diff options
| author | Toni <matzeton@googlemail.com> | 2021-07-25 21:54:19 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-25 21:54:19 +0200 |
| commit | 29ec34f66d91004f460aa6d4f3e28d75b78c9aa5 (patch) | |
| tree | 5009728c82d671ff11a859782b879801c5b96c37 /tests | |
| parent | a482e1c0becfa48969e3e01dcab7e76907e0484d (diff) | |
Improved TFTP detection. Fixes #1242, #1256 (#1262)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/pcap/tftp.pcap (renamed from tests/pcap/tftp_rrq.pcap) | bin | 31463 -> 32811 bytes | |||
| -rw-r--r-- | tests/result/tftp.pcap.out | 10 | ||||
| -rw-r--r-- | tests/result/tftp_rrq.pcap.out | 9 |
3 files changed, 10 insertions, 9 deletions
diff --git a/tests/pcap/tftp_rrq.pcap b/tests/pcap/tftp.pcap Binary files differindex 6c5efa8ba..9c3cb2cbf 100644 --- a/tests/pcap/tftp_rrq.pcap +++ b/tests/pcap/tftp.pcap diff --git a/tests/result/tftp.pcap.out b/tests/result/tftp.pcap.out new file mode 100644 index 000000000..9fa439cbe --- /dev/null +++ b/tests/result/tftp.pcap.out @@ -0,0 +1,10 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 10 (2.50 pkts/flow) + +TFTP 104 31123 4 + + 1 UDP 192.168.0.10:3445 <-> 192.168.0.253:50618 [proto: 96/TFTP][cat: DataTransfer/4][49 pkts/26853 bytes <-> 49 pkts/2940 bytes][Goodput ratio: 92/7][0.18 sec][bytes ratio: 0.803 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2 3/3 9/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 69/60 548/60 558/60 69/0][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (Network Working Group )][Plen Bins: 51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 172.28.5.170:62058 <-> 172.28.5.91:44618 [proto: 96/TFTP][cat: DataTransfer/4][2 pkts/92 bytes <-> 2 pkts/1116 bytes][Goodput ratio: 9/92][0.00 sec][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (BCCCCCC)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.0.253:50618 -> 192.168.0.10:69 [proto: 96/TFTP][cat: DataTransfer/4][1 pkts/62 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][PLAIN TEXT (1350.txt)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 172.28.5.91:44618 -> 172.28.5.170:69 [proto: 96/TFTP][cat: DataTransfer/4][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][< 1 sec][PLAIN TEXT (zz.bin)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tftp_rrq.pcap.out b/tests/result/tftp_rrq.pcap.out deleted file mode 100644 index 2d2c1e6b5..000000000 --- a/tests/result/tftp_rrq.pcap.out +++ /dev/null @@ -1,9 +0,0 @@ -Guessed flow protos: 1 - -DPI Packets (UDP): 3 (1.50 pkts/flow) - -STUN 1 62 1 -TFTP 98 29793 1 - - 1 UDP 192.168.0.10:3445 <-> 192.168.0.253:50618 [proto: 96/TFTP][cat: DataTransfer/4][49 pkts/26853 bytes <-> 49 pkts/2940 bytes][Goodput ratio: 92/7][0.18 sec][bytes ratio: 0.803 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2 3/3 9/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 69/60 548/60 558/60 69/0][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (Network Working Group )][Plen Bins: 51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.0.253:50618 -> 192.168.0.10:69 [proto: 78/STUN][cat: Network/14][1 pkts/62 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][PLAIN TEXT (1350.txt)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |