aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2022-12-29 19:38:25 +0100
committerLuca Deri <deri@ntop.org>2022-12-29 19:38:25 +0100
commit8f91b8ba72e61eb15a3fdfcddd6339b2fae341be (patch)
treebb20eebc202f69a6fd95146191e718e8249c168f /tests
parent560280e6f082d22e6a9de8e537b7876bacf8d072 (diff)
Implemented EDNS(0) support in DNS dissector
Improved DNS dissection
Diffstat (limited to 'tests')
-rw-r--r--tests/result/fuzz-2006-06-26-2594.pcap.out2
-rw-r--r--tests/result/malformed_dns.pcap.out2
2 files changed, 2 insertions, 2 deletions
diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out
index 3b1a8963c..4a167174b 100644
--- a/tests/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/result/fuzz-2006-06-26-2594.pcap.out
@@ -96,7 +96,7 @@ SIP 85 39540 15
60 UDP 192.168.1.2:2810 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][4.01 sec][Hostname/SNI: _sip._udp.sip.nybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Mybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
61 UDP 192.168.1.2:2814 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sib._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
62 UDP 192.168.1.2:138 -> 192.168.1.251:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 63 UDP 192.168.1.2:2719 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/168 bytes][Goodput ratio: 43/75][1.01 sec][147.234.1.253][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Query Lenght][PLAIN TEXT (ecitele)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 63 UDP 192.168.1.2:2719 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/168 bytes][Goodput ratio: 43/75][1.01 sec][::][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Query Lenght][PLAIN TEXT (ecitele)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.1.41:138 -> 192.168.1.255:394 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][PLAIN TEXT (MEBECDBDBDBCACACACACACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 UDP 81.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Media/1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][RTP Stream Type: audio][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
66 UDP 192.168.1.2:30000 -> 37.115.0.36:40392 [proto: 87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Media/1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][RTP Stream Type: audio][PLAIN TEXT (njlndlj)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/malformed_dns.pcap.out b/tests/result/malformed_dns.pcap.out
index fa0af82b1..db360b157 100644
--- a/tests/result/malformed_dns.pcap.out
+++ b/tests/result/malformed_dns.pcap.out
@@ -22,4 +22,4 @@ Patricia protocols: 2/0 (search/found)
DNS 6 5860 1
- 1 UDP 127.0.0.1:50435 <-> 127.0.0.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/140 bytes <-> 4 pkts/5720 bytes][Goodput ratio: 40/97][5.03 sec][Hostname/SNI: www.xt.com][0.0.0.0][bytes ratio: -0.952 (Download)][IAT c2s/s2c min/avg/max/stddev: 4999/13 4999/1670 4999/4983 0/2343][Pkt Len c2s/s2c min/avg/max/stddev: 70/1430 70/1430 70/1430 0/0][Risk: ** Malformed Packet **** Large DNS Packet (512+ bytes) **][Risk Score: 60][Risk Info: Invalid DNS Query Lenght / 1388 Bytes DNS Packet][PLAIN TEXT (AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0]
+ 1 UDP 127.0.0.1:50435 <-> 127.0.0.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/140 bytes <-> 4 pkts/5720 bytes][Goodput ratio: 40/97][5.03 sec][Hostname/SNI: www.xt.com][66.66.66.66][bytes ratio: -0.952 (Download)][IAT c2s/s2c min/avg/max/stddev: 4999/13 4999/1670 4999/4983 0/2343][Pkt Len c2s/s2c min/avg/max/stddev: 70/1430 70/1430 70/1430 0/0][Risk: ** Malformed Packet **** Suspicious DNS Traffic **** Large DNS Packet (512+ bytes) **][Risk Score: 160][Risk Info: DNS Record with zero TTL / Invalid DNS Query Lenght / 1388 Bytes DNS Packet][PLAIN TEXT (AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0]
Powered by cgit, Themed by Ted Yin.