aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorIvan Nardi <12729895+IvanNardi@users.noreply.github.com>2024-11-27 08:24:31 +0100
committerGitHub <noreply@github.com>2024-11-27 08:24:31 +0100
commit4974f806f95cf205150df0d30d9e2527f42c7797 (patch)
treeb5dec6782819ba8fed3fcf6299e579b9604f4225 /tests
parent57d54e22fa90ec16fb88d228c1ea250cc6dd3245 (diff)
Add a configuration file to ndpiReader (#2629)
Example: ./example/ndpiReader --conf=./example/calls.conf -i ./tests/pcap/signal_videocall.pcapng -v2 Close #2608
Diffstat (limited to 'tests')
-rw-r--r--tests/cfgs/ndpireader_conf_file/config.txt1
l---------tests/cfgs/ndpireader_conf_file/pcap/openvpn_obfuscated.pcapng1
l---------tests/cfgs/ndpireader_conf_file/pcap/signal_videocall.pcapng1
-rw-r--r--tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out33
-rw-r--r--tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out30
5 files changed, 66 insertions, 0 deletions
diff --git a/tests/cfgs/ndpireader_conf_file/config.txt b/tests/cfgs/ndpireader_conf_file/config.txt
new file mode 100644
index 000000000..7d7530ddc
--- /dev/null
+++ b/tests/cfgs/ndpireader_conf_file/config.txt
@@ -0,0 +1 @@
+--conf=../../../example/calls.conf --conf=../../../example/obfuscation.conf
diff --git a/tests/cfgs/ndpireader_conf_file/pcap/openvpn_obfuscated.pcapng b/tests/cfgs/ndpireader_conf_file/pcap/openvpn_obfuscated.pcapng
new file mode 120000
index 000000000..4e91a46c1
--- /dev/null
+++ b/tests/cfgs/ndpireader_conf_file/pcap/openvpn_obfuscated.pcapng
@@ -0,0 +1 @@
+../../default/pcap/openvpn_obfuscated.pcapng \ No newline at end of file
diff --git a/tests/cfgs/ndpireader_conf_file/pcap/signal_videocall.pcapng b/tests/cfgs/ndpireader_conf_file/pcap/signal_videocall.pcapng
new file mode 120000
index 000000000..877fc5615
--- /dev/null
+++ b/tests/cfgs/ndpireader_conf_file/pcap/signal_videocall.pcapng
@@ -0,0 +1 @@
+../../default/pcap/signal_videocall.pcapng \ No newline at end of file
diff --git a/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out b/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out
new file mode 100644
index 000000000..a8d908bef
--- /dev/null
+++ b/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out
@@ -0,0 +1,33 @@
+DPI Packets (TCP): 59 (29.50 pkts/flow)
+DPI Packets (UDP): 10 (10.00 pkts/flow)
+Confidence DPI (aggressive) : 3 (flows)
+Num dissector calls: 771 (257.00 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/9/0 (insert/search/found)
+LRU cache stun: 0/0/0 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/3/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 4/2 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+TLS 60 17222 1
+OpenVPN 87 25469 1
+NordVPN 30 10598 1
+
+Safe 60 17222 1
+Acceptable 117 36067 2
+
+ 1 TCP 107.161.86.131:443 <-> 192.168.12.156:48072 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 40][cat: VPN/2][40 pkts/9272 bytes <-> 47 pkts/16197 bytes][Goodput ratio: 70/81][3.15 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 212/303 66/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/345 1514/1090 370/406][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN / Expected on port 1194][PLAIN TEXT (MhLYoT)][Plen Bins: 35,3,3,15,1,1,0,0,1,3,5,1,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,18,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
+ 2 TCP 192.168.12.156:37976 <-> 185.128.25.99:465 [proto: 91/TLS][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 19][cat: Web/5][29 pkts/7410 bytes <-> 31 pkts/9812 bytes][Goodput ratio: 74/79][1.73 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/26 1019/153 204/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/317 1090/1514 256/424][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS traffic / Expected on port 443][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,14,30,14,2,0,2,5,0,5,5,2,0,0,2,0,0,0,0,0,2,0,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
+ 3 UDP 192.168.12.156:47128 <-> 149.102.238.108:1214 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 10][cat: VPN/2][19 pkts/3629 bytes <-> 11 pkts/6969 bytes][Goodput ratio: 78/93][1.26 sec][bytes ratio: -0.315 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/132 1156/1023 278/337][Pkt Len c2s/s2c min/avg/max/stddev: 115/136 191/634 782/1158 153/438][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Obfuscated Traffic **][Risk Score: 160][Risk Info: Entropy: 6.051 (Executable?) / Obfuscated OpenVPN / Expected on port 1194][PLAIN TEXT (SFhAFI)][Plen Bins: 0,0,23,41,3,0,0,0,3,0,3,6,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out b/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out
new file mode 100644
index 000000000..7926a6a3e
--- /dev/null
+++ b/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out
@@ -0,0 +1,30 @@
+DPI Packets (UDP): 291 (97.00 pkts/flow)
+Confidence DPI (cache) : 1 (flows)
+Confidence DPI : 2 (flows)
+Num dissector calls: 8 (2.67 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 11/10/2 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/0/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 6/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 3/3 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+SignalVoip 334 123259 3
+
+Acceptable 334 123259 3
+
+ 1 UDP 192.168.12.67:47926 <-> 35.219.252.146:56377 [proto: 338.269/SRTP.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 255][cat: VoIP/10][167 pkts/87565 bytes <-> 131 pkts/31930 bytes][Goodput ratio: 92/83][10.75 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/82 2304/2449 291/279][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 524/244 1223/900 385/198][Mapped IP/Port: 93.35.168.30:45266, 35.219.252.146:56377][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (17uAgN)][Plen Bins: 3,28,9,7,0,0,0,0,16,8,1,0,0,1,1,0,1,1,0,1,0,0,0,0,7,3,0,1,0,0,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.67:47926 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 26][cat: VoIP/10][13 pkts/1258 bytes <-> 13 pkts/1454 bytes][Goodput ratio: 57/62][10.01 sec][Hostname/SNI: signal.org][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/6 804/804 4015/4015 1248/1248][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 97/112 162/126 43/14][Mapped IP/Port: 93.35.168.30:45265][Peer IP/Port: 35.219.252.146:56377, 35.219.252.146:34099, 35.219.252.146:37175][Relayed IP/Port: 35.219.252.146:40378][PLAIN TEXT (BFODsIPgWuCIX)][Plen Bins: 34,19,30,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.67:47926 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/4 2503/2503 9988/9988 4321/4321][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45265][Relayed IP/Port: 35.216.234.234:29688][PLAIN TEXT (42oPBlgi)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.