aboutsummaryrefslogtreecommitdiff
path: root/tests/result/netbios.pcap.out
diff options
context:
space:
mode:
authorIvan Nardi <12729895+IvanNardi@users.noreply.github.com>2022-01-11 15:23:39 +0100
committerGitHub <noreply@github.com>2022-01-11 15:23:39 +0100
commit3a087e951d96f509c75344ad6791591e10e4f1cd (patch)
treee1c83179768f1445610bf060917700f17fce908f /tests/result/netbios.pcap.out
parenta2916d2e4c19aff56979b1dafa7edd0c7d3c17fe (diff)
Add a "confidence" field about the reliability of the classification. (#1395)
As a general rule, the higher the confidence value, the higher the "reliability/precision" of the classification. In other words, this new field provides an hint about "how" the flow classification has been obtained. For example, the application may want to ignore classification "by-port" (they are not real DPI classifications, after all) or give a second glance at flows classified via LRU caches (because of false positives). Setting only one value for the confidence field is a bit tricky: more work is probably needed in the next future to tweak/fix/improve the logic.
Diffstat (limited to 'tests/result/netbios.pcap.out')
-rw-r--r--tests/result/netbios.pcap.out32
1 files changed, 17 insertions, 15 deletions
diff --git a/tests/result/netbios.pcap.out b/tests/result/netbios.pcap.out
index 01d0c7293..ad0855c8d 100644
--- a/tests/result/netbios.pcap.out
+++ b/tests/result/netbios.pcap.out
@@ -2,22 +2,24 @@ Guessed flow protos: 1
DPI Packets (TCP): 2 (2.00 pkts/flow)
DPI Packets (UDP): 14 (1.00 pkts/flow)
+Confidence Match by port : 1 (flows)
+Confidence DPI : 14 (flows)
NetBIOS 258 24196 13
SMBv1 2 486 2
- 1 UDP 10.0.4.131:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][181 pkts/16652 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][59.62 sec][Hostname/SNI: xstream_hy][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 10/0 328/0 929/0 225/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FIFDFEFCEFEBENFPEIFJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 10.0.5.233:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][59 pkts/5428 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][57.96 sec][Hostname/SNI: ozi][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 749/0 1008/0 1515/0 361/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EPFKEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 10.0.5.233:137 <-> 10.0.4.24:137 [proto: 10/NetBIOS][ClearText][cat: System/18][2 pkts/184 bytes <-> 2 pkts/434 bytes][Goodput ratio: 54/80][10.00 sec][Hostname/SNI: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 10.0.1.87:57836 <-> 10.0.4.24:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/92 bytes <-> 1 pkts/217 bytes][Goodput ratio: 54/80][< 1 sec][Hostname/SNI: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 UDP 10.0.1.87:57921 <-> 10.0.4.24:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/92 bytes <-> 1 pkts/217 bytes][Goodput ratio: 54/80][< 1 sec][Hostname/SNI: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 UDP 10.0.5.9:138 -> 10.0.5.255:138 [proto: 10.16/NetBIOS.SMBv1][ClearText][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: nvr9][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EOFGFCDJ)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 UDP 10.0.5.93:138 -> 10.0.5.255:138 [proto: 10.16/NetBIOS.SMBv1][ClearText][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: bowie][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ECEPFHEJEFCACACACACACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP 10.0.4.101:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][18.05 sec][Hostname/SNI: muli][PLAIN TEXT ( ENFFEMEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 TCP 10.0.4.24:139 <-> 10.0.4.131:1398 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/60 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 UDP 10.0.4.24:137 -> 10.0.4.165:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/104 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: gunnar][PLAIN TEXT ( EHFFEOEOEBFCCACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 UDP 10.0.5.1:137 -> 10.0.4.24:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/104 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: guru][PLAIN TEXT ( EHFFFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 UDP 10.0.4.14:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: guru][PLAIN TEXT ( EHFFFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 13 UDP 10.0.4.24:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: guru][PLAIN TEXT ( EHFFFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 UDP 10.0.4.66:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: guru][PLAIN TEXT ( EHFFFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 UDP 10.0.4.165:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: gunnar][PLAIN TEXT ( EHFFEOEOEBFCCACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 10.0.4.131:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][181 pkts/16652 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][59.62 sec][Hostname/SNI: xstream_hy][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 10/0 328/0 929/0 225/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FIFDFEFCEFEBENFPEIFJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 10.0.5.233:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][59 pkts/5428 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][57.96 sec][Hostname/SNI: ozi][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 749/0 1008/0 1515/0 361/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EPFKEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 10.0.5.233:137 <-> 10.0.4.24:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][2 pkts/184 bytes <-> 2 pkts/434 bytes][Goodput ratio: 54/80][10.00 sec][Hostname/SNI: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 10.0.1.87:57836 <-> 10.0.4.24:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][1 pkts/92 bytes <-> 1 pkts/217 bytes][Goodput ratio: 54/80][< 1 sec][Hostname/SNI: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 10.0.1.87:57921 <-> 10.0.4.24:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][1 pkts/92 bytes <-> 1 pkts/217 bytes][Goodput ratio: 54/80][< 1 sec][Hostname/SNI: *][PLAIN TEXT ( CKAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 UDP 10.0.5.9:138 -> 10.0.5.255:138 [proto: 10.16/NetBIOS.SMBv1][ClearText][Confidence: DPI][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: nvr9][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EOFGFCDJ)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 10.0.5.93:138 -> 10.0.5.255:138 [proto: 10.16/NetBIOS.SMBv1][ClearText][Confidence: DPI][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: bowie][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ECEPFHEJEFCACACACACACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 10.0.4.101:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][18.05 sec][Hostname/SNI: muli][PLAIN TEXT ( ENFFEMEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 TCP 10.0.4.24:139 <-> 10.0.4.131:1398 [proto: 10/NetBIOS][ClearText][Confidence: Match by port][cat: System/18][1 pkts/60 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 UDP 10.0.4.24:137 -> 10.0.4.165:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][1 pkts/104 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: gunnar][PLAIN TEXT ( EHFFEOEOEBFCCACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 UDP 10.0.5.1:137 -> 10.0.4.24:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][1 pkts/104 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: guru][PLAIN TEXT ( EHFFFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 UDP 10.0.4.14:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: guru][PLAIN TEXT ( EHFFFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 13 UDP 10.0.4.24:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: guru][PLAIN TEXT ( EHFFFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 UDP 10.0.4.66:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: guru][PLAIN TEXT ( EHFFFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 UDP 10.0.4.165:137 -> 10.0.5.255:137 [proto: 10/NetBIOS][ClearText][Confidence: DPI][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: gunnar][PLAIN TEXT ( EHFFEOEOEBFCCACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.