SSH dissection improvements

author: Luca Deri <deri@ntop.org> 2019-10-25 00:05:18 +0200
committer: Luca Deri <deri@ntop.org> 2019-10-25 00:05:18 +0200
commit: e6f9177fdb404cb6066c8d74c08efce9f5090823 (patch)
tree: 673a8921b80cc81c7c75f15f8aba26d2b5081e4f /tests
parent: c3f6a4a57a6fd8c4ee29cac589a177a959f191a1 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out
index ffb8495c9..2be2a505d 100644
--- a/tests/result/KakaoTalk_chat.pcap.out
+++ b/tests/result/KakaoTalk_chat.pcap.out
@@ -16,7 +16,7 @@ JA3 Host Stats:
 	1	TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33.1/57.0 123/297 41.2/77.4][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 203.6/364.4 1053/1336 304.3/448.8][TLSv1.2][Client: graph.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
 	2	TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][bytes ratio: -0.433 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31.2/34.8 106/208 36.5/55.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 183.9/433.5 1257/1336 331.5/513.1][TLSv1.2][Client: developers.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
 	3	TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][bytes ratio: -0.329 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 95.6/75.0 312/350 98.3/119.1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 258.4/569.2 1401/1456 416.1/539.9][TLSv1.2][Client: api.facebook.com][JA3C: 051d20e8adbe8dac78945de300764d5e][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
-	4	TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][bytes ratio: -0.249 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 410.8/374.9 2329/2320 582.3/599.4][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 142.4/263.4 710/1336 154.7/439.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Organization: Facebook, Inc.][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA]
+	4	TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][bytes ratio: -0.249 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 410.8/374.9 2329/2320 582.3/599.4][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 142.4/263.4 710/1336 154.7/439.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA]
 	5	TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][bytes ratio: -0.337 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71.3/71.2 489/365 131.0/103.2][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 167.2/388.7 899/1336 222.0/490.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA]
 	6	TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2049.7/118.1 26937/448 6904.3/126.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 132.8/264.6 578/1336 133.6/439.4][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.facebook.com][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Organization: Facebook, Inc.][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA]
 	7	TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91/TLS][cat: Web/5][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1113.6/74.5 10357/172 3082.4/61.9][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 156.6/363.6 429/1336 151.9/450.9][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][Server: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Organization: Kakao Corp.][Certificate SHA-1: 0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4][Validity: 2014-04-18 00:00:00 - 2016-04-17 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA]
diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out
index 0cc0115fa..f1496cbcd 100644
--- a/tests/result/instagram.pcap.out
+++ b/tests/result/instagram.pcap.out
@@ -14,7 +14,7 @@ JA3 Host Stats:
 	1	TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][103 pkts/150456 bytes <-> 47 pkts/3102 bytes][bytes ratio: 0.960 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18.6/40.9 1246/1247 136.9/216.6][Pkt Len c2s/s2c min/avg/max/stddev: 1128/66 1460.7/66.0 1464/66 32.9/0.0][PLAIN TEXT (dnlN/L)]
 	2	TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com][bytes ratio: -0.962 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.6/0.3 33/2 11.2/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/1484 86.0/1484.0 326/1484 69.3/0.0][URL: photos-h.ak.instagram.com/hphotos-ak-xap1/t51.2885-15/e35/10859994_1009433792434447_1627646062_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)]
 	3	TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2.4/0.5 62/2 11.3/0.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/396 73.0/1435.2 326/1484 42.2/209.5][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11417349_1610424452559638_1559096152_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)]
-	4	TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244.3/12.2 7254/372 1260.5/65.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.7/1250.6 325/1484 55.7/506.8][URL: photos-e.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11379148_1449120228745316_607477962_n.jpg?se=7][StatusCode: 0][PLAIN TEXT (GET /hphotos)]
+	4	TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244.3/12.2 7254/372 1260.5/65.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.7/1250.6 325/1484 55.7/506.8][URL: photos-e.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11379148_1449120228745316_607477962_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)]
 	5	TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.5/0.3 321/2 76.4/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/186 76.5/1423.0 319/1484 50.6/248.6][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e15/11386524_110257619317430_379513654_n.jpg][StatusCode: 200][PLAIN TEXT (GET /hphotos)]
 	6	TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][34 pkts/5555 bytes <-> 34 pkts/40133 bytes][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 364.1/362.3 7669/7709 1462.3/1471.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163.4/1180.4 1431/1464 317.9/494.8]
 	7	TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1.2/1.3 7/7 1.7/1.7][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484.0/66.0 1484/66 0.0/0.0][PLAIN TEXT (inOCIM)]
author	Luca Deri <deri@ntop.org>	2019-10-25 00:05:18 +0200
committer	Luca Deri <deri@ntop.org>	2019-10-25 00:05:18 +0200
commit	e6f9177fdb404cb6066c8d74c08efce9f5090823 (patch)
tree	673a8921b80cc81c7c75f15f8aba26d2b5081e4f /tests
parent	c3f6a4a57a6fd8c4ee29cac589a177a959f191a1 (diff)