aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorIvan Nardi <12729895+IvanNardi@users.noreply.github.com>2025-02-15 14:23:45 +0100
committerGitHub <noreply@github.com>2025-02-15 14:23:45 +0100
commit091e1423e246263cc294c12c0f8ab0cdda845b94 (patch)
treeccaf1ae70ad29238b789ad5d97128dbc42062f4d /tests
parent005f7030cb58aedfabe871330638a6fa5c181f86 (diff)
DNS: set `NDPI_MALFORMED_PACKET` risk if the answer message is invalid (#2724)
We already set the same flow risk for invalid request messages
Diffstat (limited to 'tests')
-rw-r--r--tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out34
-rw-r--r--tests/cfgs/default/result/telegram.pcap.out6
2 files changed, 20 insertions, 20 deletions
diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
index 3026c37f1..f9e4ac6b7 100644
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@@ -1,25 +1,25 @@
-Guessed flow protos: 30
+Guessed flow protos: 33
DPI Packets (TCP): 45 (2.14 pkts/flow)
DPI Packets (UDP): 356 (1.62 pkts/flow)
DPI Packets (other): 5 (1.00 pkts/flow)
Confidence Unknown : 33 (flows)
-Confidence Match by port : 30 (flows)
-Confidence DPI : 183 (flows)
-Num dissector calls: 7975 (32.42 diss/flow)
+Confidence Match by port : 33 (flows)
+Confidence DPI : 180 (flows)
+Num dissector calls: 8413 (34.20 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
-LRU cache bittorrent: 0/189/0 (insert/search/found)
+LRU cache bittorrent: 0/198/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
-LRU cache mining: 0/63/0 (insert/search/found)
+LRU cache mining: 0/66/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
-LRU cache fpc_dns: 0/63/0 (insert/search/found)
-Automa host: 241/0 (search/found)
-Automa domain: 234/0 (search/found)
+LRU cache fpc_dns: 0/66/0 (insert/search/found)
+Automa host: 237/0 (search/found)
+Automa domain: 230/0 (search/found)
Automa tls cert: 0/0 (search/found)
-Automa risk mask: 127/0 (search/found)
+Automa risk mask: 125/0 (search/found)
Automa common alpns: 0/0 (search/found)
-Patricia risk mask: 374/0 (search/found)
+Patricia risk mask: 372/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 13/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
@@ -73,7 +73,7 @@ Unrated 33 4066 33
30 UDP 192.168.1.2:2740 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x2cdf][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Header][PLAIN TEXT (cyberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
31 UDP 192.168.1.2:2742 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0xb3c0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 UDP 192.168.1.2:2750 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.vo_s][0.0.0.0][DNS Id: 0x3fc8][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Header / Invalid chars detected in domain name][PLAIN TEXT (brujula)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 33 UDP 192.168.1.2:2764 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][0.0.0.0][DNS Id: 0xdffb][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 33 UDP 192.168.1.2:2764 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.s?p.cibercity.dk][0.0.0.0][DNS Id: 0xdffb][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid chars detected in domain name / Invalid DNS Header][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 UDP 192.168.1.2:2772 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][0.0.0.0][DNS Id: 0x9de1][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
35 UDP 192.168.1.2:2774 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0xd2e2][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (sipicybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
36 UDP 192.168.1.2:2776 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][0.0.0.0][DNS Id: 0x2ee3][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -110,7 +110,7 @@ Unrated 33 4066 33
67 UDP 192.168.1.2:2739 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x6ade][DNS Ptr: localhost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
68 UDP 192.168.1.2:2743 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x7cc2][DNS Ptr: local_ost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
69 UDP 192.168.1.2:2753 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.527.in-addr.arpa][0.0.0.0][DNS Id: 0x48ce][DNS Ptr: locathost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 70 UDP 192.168.1.2:2755 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x55f0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 70 UDP 192.168.1.2:2755 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][0.0.0.0][DNS Id: 0x55f0][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Header][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
71 UDP 192.168.1.2:2757 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][0.0.0.0][DNS Id: 0xdff0][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
72 UDP 192.168.1.2:2761 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 11/59][0.00 sec][0.0.0.0][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
73 UDP 192.168.1.2:2767 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x78fd][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -118,7 +118,7 @@ Unrated 33 4066 33
75 UDP 192.168.1.2:2797 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0xcb12][DNS Ptr: localhost][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
76 UDP 192.168.1.2:2801 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][0.0.0.0][DNS Id: 0x7a17][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
