diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-01-11 15:23:39 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-11 15:23:39 +0100 |
| commit | 3a087e951d96f509c75344ad6791591e10e4f1cd (patch) | |
| tree | e1c83179768f1445610bf060917700f17fce908f /tests/result/quic-v2-00.pcapng.out | |
| parent | a2916d2e4c19aff56979b1dafa7edd0c7d3c17fe (diff) | |
Add a "confidence" field about the reliability of the classification. (#1395)
As a general rule, the higher the confidence value, the higher the
"reliability/precision" of the classification.
In other words, this new field provides an hint about "how" the flow
classification has been obtained.
For example, the application may want to ignore classification "by-port"
(they are not real DPI classifications, after all) or give a second
glance at flows classified via LRU caches (because of false positives).
Setting only one value for the confidence field is a bit tricky: more
work is probably needed in the next future to tweak/fix/improve the logic.
Diffstat (limited to 'tests/result/quic-v2-00.pcapng.out')
| -rw-r--r-- | tests/result/quic-v2-00.pcapng.out | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tests/result/quic-v2-00.pcapng.out b/tests/result/quic-v2-00.pcapng.out index 18c7c03e3..5d344ea15 100644 --- a/tests/result/quic-v2-00.pcapng.out +++ b/tests/result/quic-v2-00.pcapng.out @@ -1,6 +1,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 1 (1.00 pkts/flow) +Confidence DPI : 1 (flows) QUIC 30 27593 1 @@ -9,4 +10,4 @@ JA3 Host Stats: 1 192.168.56.1 1 - 1 UDP 192.168.56.1:50277 <-> 192.168.56.198:4443 [proto: 188/QUIC][Encrypted][cat: Web/5][11 pkts/5450 bytes <-> 19 pkts/22143 bytes][Goodput ratio: 92/96][0.01 sec][ALPN: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 3/2 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 97/97 495/1165 1482/1482 539/528][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][PLAIN TEXT (anezfN)][Plen Bins: 0,23,3,0,0,6,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,47,0,0] + 1 UDP 192.168.56.1:50277 <-> 192.168.56.198:4443 [proto: 188/QUIC][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/5450 bytes <-> 19 pkts/22143 bytes][Goodput ratio: 92/96][0.01 sec][ALPN: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 3/2 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 97/97 495/1165 1482/1482 539/528][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][PLAIN TEXT (anezfN)][Plen Bins: 0,23,3,0,0,6,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,47,0,0] |