aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2019-11-28 23:20:40 +0100
committerLuca Deri <deri@ntop.org>2019-11-28 23:20:40 +0100
commit7da7ae622b2b77ea573319b1485018e8df6fdd6b (patch)
tree839961b097c0c2e79eb60e877f13fd5519daee30 /tests
parentd328c3bccc55d0c0171a3c227a23b8e4e663819d (diff)
Improvements to stop dissection when the first protocol is detected
Used IP-based detection to compute the application protocol Improved application detection
Diffstat (limited to 'tests')
-rw-r--r--tests/result/1kxun.pcap.out4
-rw-r--r--tests/result/anyconnect-vpn.pcap.out6
-rw-r--r--tests/result/nest_log_sink.pcap.out17
-rw-r--r--tests/result/nintendo.pcap.out6
-rw-r--r--tests/result/skype.pcap.out8
-rw-r--r--tests/result/skype_no_unknown.pcap.out5
-rw-r--r--tests/result/whatsapp_login_call.pcap.out5
-rw-r--r--tests/result/whatsapp_login_chat.pcap.out5
-rw-r--r--tests/result/zoom.pcap.out6
9 files changed, 29 insertions, 33 deletions
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out
index e2d5cea15..b21b10984 100644
--- a/tests/result/1kxun.pcap.out
+++ b/tests/result/1kxun.pcap.out
@@ -2,7 +2,6 @@ Unknown 24 6428 14
DNS 5 638 2
HTTP 945 530967 19
MDNS 1 82 1
-NTP 1 90 1
NetBIOS 31 3589 8
SSDP 143 36951 13
DHCP 24 8208 5
@@ -12,6 +11,7 @@ TLS 105 21914 7
DHCPV6 10 980 3
Facebook 19 6840 2
Google 12 991 4
+Apple 1 90 1
LLMNR 89 6799 47
JA3 Host Stats:
@@ -127,7 +127,7 @@ JA3 Host Stats:
106 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 53.8/0.0][< 1 sec][Host: sanji-lifebook-][PLAIN TEXT ( FDEBEOEKEJ)]
107 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 31.5/0.0][< 1 sec][Host: charming-pc][PLAIN TEXT (charming)]
108 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 31.5/0.0][< 1 sec][Host: charming-pc][PLAIN TEXT (charming)]
- 109 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][< 1 sec]
+ 109 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9.140/NTP.Apple][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 52.7/0.0][< 1 sec]
110 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48.2/0.0][< 1 sec][PLAIN TEXT (googlecast)]
111 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40.3/0.0][< 1 sec][Host: charming-pc][PLAIN TEXT (charming)]
112 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40.3/0.0][< 1 sec][Host: charming-pc][PLAIN TEXT (charming)]
diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out
index d521cbec5..e4841247f 100644
--- a/tests/result/anyconnect-vpn.pcap.out
+++ b/tests/result/anyconnect-vpn.pcap.out
@@ -11,10 +11,10 @@ ICMPV6 18 2964 2
Slack 29 4979 2
Google 2 132 1
AJP 5 390 1
-Apple 2 297 1
+Apple 7 656 2
CiscoVPN 33 4378 2
Amazon 36 3540 3
-ApplePush 11 1325 4
+ApplePush 6 966 3
JA3 Host Stats:
IP Address # JA3C
@@ -51,7 +51,7 @@ JA3 Host Stats:
28 UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][cat: Cloud/13][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 53.8/86.7][0.02 sec][Host: 1-courier.sandbox.push.apple.com][PLAIN TEXT (courier)]
29 TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][cat: Web/5][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0.0/0.0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.0 0/0 0.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66.0/66.0 66/66 0.0/0.0]
30 TCP 10.0.0.227:56916 -> 10.0.0.151:8009 [proto: 139/AJP][cat: Web/5][5 pkts/390 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][5.03 sec]
- 31 TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 238/ApplePush][cat: Cloud/13][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0.0/28.5][0.02 sec]
+ 31 TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 238.140/ApplePush.Apple][cat: Cloud/13][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0.0/28.5][0.02 sec]
32 UDP 10.0.0.151:1900 -> 10.0.0.227:61328 [proto: 12/SSDP][cat: System/18][1 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 87.9/0.0][< 1 sec][PLAIN TEXT (HTTP/1.1 200 OK)]
