Skinny: rework and improve classification (#1625)

author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2022-07-03 19:25:00 +0200
committer: GitHub <noreply@github.com> 2022-07-03 19:25:00 +0200
commit: 422d0025421565f56be4e75d1217fb96fcf41dc8 (patch)
tree: 8d73feb343a66ebc08ff4957697f88dc0b348070 /tests
parent: eed47acfc8532486a830404268def82cb0794f77 (diff)
3 files changed, 21 insertions, 1 deletions
diff --git a/tests/pcap/skinny.pcap b/tests/pcap/skinny.pcap
new file mode 100644
index 000000000..cda98c63a
--- /dev/null
+++ b/tests/pcap/skinny.pcap
diff --git a/tests/result/sccp_hw_conf_register.pcapng.out b/tests/result/sccp_hw_conf_register.pcapng.out
index 5bbfc395c..a7f974e62 100644
--- a/tests/result/sccp_hw_conf_register.pcapng.out
+++ b/tests/result/sccp_hw_conf_register.pcapng.out
@@ -1,6 +1,6 @@
 Guessed flow protos:	0
 
-DPI Packets (TCP):	15	(15.00 pkts/flow)
+DPI Packets (TCP):	4	(4.00 pkts/flow)
 Confidence DPI              : 1 (flows)
 
 CiscoSkinny	17	1522	1
diff --git a/tests/result/skinny.pcap.out b/tests/result/skinny.pcap.out
new file mode 100644
index 000000000..19eed6562
--- /dev/null
+++ b/tests/result/skinny.pcap.out
@@ -0,0 +1,20 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	3	(1.00 pkts/flow)
+DPI Packets (UDP):	5	(1.00 pkts/flow)
+DPI Packets (other):	1	(1.00 pkts/flow)
+Confidence DPI              : 9 (flows)
+
+ICMP	2	140	1
+RTP	2871	614394	5
+CiscoSkinny	94	10114	3
+
+	1	UDP 192.168.195.58:32144 <-> 192.168.195.50:17718 [proto: 87/RTP][ClearText][Confidence: DPI][cat: Media/1][730 pkts/156220 bytes <-> 712 pkts/152368 bytes][Goodput ratio: 80/80][7.28 sec][bytes ratio: 0.012 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 20/20 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 214/214 214/214 214/214 0/0][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.195.58:32150 -> 192.168.193.24:9395 [proto: 87/RTP][ClearText][Confidence: DPI][cat: Media/1][365 pkts/78110 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][7.28 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP 192.168.195.58:32152 -> 192.168.193.24:9396 [proto: 87/RTP][ClearText][Confidence: DPI][cat: Media/1][356 pkts/76184 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][7.10 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (wskptvv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 192.168.195.50:17726 -> 192.168.193.24:9399 [proto: 87/RTP][ClearText][Confidence: DPI][cat: Media/1][355 pkts/75970 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][7.08 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (wskptvv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP 192.168.195.50:17732 -> 192.168.193.24:9400 [proto: 87/RTP][ClearText][Confidence: DPI][cat: Media/1][353 pkts/75542 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][7.04 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (xwwsvyux)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	TCP 192.168.195.58:49399 <-> 192.168.193.12:2000 [proto: 164/CiscoSkinny][ClearText][Confidence: DPI][cat: VoIP/10][20 pkts/1628 bytes <-> 28 pkts/3570 bytes][Goodput ratio: 30/56][11.13 sec][bytes ratio: -0.374 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 734/479 5931/5892 1663/1376][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 81/128 242/378 41/88][PLAIN TEXT (RIX Meeting Room)][Plen Bins: 45,22,0,0,16,6,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	TCP 192.168.193.12:2000 <-> 192.168.195.50:51532 [proto: 164/CiscoSkinny][ClearText][Confidence: DPI][cat: VoIP/10][24 pkts/3166 bytes <-> 20 pkts/1624 bytes][Goodput ratio: 58/30][22.92 sec][bytes ratio: 0.322 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 699/417 6999/3582 1749/1018][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 132/81 546/242 116/41][PLAIN TEXT (RIX Meeting Room)][Plen Bins: 50,22,0,0,14,3,3,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	8	ICMP 192.168.195.50:0 -> 192.168.195.58:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	9	TCP 192.168.195.58:50917 <-> 10.16.2.25:2000 [proto: 164/CiscoSkinny][ClearText][Confidence: DPI][cat: VoIP/10][1 pkts/66 bytes <-> 1 pkts/60 bytes][Goodput ratio: 18/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2022-07-03 19:25:00 +0200
committer	GitHub <noreply@github.com>	2022-07-03 19:25:00 +0200
commit	422d0025421565f56be4e75d1217fb96fcf41dc8 (patch)
tree	8d73feb343a66ebc08ff4957697f88dc0b348070 /tests
parent	eed47acfc8532486a830404268def82cb0794f77 (diff)