aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorVitaly Lavrov <vel21ripn@gmail.com>2022-03-08 02:20:56 +0300
committerGitHub <noreply@github.com>2022-03-08 00:20:56 +0100
commita1451935b8653adc830ee4cb827def3622fb02d6 (patch)
tree7056ae6059f3a4126afec650420654cba0f44e66 /tests
parentc345b3c7af89957ef4bc55e2ccf1b1a4bc724f3a (diff)
Errors fixed (#1482)
Fixed errors for bigendian platforms in ndpiReader. All address and port comparisons and hash calculations are done with endian in mind. The get_ndpi_flow_info() function searched for an existing flow for the forward and reverse direction of the packet. The ndpi_workflow_node_cmp() function looked for a flow regardless of the packet's direction. This is what led to an error in determining the direction of transmission of the packet. Fixed error in "synscan" test: the number of packets in the forward and reverse direction is incorrectly defined (verified via tcpdump). Fixed bug with icmp protocol checksum check for big endian platforms.
Diffstat (limited to 'tests')
-rw-r--r--tests/result/anydesk-2.pcap.out4
-rw-r--r--tests/result/instagram.pcap.out4
-rw-r--r--tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out8
-rw-r--r--tests/result/quic_interop_V.pcapng.out4
-rw-r--r--tests/result/synscan.pcap.out2
5 files changed, 11 insertions, 11 deletions
diff --git a/tests/result/anydesk-2.pcap.out b/tests/result/anydesk-2.pcap.out
index d0de427e0..9d45b4a89 100644
--- a/tests/result/anydesk-2.pcap.out
+++ b/tests/result/anydesk-2.pcap.out
@@ -8,8 +8,8 @@ AnyDesk 2083 346113 4
JA3 Host Stats:
IP Address # JA3C
- 1 192.168.1.187 1
- 2 192.168.1.178 1
+ 1 192.168.1.178 1
+ 2 192.168.1.187 1
1 TCP 192.168.1.187:54164 <-> 192.168.1.178:7070 [proto: 91.252/TLS.AnyDesk][Encrypted][Confidence: DPI][cat: RemoteAccess/12][509 pkts/226247 bytes <-> 1555 pkts/115282 bytes][Goodput ratio: 88/22][22.84 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/14 2966/3021 229/106][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/74 1511/1514 475/47][Risk: ** Known Protocol on Non Standard Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extension **** Desktop/File Sharing Session **][Risk Score: 120][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA3S: ee644a8a34c434abca4b737ec1d9efad][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0][Firefox][Cipher: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,64,6,1,3,1,1,1,0,1,1,0,0,1,1,0,3,0,0,0,0,0,3,1,0,1,1,0,1,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,1,0,0]
diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out
index d1dccfc23..4f9c2d0a9 100644
--- a/tests/result/instagram.pcap.out
+++ b/tests/result/instagram.pcap.out
@@ -18,8 +18,8 @@ Instagram 3062 2617399 22
JA3 Host Stats:
IP Address # JA3C
- 1 192.168.2.17 2
- 2 192.168.0.103 1
+ 1 192.168.0.103 1
+ 2 192.168.2.17 2
1 TCP 192.168.2.17:49355 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][Encrypted][Confidence: DPI][cat: SocialNetwork/6][456 pkts/33086 bytes <-> 910 pkts/1277296 bytes][Goodput ratio: 9/95][14.29 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/1 10107/274 547/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/1404 657/1454 57/231][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.3 (Fizz)][JA3C: 7a29c223fb122ec64d10f0a159e07996][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0,0,0]
diff --git a/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
index cc81070e1..c945427cc 100644
--- a/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
+++ b/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
@@ -11,10 +11,10 @@ GoogleCloud 3 4176 3
JA3 Host Stats:
IP Address # JA3C
- 1 147.196.90.42 1
- 2 168.144.64.5 1
- 3 52.187.20.175 1
- 4 159.117.176.124 1
+ 1 52.187.20.175 1
+ 2 159.117.176.124 1
+ 3 168.144.64.5 1
+ 4 147.196.90.42 1
1 UDP 52.187.20.175:49880 -> 208.229.157.81:443 [proto: 188.276/QUIC.Azure][Encrypted][Confidence: DPI][cat: Cloud/13][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
diff --git a/tests/result/quic_interop_V.pcapng.out b/tests/result/quic_interop_V.pcapng.out
index 93c8b9da5..a73e306d0 100644
--- a/tests/result/quic_interop_V.pcapng.out
+++ b/tests/result/quic_interop_V.pcapng.out
@@ -12,8 +12,8 @@ Azure 36 39266 6
JA3 Host Stats:
IP Address # JA3C
- 1 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d 1
- 2 192.168.1.128 1
+ 1 192.168.1.128 1
+ 2 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d 1
1 UDP 192.168.1.128:34511 -> 131.159.24.198:443 [proto: 188/QUIC][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][Hostname/SNI: pandora.cm.in.tum.de][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1419/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (SezYZO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
diff --git a/tests/result/synscan.pcap.out b/tests/result/synscan.pcap.out
index 7a964d9a8..6559c7206 100644
--- a/tests/result/synscan.pcap.out
+++ b/tests/result/synscan.pcap.out
@@ -59,7 +59,7 @@ TargusDataspeed 2 116 2
DNP3 2 116 2
iSCSI 2 116 2
- 1 TCP 172.16.0.8:36050 -> 64.13.134.52:22 [proto: 92/SSH][Encrypted][Confidence: Match by port][cat: RemoteAccess/12][5 pkts/298 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][21.68 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 172.16.0.8:36050 <-> 64.13.134.52:22 [proto: 92/SSH][Encrypted][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.68 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 5/DNS][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][::][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 172.16.0.8:36050 <-> 64.13.134.52:80 [proto: 7/HTTP][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.27 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 172.16.0.8:36050 <-> 64.13.134.52:25 [proto: 3/SMTP][ClearText][Confidence: Match by port][cat: Email/3][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.