33 TCP 10.0.0.227:56910 <-> 35.201.124.9:443 [proto: 91/TLS][cat: Web/5][2 pkts/170 bytes <-> 2 pkts/164 bytes][Goodput ratio: 22.2/19.4][0.05 sec]
34 UDP 10.0.0.227:62427 <-> 75.75.75.75:53 [proto: 5/DNS][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/242 bytes][Goodput ratio: 49.4/82.3][0.02 sec][Host: detectportal.firefox.com][PLAIN TEXT (detectportal)]
diff --git a/tests/result/nest_log_sink.pcap.out b/tests/result/nest_log_sink.pcap.out
index c8cbf739e..5db8503ec 100644
--- a/tests/result/nest_log_sink.pcap.out
+++ b/tests/result/nest_log_sink.pcap.out
@@ -1,17 +1,18 @@
DNS 15 1612 1
-NestLogSink 759 116848 13
+NestLogSink 457 44483 6
+Google 302 72365 7
- 1 TCP 192.168.242.15:63342 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][cat: Cloud/13][37 pkts/14650 bytes <-> 35 pkts/4115 bytes][Goodput ratio: 86.1/54.0][4.71 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 142.2/150.2 1347/1490 250.6/289.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 395.9/117.6 585/733 191.9/107.5][PLAIN TEXT (05CA02AC4414028)]
- 2 TCP 192.168.242.15:63345 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][cat: Cloud/13][36 pkts/14613 bytes <-> 35 pkts/4114 bytes][Goodput ratio: 86.4/53.9][4.14 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 11/0 131.6/134.1 1166/1477 228.8/290.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 405.9/117.5 584/732 185.3/107.3][PLAIN TEXT (05CA02AC4414028)]
- 3 TCP 192.168.242.15:63351 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][cat: Cloud/13][25 pkts/9229 bytes <-> 24 pkts/2916 bytes][Goodput ratio: 85.0/55.4][3.56 sec][bytes ratio: 0.520 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/0 163.8/174.5 1319/1484 293.5/350.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 369.2/121.5 584/733 204.4/129.6][PLAIN TEXT (05CA02AC4414028)]
- 4 TCP 192.168.242.15:63348 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][cat: Cloud/13][25 pkts/9114 bytes <-> 24 pkts/2915 bytes][Goodput ratio: 84.8/55.4][3.42 sec][bytes ratio: 0.515 (Upload)][IAT c2s/s2c min/avg/max/stddev: 10/0 157.7/169.4 1167/1475 265.8/349.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 364.6/121.5 584/732 204.5/129.4][PLAIN TEXT (05CA02AC4414028)]
+ 1 TCP 192.168.242.15:63342 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][37 pkts/14650 bytes <-> 35 pkts/4115 bytes][Goodput ratio: 86.1/54.0][4.71 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 142.2/150.2 1347/1490 250.6/289.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 395.9/117.6 585/733 191.9/107.5][PLAIN TEXT (05CA02AC4414028)]
+ 2 TCP 192.168.242.15:63345 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][36 pkts/14613 bytes <-> 35 pkts/4114 bytes][Goodput ratio: 86.4/53.9][4.14 sec][bytes ratio: 0.561 (Upload)][IAT c2s/s2c min/avg/max/stddev: 11/0 131.6/134.1 1166/1477 228.8/290.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 405.9/117.5 584/732 185.3/107.3][PLAIN TEXT (05CA02AC4414028)]
+ 3 TCP 192.168.242.15:63351 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][25 pkts/9229 bytes <-> 24 pkts/2916 bytes][Goodput ratio: 85.0/55.4][3.56 sec][bytes ratio: 0.520 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/0 163.8/174.5 1319/1484 293.5/350.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 369.2/121.5 584/733 204.4/129.6][PLAIN TEXT (05CA02AC4414028)]
+ 4 TCP 192.168.242.15:63348 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][25 pkts/9114 bytes <-> 24 pkts/2915 bytes][Goodput ratio: 84.8/55.4][3.42 sec][bytes ratio: 0.515 (Upload)][IAT c2s/s2c min/avg/max/stddev: 10/0 157.7/169.4 1167/1475 265.8/349.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 364.6/121.5 584/732 204.5/129.4][PLAIN TEXT (05CA02AC4414028)]
5 TCP 192.168.242.15:63343 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][cat: Cloud/13][60 pkts/5549 bytes <-> 56 pkts/5094 bytes][Goodput ratio: 36.1/40.5][1799.54 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/16 33934.9/28186.7 60073/60075 29484.2/29644.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 92.5/91.0 585/731 96.8/125.8][PLAIN TEXT (05CA02AC4414028)]
6 TCP 192.168.242.15:63352 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][cat: Cloud/13][50 pkts/4894 bytes <-> 46 pkts/4392 bytes][Goodput ratio: 39.7/43.3][1508.66 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/17 33170.0/30242.3 60184/60262 29629.6/29816.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 97.9/95.5 586/730 105.0/136.5][PLAIN TEXT (05CA02AC4414028)]
7 TCP 192.168.242.15:63346 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][cat: Cloud/13][41 pkts/4409 bytes <-> 37 pkts/3907 bytes][Goodput ratio: 45.4/48.7][1042.88 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/15 27923.8/26021.8 60088/60136 29300.8/29455.1][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 107.5/105.6 585/731 114.0/150.6][PLAIN TEXT (05CA02AC4414028)]
8 TCP 192.168.242.15:63349 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][cat: Cloud/13][28 pkts/3254 bytes <-> 24 pkts/3040 bytes][Goodput ratio: 49.8/57.2][602.97 sec][bytes ratio: 0.034 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/14 24649.0/24894.2 60122/60151 29303.3/29368.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 116.2/126.7 584/732 117.5/180.8][PLAIN TEXT (05CA02AC4414028)]
9 TCP 192.168.242.15:63350 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][cat: Cloud/13][18 pkts/2655 bytes <-> 14 pkts/2499 bytes][Goodput ratio: 61.1/69.6][153.64 sec][bytes ratio: 0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/15 10959.9/13629.3 60124/60155 21488.4/24847.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 147.5/178.5 585/731 137.0/222.5][PLAIN TEXT (05CA02AC4414028)]
10 TCP 192.168.242.15:63340 <-> 35.174.82.237:11095 [proto: 43/NestLogSink][cat: Cloud/13][42 pkts/2576 bytes <-> 41 pkts/2214 bytes][Goodput ratio: 2.4/0.0][1615.16 sec][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/143 39827.0/40755.2 60071/60122 27934.1/27879.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 61.3/54.0 116/54 8.5/0.0]
- 11 TCP 192.168.242.15:63344 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][cat: Cloud/13][11 pkts/2565 bytes <-> 10 pkts/1389 bytes][Goodput ratio: 75.6/60.8][5.29 sec][bytes ratio: 0.297 (Upload)][IAT c2s/s2c min/avg/max/stddev: 61/0 640.5/729.1 2711/3410 865.2/1201.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 233.2/138.9 584/732 216.6/199.2][PLAIN TEXT (05CA02AC4414028)]
- 12 TCP 192.168.242.15:63347 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][cat: Cloud/13][10 pkts/1983 bytes <-> 10 pkts/1390 bytes][Goodput ratio: 71.2/60.8][2.81 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 63/0 341.6/348.9 1182/1489 362.6/517.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 198.3/139.0 586/733 195.5/199.5][PLAIN TEXT (05CA02AC4414028)]
- 13 TCP 192.168.242.15:63353 <-> 35.188.154.186:11095 [proto: 43/NestLogSink][cat: Cloud/13][10 pkts/1983 bytes <-> 10 pkts/1389 bytes][Goodput ratio: 71.2/60.8][2.65 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 70/0 321.0/347.6 1162/1502 365.5/527.2][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 198.3/138.9 586/732 195.5/199.2][PLAIN TEXT (05CA02AC4414028)]
+ 11 TCP 192.168.242.15:63344 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][11 pkts/2565 bytes <-> 10 pkts/1389 bytes][Goodput ratio: 75.6/60.8][5.29 sec][bytes ratio: 0.297 (Upload)][IAT c2s/s2c min/avg/max/stddev: 61/0 640.5/729.1 2711/3410 865.2/1201.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 233.2/138.9 584/732 216.6/199.2][PLAIN TEXT (05CA02AC4414028)]
+ 12 TCP 192.168.242.15:63347 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][10 pkts/1983 bytes <-> 10 pkts/1390 bytes][Goodput ratio: 71.2/60.8][2.81 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 63/0 341.6/348.9 1182/1489 362.6/517.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 198.3/139.0 586/733 195.5/199.5][PLAIN TEXT (05CA02AC4414028)]