77 UDP 192.168.1.2:2803 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x5b19][DNS Ptr: localhost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 78 UDP 192.168.1.2:2809 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x7c00][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 78 UDP 192.168.1.2:2809 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x7c00][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: Invalid DNS Header][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
79 UDP 192.168.1.2:2824 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x0d0b][DNS Ptr: localhost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
80 UDP 192.168.1.2:2826 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x8f0e][DNS Ptr: localhost][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
81 UDP 192.168.1.2:2831 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x7536][DNS Ptr: localhost][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -144,7 +144,7 @@ Unrated 33 4066 33
101 UDP 192.168.1.1:53 -> 192.168.1.2:2745 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0xf4c3][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
102 UDP 192.168.1.1:53 -> 192.168.1.2:2747 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0xf1c5][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
103 UDP 192.168.1.1:53 -> 192.168.1.2:2751 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][0.0.0.0][DNS Id: 0x1aca][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 104 UDP 192.168.1.1:53 -> 192.168.1.2:2763 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 104 UDP 192.168.1.1:53 -> 192.168.1.2:2763 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
105 UDP 192.168.1.1:53 -> 192.168.1.2:2765 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][0.0.0.0][DNS Id: 0x68fd][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
106 UDP 192.168.1.1:53 -> 192.168.1.2:2771 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0xfde0][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
107 UDP 192.168.1.1:53 -> 192.168.1.2:2782 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x4fe4][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -152,7 +152,7 @@ Unrated 33 4066 33
109 UDP 192.168.1.1:53 -> 192.168.1.2:2807 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][0.0.0.0][DNS Id: 0xb31c][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
110 UDP 192.168.1.1:53 -> 192.168.5.2:2784 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.aspa][0.0.0.0][DNS Id: 0x9de5][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
111 UDP 192.168.1.1:53 -> 192.168.119.2:2799 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x1c14][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 112 UDP 192.168.1.1:53 -> 240.168.1.2:2792 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-a?dr.arpa][0.0.0.0][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **][Risk Score: 110][Risk Info: Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 112 UDP 192.168.1.1:53 -> 240.168.1.2:2792 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][0.0.0.0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
113 UDP 192.168.130.1:53 -> 192.168.1.2:2741 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x33c0][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
114 UDP 192.168.233.1:53 -> 192.168.1.2:2811 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x7802][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
115 UDP 253.168.1.1:53 -> 192.168.1.2:2735 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0xf3db][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -232,7 +232,7 @@ Unrated 33 4066 33
189 UDP 192.168.1.2:2799 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x1c14][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
190 UDP 192.168.1.2:2811 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][0.0.0.0][DNS Id: 0x5802][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
191 UDP 192.168.1.2:2813 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127?in-ad_r?arpa???][0.0.0.0][DNS Id: 0xa003][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 192 UDP 192.168.1.2:2815 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][0.0.0.0][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 192 UDP 192.168.1.2:2815 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
193 UDP 192.168.1.2:2822 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.1?7.in-addr.arpa][0.0.0.0][DNS Id: 0x0c08][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Invalid chars detected in domain name][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
194 UDP 192.168.1.2:2828 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x3c32][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
195 UDP 192.168.1.18:2751 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][0.0.0.0][DNS Id: 0x1aca][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out
index 70e6d207d..f308a3b8c 100644
--- a/tests/cfgs/default/result/telegram.pcap.out
+++ b/tests/cfgs/default/result/telegram.pcap.out
@@ -12,10 +12,10 @@ LRU cache fpc_dns: 3/3/0 (insert/search/found)
Automa host: 40/11 (search/found)
Automa domain: 39/0 (search/found)
Automa tls cert: 0/0 (search/found)
-Automa risk mask: 11/2 (search/found)
+Automa risk mask: 13/4 (search/found)
Automa common alpns: 0/0 (search/found)
-Patricia risk mask: 50/0 (search/found)
-Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk mask: 52/0 (search/found)
+Patricia risk mask IPv6: 2/0 (search/found)
Patricia risk: 1/0 (search/found)
Patricia risk IPv6: 3/0 (search/found)
Patricia protocols: 76/14 (search/found)
Powered by cgit, Themed by Ted Yin.