diff options
| author | Luca Deri <deri@ntop.org> | 2019-09-27 17:35:08 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-09-27 17:35:08 +0200 |
| commit | b0c68dc29b18566043d7dd3bfd690cfe5c4e5d77 (patch) | |
| tree | 3dfbe9cc672beb61491c019d6b8f4dfbbe7fdf5b /tests | |
| parent | c839dcb74c5ab55191e91c2087fada9a079e70a7 (diff) | |
| parent | 05aa27e477af86eb1794807d43a2f4eceb84fa9d (diff) | |
Merge branch 'dev' of https://github.com/ntop/nDPI into dev
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/pcap/malware.pcap | bin | 468 -> 8441 bytes | |||
| -rw-r--r-- | tests/result/malware.pcap.out | 16 |
2 files changed, 12 insertions, 4 deletions
diff --git a/tests/pcap/malware.pcap b/tests/pcap/malware.pcap Binary files differindex c63389f04..7480b7014 100644 --- a/tests/pcap/malware.pcap +++ b/tests/pcap/malware.pcap diff --git a/tests/result/malware.pcap.out b/tests/result/malware.pcap.out index 448633b3e..6ce62b33d 100644 --- a/tests/result/malware.pcap.out +++ b/tests/result/malware.pcap.out @@ -1,7 +1,15 @@ DNS 2 216 1 -HTTP 1 66 1 +HTTP 3 547 2 ICMP 1 98 1 +OpenDNS 20 7140 1 - 1 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Host: www.internetbadguys.com][PLAIN TEXT (internetbadguys)] - 2 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes] - 3 TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes] +JA3 Host Stats: + IP Address # JA3C + 1 192.168.7.7 1 + + + 1 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91.225/TLS.OpenDNS][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57.1/64.1 199/249 87.3/99.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.4/651.1 571/1514 148.2/644.4][TLSv1.2][Client: www.internetbadguys.com][JA3C: f6ce47303dce394049af395fc6d0bc20][Server: api.opendns.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 2 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.7/HTTP][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Host: www.internetbadguys.com][PLAIN TEXT (GET / HTTP/1.1)] + 3 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Host: www.internetbadguys.com][PLAIN TEXT (internetbadguys)] + 4 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes] + 5 TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes] |