Improved dnscrypt midstream detection. (#1241)

* fixed skype false-positive detection of dnscrypt traffic Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2021-07-13 15:10:18 +0200
committer: GitHub <noreply@github.com> 2021-07-13 15:10:18 +0200
commit: e4453938d5329daaa0ea682bba55d354759c077e (patch)
tree: 52516639956d30eff17ff3c0a7b5e903ee89524e /tests
parent: cccf794265dee24f25e16f21753972b20f7593c5 (diff)
2 files changed, 7 insertions, 0 deletions
diff --git a/tests/pcap/dnscrypt_skype_false_positive.pcapng b/tests/pcap/dnscrypt_skype_false_positive.pcapng
new file mode 100644
index 000000000..36b614a73
--- /dev/null
+++ b/tests/pcap/dnscrypt_skype_false_positive.pcapng
diff --git a/tests/result/dnscrypt_skype_false_positive.pcapng.out b/tests/result/dnscrypt_skype_false_positive.pcapng.out
new file mode 100644
index 000000000..044da2e9e
--- /dev/null
+++ b/tests/result/dnscrypt_skype_false_positive.pcapng.out
@@ -0,0 +1,7 @@
+Guessed flow protos:	0
+
+DPI Packets (UDP):	4	(4.00 pkts/flow)
+
+DNScrypt	6	2380	1
+
+	1	UDP 192.168.2.100:46858 <-> 212.47.228.136:443 [proto: 208/DNScrypt][cat: Network/14][3 pkts/1662 bytes <-> 3 pkts/718 bytes][Goodput ratio: 92/82][5137.13 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 300005/300005 2568548/2568547 4837091/4837089 2268543/2268542][Pkt Len c2s/s2c min/avg/max/stddev: 554/154 554/239 554/282 0/60][PLAIN TEXT (OYy Tp)][Plen Bins: 0,0,0,16,0,0,0,33,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Toni <matzeton@googlemail.com>	2021-07-13 15:10:18 +0200
committer	GitHub <noreply@github.com>	2021-07-13 15:10:18 +0200
commit	e4453938d5329daaa0ea682bba55d354759c077e (patch)
tree	52516639956d30eff17ff3c0a7b5e903ee89524e /tests
parent	cccf794265dee24f25e16f21753972b20f7593c5 (diff)