+ 13 TCP 192.168.242.15:63353 <-> 35.188.154.186:11095 [proto: 43.126/NestLogSink.Google][cat: Cloud/13][10 pkts/1983 bytes <-> 10 pkts/1389 bytes][Goodput ratio: 71.2/60.8][2.65 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 70/0 321.0/347.6 1162/1502 365.5/527.2][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 198.3/138.9 586/732 195.5/199.2][PLAIN TEXT (05CA02AC4414028)]
14 UDP 192.168.242.15:52849 <-> 192.168.242.1:53 [proto: 5/DNS][cat: Network/14][8 pkts/713 bytes <-> 7 pkts/899 bytes][Goodput ratio: 52.8/67.2][3600.37 sec][Host: weave-logsink.nest.com][bytes ratio: -0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 22/4311 596403.3/515880.4 1795476/1795277 670695.5/701384.1][Pkt Len c2s/s2c min/avg/max/stddev: 82/98 89.1/128.4 101/169 9.2/35.1][PLAIN TEXT (logsink)]
diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out
index 98bd3f2e8..34143be84 100644
--- a/tests/result/nintendo.pcap.out
+++ b/tests/result/nintendo.pcap.out
@@ -1,6 +1,6 @@
ICMP 30 2100 2
-Nintendo 890 320242 12
-Amazon 76 10811 7
+Nintendo 887 319888 11
+Amazon 79 11165 8
JA3 Host Stats:
IP Address # JA3C
@@ -23,7 +23,7 @@ JA3 Host Stats:
14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27.5/27.5][0.06 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1.0/0.8 4/3 1.7/1.3][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58.0/58.0 58/58 0.0/0.0]
15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61.3/84.8][0.03 sec][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][PLAIN TEXT (fb203858ebc)]
16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61.3/84.8][< 1 sec][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][PLAIN TEXT (fb203858ebc)]
- 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes][Goodput ratio: 64.2/0.0][0.00 sec]
+ 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173.178/Nintendo.Amazon][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes][Goodput ratio: 64.2/0.0][0.00 sec]
18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][cat: Web/5][3 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 60.2/0.0][0.00 sec][PLAIN TEXT (NATTestId)]
19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/298 bytes -> 0 pkts/0 bytes][Goodput ratio: 85.6/0.0][< 1 sec]
20 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes -> 0 pkts/0 bytes][Goodput ratio: 27.5/0.0][0.00 sec]
diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out
index 45d402e2a..db6d78183 100644
--- a/tests/result/skype.pcap.out
+++ b/tests/result/skype.pcap.out
@@ -1,7 +1,6 @@
Unknown 753 81587 37
DNS 2 267 1
MDNS 8 1736 2
-NTP 2 180 1
SSDP 101 38156 6
SkypeCall 152 10704 144
ICMP 8 656 1
@@ -9,10 +8,9 @@ IGMP 5 258 4
TLS 96 8876 7
Dropbox 38 17948 5
Skype 1796 451121 80
-Apple 3 168 1
+Apple 17 2225 3
AppleiCloud 88 20520 2
Spotify 5 430 1
-ApplePush 12 1877 1
JA3 Host Stats:
IP Address # JA3C
@@ -33,7 +31,7 @@ JA3 Host Stats:
12 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes][Goodput ratio: 92.2/0.0][120.16 sec][PLAIN TEXT ( 3375359593)]
13 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes][Goodput ratio: 92.2/0.0][120.15 sec][PLAIN TEXT ( 3375359593)]
14 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][12 pkts/2140 bytes <-> 3 pkts/200 bytes][Goodput ratio: 62.4/0.0][20.12 sec][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1686.5/0.0 6249/0 2226.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 178.3/66.7 233/74 77.4/5.7][TLSv1][Client: apps.skype.com]
- 15 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/1211 bytes <-> 6 pkts/666 bytes][Goodput ratio: 67.2/40.5][66.95 sec][bytes ratio: 0.290 (Upload)][IAT c2s/s2c min/avg/max/stddev: 228/1 16680.0/16680.0 43974/44201 18098.6/18356.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201.8/111.0 471/156 151.4/45.0]
+ 15 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238.140/ApplePush.Apple][cat: Cloud/13][6 pkts/1211 bytes <-> 6 pkts/666 bytes][Goodput ratio: 67.2/40.5][66.95 sec][bytes ratio: 0.290 (Upload)][IAT c2s/s2c min/avg/max/stddev: 228/1 16680.0/16680.0 43974/44201 18098.6/18356.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201.8/111.0 471/156 151.4/45.0]
16 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][13 pkts/1554 bytes <-> 3 pkts/200 bytes][Goodput ratio: 44.0/0.0][29.28 sec][bytes ratio: 0.772 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/73 2359.7/73.0 8785/73 2805.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 119.5/66.7 138/74 27.3/5.7]
17 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/TLS][cat: Web/5][13 pkts/1392 bytes <-> 3 pkts/200 bytes][Goodput ratio: 37.5/0.0][25.19 sec][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/66 2027.6/66.0 7535/66 2315.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 107.1/66.7 138/74 21.3/5.7]
18 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][12 pkts/1305 bytes <-> 3 pkts/285 bytes][Goodput ratio: 39.3/27.6][17.34 sec][bytes ratio: 0.642 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/77 1416.3/77.0 5596/77 1925.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 108.8/95.0 138/145 30.7/35.5]
@@ -124,7 +122,7 @@ JA3 Host Stats:
103 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 29.9/0.0][20.13 sec]
104 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Goodput ratio: 57.8/74.3][0.07 sec][Host: db3msgr5011709.gateway.messenger.live.com][PLAIN TEXT (MSGR5011709)]
105 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Goodput ratio: 57.8/67.9][0.05 sec][Host: p05-keyvalueservice.icloud.com.akadns.net][PLAIN TEXT (valueservice)]
- 106 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 52.7/52.7][0.05 sec]
+ 106 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9.140/NTP.Apple][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 52.7/52.7][0.05 sec]
107 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.05 sec][Host: e4593.g.akamaiedge.net][PLAIN TEXT (akamaiedge)]
108 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.05 sec][Host: e4593.g.akamaiedge.net][PLAIN TEXT (akamaiedge)]
109 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48.2/56.6][0.06 sec][Host: e7768.b.akamaiedge.net][PLAIN TEXT (akamaiedge)]
diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out
index 962935d87..01e22efd3 100644
--- a/tests/result/skype_no_unknown.pcap.out
+++ b/tests/result/skype_no_unknown.pcap.out
@@ -9,8 +9,7 @@ IGMP 4 226 4
TLS 79 7742 6
Dropbox 16 7342 5
Skype 1185 331827 60
-Apple 76 19581 1
-ApplePush 8 1118 1
+Apple 84 20699 2
JA3 Host Stats:
IP Address # JA3C
@@ -57,7 +56,7 @@ JA3 Host Stats:
38 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes][Goodput ratio: 15.9/28.0][17.94 sec][bytes ratio: 0.350 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1703.2/147.5 4607/294 1700.3/146.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 78.5/94.5 159/164 27.6/40.3]
39 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/285 bytes][Goodput ratio: 24.3/27.6][18.79 sec][bytes ratio: 0.507 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/199 2007.5/199.0 5293/199 1964.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 87.2/95.0 138/145 22.1/35.5]
40 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/958 bytes <-> 2 pkts/184 bytes][Goodput ratio: 73.6/54.1][1.27 sec][Host: __msbrowse__][bytes ratio: 0.678 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1258 253.0/1258.0 1243/1258 495.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 104/92 159.7/92.0 271/92 78.7/0.0][PLAIN TEXT (FPFPENFDECFCEPFHFDEFFPFPACAB)]
- 41 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238/ApplePush][cat: Cloud/13][4 pkts/674 bytes <-> 4 pkts/444 bytes][Goodput ratio: 60.7/40.4][10.70 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 215/1 3565.3/3493.7 10265/10480 4737.4/4940.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 168.5/111.0 279/156 102.7/45.0]
