80.84.167.206:18452 [proto: 30.341/DTLS.GeForceNow][IP: 342/Nvidia][Encrypted][Confidence: DPI][DPI packets: 9][cat: Game/8][21 pkts/3455 bytes <-> 33 pkts/16894 bytes][Goodput ratio: 74/92][1.03 sec][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/30 360/689 91/130][Pkt Len c2s/s2c min/avg/max/stddev: 87/67 165/512 582/1222 101/514][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert Validity Too Long **][Risk Score: 260][Risk Info: No ALPN / TLS Cert lasts 730 days / CN=NVIDIA GameStream][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: t00d110700_c45550529adf_d9dd6182da81][JA3S: a9e0318114bb46bdbeef6d54e42c915f][Issuer: CN=NVIDIA GameStream][Subject: CN=NVIDIA GameStream][Certificate SHA-1: D1:FC:74:AD:A0:6F:11:C1:F4:4D:F9:4C:2B:25:88:A6:2B:6E:65:1E][Validity: 2022-05-21 12:24:31 - 2024-05-20 12:24:31][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (BffATDg/Gz0)][Plen Bins: 1,17,33,9,12,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.1.245:52441 <-> 80.84.167.206:18452 [proto: 30.341/DTLS.GeForceNow][IP: 342/Nvidia][Encrypted][Confidence: DPI][DPI packets: 9][cat: Game/8][21 pkts/3455 bytes <-> 33 pkts/16894 bytes][Goodput ratio: 74/92][1.03 sec][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/30 360/689 91/130][Pkt Len c2s/s2c min/avg/max/stddev: 87/67 165/512 582/1222 101/514][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert Validity Too Long **][Risk Score: 210][Risk Info: No ALPN / TLS Cert lasts 730 days / CN=NVIDIA GameStream][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: t00d110700_c45550529adf_d9dd6182da81][JA3S: a9e0318114bb46bdbeef6d54e42c915f][Issuer: CN=NVIDIA GameStream][Subject: CN=NVIDIA GameStream][Certificate SHA-1: D1:FC:74:AD:A0:6F:11:C1:F4:4D:F9:4C:2B:25:88:A6:2B:6E:65:1E][Validity: 2022-05-21 12:24:31 - 2024-05-20 12:24:31][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (BffATDg/Gz0)][Plen Bins: 1,17,33,9,12,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out
index 04aa0b914..110f1abd1 100644
--- a/tests/cfgs/default/result/stun.pcap.out
+++ b/tests/cfgs/default/result/stun.pcap.out
@@ -44,5 +44,5 @@ JA3 Host Stats:
4 TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 10.77.110.51:41588 <-> 10.206.50.239:42000 [VLAN: 1611][proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][7 pkts/1006 bytes <-> 8 pkts/1118 bytes][Goodput ratio: 58/57][1.05 sec][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 189/134 369/399 144/153][Pkt Len c2s/s2c min/avg/max/stddev: 70/64 144/140 164/172 31/43][Plen Bins: 0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.12.169:43016 <-> 74.125.247.128:3478 [proto: 78.201/STUN.GoogleMeet][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 4][cat: VoIP/10][4 pkts/528 bytes <-> 4 pkts/408 bytes][Goodput ratio: 68/59][1.25 sec][Hostname/SNI: turn.l.google.com][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/23 342/409 974/1177 447/543][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 132/102 198/122 61/19][PLAIN TEXT (BSnLfRxS6)][Plen Bins: 12,37,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30/DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][DPI packets: 4][3 pkts/660 bytes <-> 1 pkts/106 bytes][Goodput ratio: 81/60][0.12 sec][(Advertised) ALPNs: webrtc;c-webrtc][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][DTLSv1.2][JA3C: 3e12a43c7535bb32beac3928f8fe905d][JA4: t00d0808we_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (DCBD09778680)][Plen Bins: 0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30/DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][DPI packets: 4][3 pkts/660 bytes <-> 1 pkts/106 bytes][Goodput ratio: 81/60][0.12 sec][(Advertised) ALPNs: webrtc;c-webrtc][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][DTLSv1.2][JA3C: 3e12a43c7535bb32beac3928f8fe905d][JA4: t00d0808we_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (DCBD09778680)][Plen Bins: 0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 ICMP 192.168.12.169:0 -> 74.125.247.128:0 [proto: 81/ICMP][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/122 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (62NfUD5)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out b/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out
index 279f4d525..4614d4b8e 100644
--- a/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out
+++ b/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out
@@ -30,4 +30,4 @@ JA3 Host Stats:
1 26.83.9.81 1
