diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-03-20 17:56:02 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-20 17:56:02 +0100 |
| commit | 3a75a46212c044efc423d1833be89c4f144438ec (patch) | |
| tree | 5a44b838bf03e3b0dc4d34ff0e105d1992bf35c8 /tests | |
| parent | 12867962b04bcc8c8bf3a6adf6ab594091eee8ca (diff) | |
Add a new protocol id for generic Adult Content traffic (#1906)
The list has been taken from https://www.similarweb.com/top-websites/adult/
Fix a GoTo false positive.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/pcap/adult_content.pcap | bin | 0 -> 8396 bytes | |||
| -rw-r--r-- | tests/result/adult_content.pcap.out | 25 | ||||
| -rw-r--r-- | tests/result/http_guessed_host_and_guessed.pcapng.out | 16 |
3 files changed, 33 insertions, 8 deletions
diff --git a/tests/pcap/adult_content.pcap b/tests/pcap/adult_content.pcap Binary files differnew file mode 100644 index 000000000..68f8016c1 --- /dev/null +++ b/tests/pcap/adult_content.pcap diff --git a/tests/result/adult_content.pcap.out b/tests/result/adult_content.pcap.out new file mode 100644 index 000000000..8f7ed8a13 --- /dev/null +++ b/tests/result/adult_content.pcap.out @@ -0,0 +1,25 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 4 (4.00 pkts/flow) +Confidence DPI : 1 (flows) +Num dissector calls: 142 (142.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/3/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 2/10/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 1/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 2/0 (search/found) + +AdultContent 25 7972 1 + + 1 UDP 192.168.1.199:42759 <-> 31.220.27.69:80 [proto: 78.108/STUN.AdultContent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: AdultContent/34][11 pkts/3593 bytes <-> 14 pkts/4379 bytes][Goodput ratio: 87/87][0.22 sec][Hostname/SNI: b-eu14.stripcdn.com][bytes ratio: -0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/14 55/54 17/17][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 327/313 1246/1418 350/353][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (NurOKA)][Plen Bins: 8,8,12,24,8,16,0,0,4,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0] diff --git a/tests/result/http_guessed_host_and_guessed.pcapng.out b/tests/result/http_guessed_host_and_guessed.pcapng.out index b79d63cca..1c4c208ca 100644 --- a/tests/result/http_guessed_host_and_guessed.pcapng.out +++ b/tests/result/http_guessed_host_and_guessed.pcapng.out @@ -1,17 +1,17 @@ -Guessed flow protos: 1 +Guessed flow protos: 0 DPI Packets (TCP): 1 (1.00 pkts/flow) -Confidence DPI (partial) : 1 (flows) -Num dissector calls: 116 (116.00 diss/flow) +Confidence DPI : 1 (flows) +Num dissector calls: 13 (13.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) -LRU cache bittorrent: 0/3/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) -LRU cache mining: 0/1/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache stun_zoom: 0/0/0 (insert/search/found) -Automa host: 1/0 (search/found) +Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) @@ -20,6 +20,6 @@ Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 1/1 (search/found) -Alibaba 1 123 1 +AdultContent 1 123 1 - 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 2.274/POP3.Alibaba][IP: 274/Alibaba][ClearText][Confidence: DPI (partial)][DPI packets: 1][cat: Email/3][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: pornhub.com][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: No client to server traffic / TCP probing attempt][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 7.108/HTTP.AdultContent][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 1][cat: AdultContent/34][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: pornhub.com][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Expected on port 80][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |