Add a new protocol id for generic advertisement/analytics/tracking stuff (#1904)

author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-03-20 17:01:18 +0100
committer: GitHub <noreply@github.com> 2023-03-20 17:01:18 +0100
commit: 12867962b04bcc8c8bf3a6adf6ab594091eee8ca (patch)
tree: 925c3bcda1fd2b3a19183973fc0b54c0c4f3a71c /tests/result
parent: 0e80828e146a30bc03b60eefbf0d4c3583e243e3 (diff)
3 files changed, 15 insertions, 12 deletions
diff --git a/tests/result/reddit.pcap.out b/tests/result/reddit.pcap.out
index 209ee480a..8a174c18e 100644
--- a/tests/result/reddit.pcap.out
+++ b/tests/result/reddit.pcap.out
@@ -8,11 +8,11 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/14/0 (insert/search/found)
+LRU cache tls_cert:   0/12/0 (insert/search/found)
 LRU cache mining:     0/1/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 LRU cache stun_zoom:  0/0/0 (insert/search/found)
-Automa host:          70/52 (search/found)
+Automa host:          70/53 (search/found)
 Automa domain:        70/0 (search/found)
 Automa tls cert:      2/0 (search/found)
 Automa risk mask:     0/0 (search/found)
@@ -21,7 +21,8 @@ Patricia risk mask:   0/0 (search/found)
 Patricia risk:        0/0 (search/found)
 Patricia protocols:   0/0 (search/found)
 
-TLS	202	71400	8
+TLS	175	62439	7
+ADS_Analytic_Track	27	8961	1
 Twitter	108	33623	3
 YouTube	103	37264	3
 Google	567	201496	19
@@ -62,7 +63,7 @@ JA3 Host Stats:
 	26	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38166 <-> [2a00:1450:4007:811::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][18 pkts/2582 bytes <-> 17 pkts/6805 bytes][Goodput ratio: 40/78][0.19 sec][Hostname/SNI: fonts.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 43/43 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 143/400 603/1294 130/409][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,6,0,12,0,0,0,0,0,6,6,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0]
 	27	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39626 <-> [64:ff9b::2278:cf94]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/2444 bytes <-> 15 pkts/6941 bytes][Goodput ratio: 43/81][0.43 sec][Hostname/SNI: id.rlcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/33 104/221 29/63][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/463 603/1474 135/553][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,7,0,0,0,0,7,0,0,0,0,0,0,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0]
 	28	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56578 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 10][cat: SocialNetwork/6][15 pkts/2848 bytes <-> 13 pkts/6172 bytes][Goodput ratio: 54/82][0.14 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.369 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 38/48 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 190/475 603/1134 167/462][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,14,7,0,0,0,0,7,0,0,7,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	29	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0]
+	29	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0]
 	30	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51006 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/2404 bytes <-> 15 pkts/5962 bytes][Goodput ratio: 42/78][0.15 sec][Hostname/SNI: adservice.google.fr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 52/37 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 150/397 603/1294 135/433][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,0,0,0,7,0,7,0,0,0,0,0,0,0,7,0,7,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0]
 	31	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38320 <-> [64:ff9b::6853:b3b6]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][13 pkts/2124 bytes <-> 13 pkts/6140 bytes][Goodput ratio: 47/82][0.19 sec][Hostname/SNI: c.aaxads.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.486 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 72/37 22/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 163/472 603/1474 147/558][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 8,0,25,0,0,0,0,8,25,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0]
 	32	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54726 <-> [2a00:1450:4007:808::2006]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][16 pkts/2391 bytes <-> 15 pkts/5296 bytes][Goodput ratio: 42/75][0.22 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/9 66/45 24/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/353 603/1294 134/414][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,21,14,0,0,0,0,0,7,0,0,0,7,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/tumblr.pcap.out b/tests/result/tumblr.pcap.out
index c52a77bd4..863e02379 100644
--- a/tests/result/tumblr.pcap.out
+++ b/tests/result/tumblr.pcap.out
@@ -8,11 +8,11 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/84/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/8/0 (insert/search/found)
+LRU cache tls_cert:   0/4/0 (insert/search/found)
 LRU cache mining:     0/28/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 LRU cache stun_zoom:  0/0/0 (insert/search/found)
-Automa host:          9/5 (search/found)
+Automa host:          9/7 (search/found)
 Automa domain:        9/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     0/0 (search/found)
@@ -23,7 +23,8 @@ Patricia protocols:   0/0 (search/found)
 
 Yahoo	31	9933	1
 Tumblr	84	38260	2
-TLS	470	181062	42
+TLS	416	163940	40
+ADS_Analytic_Track	54	17122	2
 Google	107	85437	1
 GoogleServices	63	44980	1
 
@@ -41,10 +42,10 @@ JA3 Host Stats:
 	7	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56794 <-> [64:ff9b::c000:4d03]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 13][cat: Web/5][19 pkts/2795 bytes <-> 24 pkts/15989 bytes][Goodput ratio: 42/87][0.06 sec][bytes ratio: -0.702 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 26/10 7/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/666 340/1486 72/675][Plen Bins: 26,10,3,10,10,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,33,0,0,0,0]
 	8	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:42908 <-> [64:ff9b::98c7:1593]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][16 pkts/1983 bytes <-> 18 pkts/15822 bytes][Goodput ratio: 31/90][1.30 sec][bytes ratio: -0.777 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108/76 700/700 209/196][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 124/879 468/1486 93/651][Plen Bins: 5,22,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0]
 	9	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43420 <-> [64:ff9b::c000:4d28]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][15 pkts/1601 bytes <-> 16 pkts/13434 bytes][Goodput ratio: 19/90][0.05 sec][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/2 37/10 10/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 107/840 246/1486 53/668][Plen Bins: 25,6,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0]
-	10	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][TLSv1.3][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0]
+	10	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][TLSv1.3][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0]
 	11	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47118 <-> [2001:4998:14:800::1001]:443 [proto: 91.70/TLS.Yahoo][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/2550 bytes <-> 15 pkts/7383 bytes][Goodput ratio: 46/82][0.57 sec][Hostname/SNI: cookiex.ngd.yahoo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/48 315/282 83/84][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 159/492 603/1474 154/531][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,14,14,0,0,0,0,0,14,0,0,0,0,7,0,0,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,14,0,0,0,0]
 	12	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56842 <-> [64:ff9b::c000:4d03]:443 [proto: 91.90/TLS.Tumblr][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][12 pkts/2375 bytes <-> 10 pkts/6485 bytes][Goodput ratio: 56/87][0.15 sec][Hostname/SNI: 64.media.tumblr.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.464 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/18 59/70 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 198/648 603/1486 170/664][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,20,10,0,0,0,0,0,0,20,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,30,0,0,0,0]
-	13	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][TLSv1.3][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	13	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][TLSv1.3][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	14	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51874 <-> [64:ff9b::c000:4c03]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][14 pkts/1971 bytes <-> 14 pkts/1808 bytes][Goodput ratio: 39/33][17.08 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1544/33 16623/194 4769/64][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/129 243/205 64/49][Plen Bins: 0,28,0,42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57286 <-> [64:ff9b::8fcc:d927]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][5 pkts/1152 bytes <-> 4 pkts/910 bytes][Goodput ratio: 63/62][0.20 sec][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 50/4 113/9 49/4][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 230/228 730/613 250/223][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:41266 <-> [2620:116:800d:21:8c6e:cf2c:8d6:9fb5]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][5 pkts/1186 bytes <-> 4 pkts/790 bytes][Goodput ratio: 64/56][0.21 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 52/8 121/15 49/6][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 237/198 750/486 257/168][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out
index f505cb931..b3d6b35b1 100644
--- a/tests/result/viber.pcap.out
+++ b/tests/result/viber.pcap.out
@@ -14,7 +14,7 @@ LRU cache tls_cert:   0/6/0 (insert/search/found)
 LRU cache mining:     0/4/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 LRU cache stun_zoom:  0/1/0 (insert/search/found)
-Automa host:          31/13 (search/found)
+Automa host:          31/15 (search/found)
 Automa domain:        31/0 (search/found)
 Automa tls cert:      2/0 (search/found)
 Automa risk mask:     0/0 (search/found)
@@ -23,11 +23,12 @@ Patricia risk mask:   54/0 (search/found)
 Patricia risk:        0/0 (search/found)
 Patricia protocols:   39/17 (search/found)
 
-DNS	6	1093	3
+DNS	4	716	2
 MDNS	4	412	1
 ICMP	2	3028	1
 TLS	90	32622	4
 ICMPV6	2	140	1
+ADS_Analytic_Track	2	377	1
 Facebook	2	281	1
 Google	34	9307	4
 Viber	295	105504	12
@@ -55,7 +56,7 @@ JA3 Host Stats:
 	15	TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI (partial)][DPI packets: 6][cat: Cloud/13][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0/0][5.72 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 1907/0 5652/0 2648/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI (partial)][DPI packets: 6][cat: Cloud/13][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0/0][7.27 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 2422/0 7191/0 3372/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	17	UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][20.01 sec][Hostname/SNI: _805741c9._sub._googlecast._tcp.local][_805741c9._sub._googlecast._tcp.local][PLAIN TEXT (805741C)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	18	UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Goodput ratio: 43/86][0.00 sec][Hostname/SNI: app.adjust.com][178.162.219.58][PLAIN TEXT (adjust)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	18	UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5.107/DNS.ADS_Analytic_Track][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Goodput ratio: 43/86][0.00 sec][Hostname/SNI: app.adjust.com][178.162.219.58][PLAIN TEXT (adjust)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/203 bytes][Goodput ratio: 46/79][0.00 sec][Hostname/SNI: graph.facebook.com][31.13.86.8][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Goodput ratio: 48/77][0.03 sec][Hostname/SNI: venetia.iad.appboy.com][151.101.1.130][PLAIN TEXT (venetia)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	21	UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/185 bytes][Goodput ratio: 46/77][0.12 sec][Hostname/SNI: media.cdn.viber.com][54.230.93.96][PLAIN TEXT (cloudfront)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-03-20 17:01:18 +0100
committer	GitHub <noreply@github.com>	2023-03-20 17:01:18 +0100
commit	12867962b04bcc8c8bf3a6adf6ab594091eee8ca (patch)
tree	925c3bcda1fd2b3a19183973fc0b54c0c4f3a71c /tests/result
parent	0e80828e146a30bc03b60eefbf0d4c3583e243e3 (diff)