- 1 UDP 26.83.9.81:57567 -> 33.35.223.103:540 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/1708 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][1.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 232/0 299/0 116/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/0 285/0 873/0 267/0][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / No ALPN][DTLSv1.0][JA3C: f5eee7bc59657db39e2b9cdd401d78b7][JA4: t00d350400_23b9269eae60_dbc12469f409][PLAIN TEXT (ugPnBzE)][Plen Bins: 0,0,16,51,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 26.83.9.81:57567 -> 33.35.223.103:540 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/1708 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][1.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 232/0 299/0 116/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/0 285/0 873/0 267/0][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / No ALPN][DTLSv1.0][JA3C: f5eee7bc59657db39e2b9cdd401d78b7][JA4: t00d350400_23b9269eae60_dbc12469f409][PLAIN TEXT (ugPnBzE)][Plen Bins: 0,0,16,51,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out b/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out
index c783d4a2f..63f61c9f6 100644
--- a/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out
+++ b/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
IP Address # JA3C
- 1 UDP 33.35.223.103:540 -> 26.83.9.81:57567 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/1563 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][1.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/0 299/0 116/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/0 260/0 958/0 312/0][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** Unidirectional Traffic **][Risk Score: 160][Risk Info: No client to server traffic / CN=LiveFoundry Inc.][DTLSv1.0][JA3S: 1974c5c625e99dc22d0477079a54aed3][Issuer: CN=LiveFoundry Inc.][Subject: CN=LiveFoundry Inc.][Certificate SHA-1: 23:F4:E7:42:93:22:91:BB:A3:54:70:97:94:2A:DE:AF:26:61:18:98][Validity: 2015-08-27 09:07:05 - 2016-08-27 09:07:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (LiveFoundry Inc.0)][Plen Bins: 0,0,67,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 33.35.223.103:540 -> 26.83.9.81:57567 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/1563 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][1.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/0 299/0 116/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/0 260/0 958/0 312/0][Risk: ** Self-signed Cert **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / CN=LiveFoundry Inc.][DTLSv1.0][JA3S: 1974c5c625e99dc22d0477079a54aed3][Issuer: CN=LiveFoundry Inc.][Subject: CN=LiveFoundry Inc.][Certificate SHA-1: 23:F4:E7:42:93:22:91:BB:A3:54:70:97:94:2A:DE:AF:26:61:18:98][Validity: 2015-08-27 09:07:05 - 2016-08-27 09:07:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (LiveFoundry Inc.0)][Plen Bins: 0,0,67,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_zoom.pcapng.out b/tests/cfgs/default/result/stun_zoom.pcapng.out
index 7e944c0b2..cc53333c3 100644
--- a/tests/cfgs/default/result/stun_zoom.pcapng.out
+++ b/tests/cfgs/default/result/stun_zoom.pcapng.out
@@ -32,4 +32,4 @@ JA3 Host Stats:
1 UDP 192.168.43.169:53065 <-> 134.224.90.111:8801 [proto: 78/STUN][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][19 pkts/3524 bytes <-> 21 pkts/6353 bytes][Goodput ratio: 77/86][1.19 sec][bytes ratio: -0.286 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/45 153/178 50/56][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 185/303 231/1094 42/390][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (webrtc)][Plen Bins: 5,15,27,2,27,10,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][DPI packets: 14][cat: Video/26][13 pkts/2491 bytes <-> 17 pkts/5890 bytes][Goodput ratio: 78/88][0.76 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/43 200/286 59/80][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 192/346 231/1094 40/422][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][DTLSv1.2][JA3C: 3e12a43c7535bb32beac3928f8fe905d][JA4: t00d0808we_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (DCBD09778680)][Plen Bins: 10,13,23,0,26,10,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][DPI packets: 14][cat: Video/26][13 pkts/2491 bytes <-> 17 pkts/5890 bytes][Goodput ratio: 78/88][0.76 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/43 200/286 59/80][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 192/346 231/1094 40/422][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][DTLSv1.2][JA3C: 3e12a43c7535bb32beac3928f8fe905d][JA4: t00d0808we_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (DCBD09778680)][Plen Bins: 10,13,23,0,26,10,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.