Improved TLS alert detection.improved/tls-alert-detection

Signed-off-by: lns <matzeton@googlemail.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out
index 304cf8c64..9dfb4a06f 100644
--- a/tests/result/webex.pcap.out
+++ b/tests/result/webex.pcap.out
@@ -2,9 +2,9 @@ Guessed flow protos:	26
 
 DPI Packets (TCP):	515	(9.36 pkts/flow)
 DPI Packets (UDP):	17	(8.50 pkts/flow)
-Confidence Match by port    : 2 (flows)
+Confidence Match by port    : 1 (flows)
 Confidence Match by IP      : 3 (flows)
-Confidence DPI              : 52 (flows)
+Confidence DPI              : 53 (flows)
 
 HTTP	22	3182	2
 TLS	106	11841	8
@@ -71,7 +71,7 @@ JA3 Host Stats:
 	51	TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][Encrypted][Confidence: DPI][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	52	TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/TLS.Webex][Encrypted][Confidence: DPI][cat: VoIP/10][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	53	TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][Encrypted][Confidence: DPI][cat: VoIP/10][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	54	TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][Confidence: Match by port][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	54	TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	55	TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][Encrypted][Confidence: Match by IP][cat: VoIP/10][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	56	TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/TLS][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	57	TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.265/TLS.AmazonAWS][Encrypted][Confidence: Match by IP][cat: Cloud/13][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]