+ 41 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238.140/ApplePush.Apple][cat: Cloud/13][4 pkts/674 bytes <-> 4 pkts/444 bytes][Goodput ratio: 60.7/40.4][10.70 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 215/1 3565.3/3493.7 10265/10480 4737.4/4940.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 168.5/111.0 279/156 102.7/45.0]
42 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92.2/0.0][30.07 sec][PLAIN TEXT ( 1573195445)]
43 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92.2/0.0][30.07 sec][PLAIN TEXT ( 1573195445)]
44 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92.2/0.0][30.05 sec][PLAIN TEXT ( 3375359593)]
diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out
index 2da823c1b..e3aceafa2 100644
--- a/tests/result/whatsapp_login_call.pcap.out
+++ b/tests/result/whatsapp_login_call.pcap.out
@@ -5,10 +5,9 @@ WhatsAppCall 803 102942 20
ICMP 10 700 1
TLS 8 589 2
Dropbox 4 2176 1
-Apple 190 50263 21
+Apple 212 56189 22
WhatsApp 182 25154 2
Spotify 3 258 1
-ApplePush 22 5926 1
JA3 Host Stats:
IP Address # JA3C
@@ -21,7 +20,7 @@ JA3 Host Stats:
4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][Goodput ratio: 86.5/80.2][34.28 sec][bytes ratio: 0.281 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 121.7/107.9 1665/1391 339.6/319.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 405.9/275.5 1494/1002 488.5/347.9][TLSv1.2][Client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/TLS.Apple][cat: Web/5][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][Goodput ratio: 84.8/90.3][32.84 sec][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1908.9/36.8 30435/294 7133.2/81.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 364.0/563.3 1494/1494 552.5/634.4][TLSv1.2][Client: query.ess.apple.com][JA3C: 799135475da362592a4be9199d258726][Server: *.ess.apple.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Organization: Apple Inc.][Certificate SHA-1: BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B][Validity: 2014-03-08 01:53:04 - 2029-03-08 01:53:04][Cipher: TLS_RSA_WITH_RC4_128_MD5]
6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][Goodput ratio: 84.7/76.8][0.94 sec][bytes ratio: 0.271 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 35.8/42.0 225/228 76.0/80.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 362.7/235.9 1494/1002 464.1/321.5][TLSv1.2][Client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
- 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][cat: Cloud/13][11 pkts/4732 bytes <-> 11 pkts/1194 bytes][Goodput ratio: 84.6/39.2][125.45 sec][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 53/0 12859.6/12856.5 101116/101113 33358.6/33358.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430.2/108.5 1506/300 466.8/82.6][PLAIN TEXT (yfV.nY)]
+ 7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238.140/ApplePush.Apple][cat: Cloud/13][11 pkts/4732 bytes <-> 11 pkts/1194 bytes][Goodput ratio: 84.6/39.2][125.45 sec][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 53/0 12859.6/12856.5 101116/101113 33358.6/33358.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430.2/108.5 1506/300 466.8/82.6][PLAIN TEXT (yfV.nY)]
8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 78.45/STUN.WhatsAppCall][cat: VoIP/10][12 pkts/2341 bytes <-> 12 pkts/2484 bytes][Goodput ratio: 78.4/79.7][29.18 sec][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2192.2/2121.8 18656/18299 5822.2/5720.0][Pkt Len c2s/s2c min/avg/max/stddev: 64/68 195.1/207.0 331/358 97.6/107.5]
9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][10 pkts/3420 bytes -> 0 pkts/0 bytes][Goodput ratio: 87.7/0.0][59.94 sec][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1255/0 6659.6/0.0 9061/0 2879.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342.0/0.0 342/0 0.0/0.0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46]
