Improved RTSP detection and fixed HTTP false-positive. Fixes #1229. (#1266)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2021-07-31 23:31:49 +0200
committer: GitHub <noreply@github.com> 2021-07-31 23:31:49 +0200
commit: ad57af9f79b3c69e2312fda109b83ce132448fd7 (patch)
tree: 4bab48b9376e324f369a2c6e3b4b9048a6818587 /tests
parent: ce597b4806dd96d9b8d7d1e43560b9c85e71f80c (diff)
2 files changed, 13 insertions, 0 deletions
diff --git a/tests/pcap/rtsp.pcap b/tests/pcap/rtsp.pcap
new file mode 100644
index 000000000..3b431aa5f
--- /dev/null
+++ b/tests/pcap/rtsp.pcap
diff --git a/tests/result/rtsp.pcap.out b/tests/result/rtsp.pcap.out
new file mode 100644
index 000000000..5c9fec522
--- /dev/null
+++ b/tests/result/rtsp.pcap.out
@@ -0,0 +1,13 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	87	(12.43 pkts/flow)
+
+RTSP	568	100872	7
+
+	1	TCP 10.1.1.10:52478 <-> 10.2.2.2:8554 [proto: 50/RTSP][cat: Media/1][44 pkts/6374 bytes <-> 60 pkts/11092 bytes][Goodput ratio: 59/68][59.02 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1730/3 58323/42 9852/8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 145/185 257/751 77/190][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 10.1.1.10:52472 <-> 10.2.2.2:8554 [proto: 50/RTSP][cat: Media/1][40 pkts/6114 bytes <-> 56 pkts/10878 bytes][Goodput ratio: 62/70][58.23 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1872/2 58022/20 10252/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/194 258/751 77/194][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 10.1.1.10:52480 <-> 10.2.2.2:8554 [proto: 50/RTSP][cat: Media/1][40 pkts/6114 bytes <-> 52 pkts/10628 bytes][Goodput ratio: 62/71][59.74 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1921/2 59529/21 10518/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/204 258/751 77/198][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 10.1.1.10:52476 <-> 10.2.2.2:8554 [proto: 50/RTSP][cat: Media/1][44 pkts/5778 bytes <-> 52 pkts/10636 bytes][Goodput ratio: 55/71][7.66 sec][bytes ratio: -0.296 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 63/20 12/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 131/205 258/751 79/198][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,18,18,9,18,0,18,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	TCP 10.1.1.10:52474 <-> 10.2.2.2:8554 [proto: 50/RTSP][cat: Media/1][40 pkts/6114 bytes <-> 44 pkts/10152 bytes][Goodput ratio: 62/75][58.31 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1816/2 58099/23 10109/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/231 258/751 77/204][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	TCP 10.1.1.10:52482 <-> 10.2.2.2:8554 [proto: 50/RTSP][cat: Media/1][36 pkts/5294 bytes <-> 48 pkts/10394 bytes][Goodput ratio: 60/73][0.20 sec][bytes ratio: -0.325 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 6/20 1/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 147/217 258/751 79/201][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,18,18,9,18,0,18,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	TCP 10.1.1.10:52470 <-> 10.2.2.2:8554 [proto: 50/RTSP][cat: Media/1][4 pkts/820 bytes <-> 8 pkts/484 bytes][Goodput ratio: 73/0][< 1 sec][bytes ratio: 0.258 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 205/56 205/60 205/62 0/3][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (PARAMETER rtsp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Toni <matzeton@googlemail.com>	2021-07-31 23:31:49 +0200
committer	GitHub <noreply@github.com>	2021-07-31 23:31:49 +0200
commit	ad57af9f79b3c69e2312fda109b83ce132448fd7 (patch)
tree	4bab48b9376e324f369a2c6e3b4b9048a6818587 /tests
parent	ce597b4806dd96d9b8d7d1e43560b9c85e71f80c (diff)