Add NetEase Games detection support (#2335)

4 files changed, 38 insertions, 28 deletions

diff --git a/tests/cfgs/default/pcap/naraka_bladepoint.pcapng b/tests/cfgs/default/pcap/naraka_bladepoint.pcapng
deleted file mode 100644
index 469497b30..000000000
--- a/tests/cfgs/default/pcap/naraka_bladepoint.pcapng
+++ /dev/null
diff --git a/tests/cfgs/default/pcap/netease_games.pcapng b/tests/cfgs/default/pcap/netease_games.pcapng
new file mode 100644
index 000000000..83a6685bf
--- /dev/null
+++ b/tests/cfgs/default/pcap/netease_games.pcapng
diff --git a/tests/cfgs/default/result/naraka_bladepoint.pcapng.out b/tests/cfgs/default/result/naraka_bladepoint.pcapng.out
deleted file mode 100644
index 6ef35a187..000000000
--- a/tests/cfgs/default/result/naraka_bladepoint.pcapng.out
+++ /dev/null
@@ -1,28 +0,0 @@
-DPI Packets (UDP):	1	(1.00 pkts/flow)
-Confidence DPI              : 1 (flows)
-Num dissector calls: 136 (136.00 diss/flow)
-LRU cache ookla:      0/0/0 (insert/search/found)
-LRU cache bittorrent: 0/0/0 (insert/search/found)
-LRU cache zoom:       0/0/0 (insert/search/found)
-LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
-LRU cache msteams:    0/0/0 (insert/search/found)
-LRU cache stun_zoom:  0/0/0 (insert/search/found)
-Automa host:          0/0 (search/found)
-Automa domain:        0/0 (search/found)
-Automa tls cert:      0/0 (search/found)
-Automa risk mask:     0/0 (search/found)
-Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   2/0 (search/found)
-Patricia risk mask IPv6: 0/0 (search/found)
-Patricia risk:        0/0 (search/found)
-Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   1/1 (search/found)
-Patricia protocols IPv6: 0/0 (search/found)
-
-NarakaBladepoint	5	753	1
-
-Fun                              5 753           1            
-
-	1	UDP 192.168.88.231:58951 <-> 34.141.75.90:28203 [proto: 402/NarakaBladepoint][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][3 pkts/339 bytes <-> 2 pkts/414 bytes][Goodput ratio: 63/80][0.07 sec][PLAIN TEXT (9251381)][Plen Bins: 0,40,20,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/netease_games.pcapng.out b/tests/cfgs/default/result/netease_games.pcapng.out
new file mode 100644
index 000000000..76698b3d8
--- /dev/null
+++ b/tests/cfgs/default/result/netease_games.pcapng.out
@@ -0,0 +1,38 @@
+DPI Packets (TCP):	6	(6.00 pkts/flow)
+DPI Packets (UDP):	6	(1.50 pkts/flow)
+Confidence DPI              : 5 (flows)
+Num dissector calls: 410 (82.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          4/4 (search/found)
+Automa domain:        4/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   8/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   6/4 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+NetEaseGames	20	2662	5
+
+Fun                             20 2662          5            
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 192.168.88.231           	 1      
+
+
+	1	TCP 192.168.88.231:50402 <-> 35.73.71.94:443 [proto: 91.402/TLS.NetEaseGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/302 bytes][Goodput ratio: 71/32][0.56 sec][Hostname/SNI: data-detect.nie.easebar.com][bytes ratio: 0.411 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/140 280/281 140/140][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/101 583/162 242/43][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: b502ea5e20e42ca41d28d47e8df496fa][JA4: t12d600600_a54dbbc9e493_8587f467d9ea][JA3S: 704239182a9091e4453fdbfe0fd17586][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.88.231:58951 <-> 34.141.75.90:28203 [proto: 402/NetEaseGames][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][3 pkts/339 bytes <-> 2 pkts/414 bytes][Goodput ratio: 63/80][< 1 sec][PLAIN TEXT (9251381)][Plen Bins: 0,40,20,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP 192.168.88.231:49377 <-> 172.17.8.75:53 [proto: 5.402/DNS.NetEaseGames][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/174 bytes <-> 2 pkts/398 bytes][Goodput ratio: 51/79][0.06 sec][Hostname/SNI: data-detect.nie.easebar.com][35.73.71.94][PLAIN TEXT (detect)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 192.168.88.231:56588 <-> 35.246.207.19:4513 [proto: 402/NetEaseGames][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][2 pkts/108 bytes <-> 1 pkts/60 bytes][Goodput ratio: 22/20][0.04 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP 192.168.88.231:41040 <-> 35.228.32.209:4170 [proto: 402/NetEaseGames][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/72 bytes <-> 1 pkts/72 bytes][Goodput ratio: 41/41][0.04 sec][PLAIN TEXT (nfcqjI/TZ)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]