10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 78.45/STUN.WhatsAppCall][cat: VoIP/10][9 pkts/1842 bytes <-> 11 pkts/1151 bytes][Goodput ratio: 79.4/59.8][14.33 sec][bytes ratio: 0.231 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1922.9/792.0 6986/6468 2906.0/2008.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/64 204.7/104.6 331/128 81.8/22.8]
diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out
index 6d642ec2b..59a9dce17 100644
--- a/tests/result/whatsapp_login_chat.pcap.out
+++ b/tests/result/whatsapp_login_chat.pcap.out
@@ -1,14 +1,13 @@
MDNS 2 202 2
DHCP 6 2052 1
Dropbox 2 1088 1
-Apple 44 21371 1
+Apple 50 23466 2
WhatsApp 32 3243 2
Spotify 1 86 1
-ApplePush 6 2095 1
1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][24 pkts/15117 bytes <-> 20 pkts/6254 bytes][Goodput ratio: 91.4/82.7][3.89 sec][bytes ratio: 0.415 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 179.5/27.0 2803/212 622.4/56.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 629.9/312.7 1494/1002 544.4/369.6][PLAIN TEXT (BjmkLnl)]
2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes][Goodput ratio: 36.8/25.9][19.72 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 1370.8/2065.9 10513/10479 2987.9/3556.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105.5/89.9 267/144 67.5/22.2][PLAIN TEXT (iPhone)]
- 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/2095 bytes -> 0 pkts/0 bytes][Goodput ratio: 81.1/0.0][20.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 659/0 4000.2/0.0 10199/0 3475.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 220/0 349.2/0.0 375/0 57.8/0.0]
+ 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238.140/ApplePush.Apple][cat: Cloud/13][6 pkts/2095 bytes -> 0 pkts/0 bytes][Goodput ratio: 81.1/0.0][20.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 659/0 4000.2/0.0 10199/0 3475.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 220/0 349.2/0.0 375/0 57.8/0.0]
4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Goodput ratio: 87.7/0.0][25.29 sec][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1983/0 5058.0/0.0 8569/0 2765.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342.0/0.0 342/0 0.0/0.0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46]
5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92.2/0.0][30.04 sec][PLAIN TEXT ( 3375359593)]
6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44.2/79.0][0.03 sec][Host: e12.whatsapp.net][PLAIN TEXT (whatsapp)]
diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out
index df91995f4..a006ae7a6 100644
--- a/tests/result/zoom.pcap.out
+++ b/tests/result/zoom.pcap.out
@@ -5,11 +5,11 @@ SSDP 1 168 1
DHCP 1 321 1
ntop 20 4265 1
IMAPS 2 226 1
-ICMP 3 210 2
+ICMP 1 70 1
TLS 2 114 1
Google 26 8851 3
Spotify 1 86 1
-Zoom 635 354005 19
+Zoom 637 354145 20
JA3 Host Stats:
IP Address # JA3C
@@ -44,7 +44,7 @@ JA3 Host Stats:
26 UDP 192.168.1.117:57025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 74.6/0.0][< 1 sec][PLAIN TEXT (SEARCH )]
27 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41.1/51.7][0.04 sec][Host: www3.zoom.us]
28 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][cat: Video/26][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40.3/51.1][0.04 sec][Host: log.zoom.us]
- 29 ICMP 192.168.1.117:0 -> 162.255.38.14:0 [proto: 81/ICMP][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 39.7/0.0][0.01 sec]
+ 29 ICMP 192.168.1.117:0 -> 162.255.38.14:0 [proto: 81.189/ICMP.Zoom][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 39.7/0.0][0.01 sec]
30 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0.0/0.0][0.04 sec]
31 UDP 192.168.1.117:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51.1/0.0][< 1 sec][PLAIN TEXT (spotify)]
32 UDP 192.168.1.117:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 50.6/0.0][< 1 sec][PLAIN TEXT (SpotUdp)]
Powered by cgit, Themed by Ted Yin.