aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--fuzz/Makefile.am19
-rw-r--r--fuzz/dictionary.dict2
-rw-r--r--fuzz/fuzz_dga.c2
-rw-r--r--fuzz/fuzz_ds_cmsketch.cpp35
-rw-r--r--fuzz/fuzz_serialization.cpp2
-rw-r--r--src/lib/ndpi_analyze.c1
-rw-r--r--src/lib/protocols/socks45.c3
-rw-r--r--tests/cfgs/default/pcap/edonkey.pcapbin0 -> 2312 bytes
-rw-r--r--tests/cfgs/default/pcap/rdp2.pcapbin7632 -> 12852 bytes
-rw-r--r--tests/cfgs/default/pcap/rdp3.pcapbin5148 -> 0 bytes
-rw-r--r--tests/cfgs/default/pcap/rtp.pcapngbin20556 -> 39700 bytes
-rw-r--r--tests/cfgs/default/pcap/socks.pcap (renamed from tests/cfgs/default/pcap/socks-http-example.pcap)bin9143 -> 12736 bytes
-rw-r--r--tests/cfgs/default/result/edonkey.pcap.out (renamed from tests/cfgs/default/result/rdp3.pcap.out)10
-rw-r--r--tests/cfgs/default/result/rdp2.pcap.out15
-rw-r--r--tests/cfgs/default/result/rtp.pcapng.out17
-rw-r--r--tests/cfgs/default/result/socks.pcap.out (renamed from tests/cfgs/default/result/socks-http-example.pcap.out)20
17 files changed, 92 insertions, 35 deletions
diff --git a/.gitignore b/.gitignore
index 73454c1e4..35ff7eee7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -73,6 +73,7 @@
/fuzz/fuzz_libinjection
/fuzz/fuzz_tls_certificate
/fuzz/fuzz_dga
+/fuzz/fuzz_ds_cmsketch
/fuzz/fuzz_gcrypt_light
/fuzz/fuzz_ndpi_reader_payload_analyzer
/fuzz/fuzz_ndpi_reader_alloc_fail_seed_corpus.zip
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index d1b51dcc7..53c7832d0 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am
@@ -2,7 +2,7 @@ bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail
#Alghoritms
bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream
#Data structures
-bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash
+bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash fuzz_ds_cmsketch
#Third party
bin_PROGRAMS += fuzz_libinjection
#Internal crypto
@@ -295,7 +295,7 @@ fuzz_ds_ptree_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(fuzz_ds_ptree_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
fuzz_ds_hash_SOURCES = fuzz_ds_hash.cpp fuzz_common_code.c
-fuzz_ds_hash_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DENABLE_MEM_ALLOC_FAILURES
+fuzz_ds_hash_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
fuzz_ds_hash_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
fuzz_ds_hash_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
fuzz_ds_hash_LDFLAGS = $(LIBS)
@@ -309,6 +309,21 @@ fuzz_ds_hash_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
$(fuzz_ds_hash_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
+fuzz_ds_cmsketch_SOURCES = fuzz_ds_cmsketch.cpp fuzz_common_code.c
+fuzz_ds_cmsketch_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_cmsketch_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_cmsketch_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
+fuzz_ds_cmsketch_LDFLAGS = $(LIBS)
+if HAS_FUZZLDFLAGS
+fuzz_ds_cmsketch_CXXFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_ds_cmsketch_CFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_ds_cmsketch_LDFLAGS += $(LIB_FUZZING_ENGINE)
+endif
+# force usage of CXX for linker
+fuzz_ds_cmsketch_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
+ $(fuzz_ds_cmsketch_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
+
fuzz_libinjection_SOURCES = fuzz_libinjection.c
fuzz_libinjection_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
fuzz_libinjection_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
diff --git a/fuzz/dictionary.dict b/fuzz/dictionary.dict
index f6c9b420b..b74b3d13b 100644
--- a/fuzz/dictionary.dict
+++ b/fuzz/dictionary.dict
@@ -7,7 +7,7 @@
#FTP_DATA
"RIFF"
-"MZ"
+"MZ\x00"
"OggS"
"PK\x03\x04"
"\x00\x00\x01\xBA"
diff --git a/fuzz/fuzz_dga.c b/fuzz/fuzz_dga.c
index d047f531a..3b09550ff 100644
--- a/fuzz/fuzz_dga.c
+++ b/fuzz/fuzz_dga.c
@@ -22,6 +22,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (data[0] % 2 == 0)
ndpi_dga_function = ndpi_custom_dga_fn;
+ else
+ ndpi_dga_function = NULL;
name = ndpi_malloc(size + 1);
if (name) {
diff --git a/fuzz/fuzz_ds_cmsketch.cpp b/fuzz/fuzz_ds_cmsketch.cpp
new file mode 100644
index 000000000..1181b1593
--- /dev/null
+++ b/fuzz/fuzz_ds_cmsketch.cpp
@@ -0,0 +1,35 @@
+#include "ndpi_api.h"
+#include "fuzz_common_code.h"
+
+#include <stdint.h>
+#include "fuzzer/FuzzedDataProvider.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ FuzzedDataProvider fuzzed_data(data, size);
+ struct ndpi_cm_sketch *sketch;
+ u_int16_t i, num_hashes, num_iteration, num_lookup;
+
+ /* Just to have some data */
+ if (fuzzed_data.remaining_bytes() < 1024)
+ return -1;
+
+ /* To allow memory allocation failures */
+ fuzz_set_alloc_callbacks_and_seed(size);
+
+ num_hashes = fuzzed_data.ConsumeIntegralInRange(0, 8192);
+ num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
+ num_lookup = fuzzed_data.ConsumeIntegral<u_int8_t>();
+
+ sketch = ndpi_cm_sketch_init(num_hashes);
+ if (sketch) {
+ for (i = 0; i < num_iteration; i++) {
+ ndpi_cm_sketch_add(sketch, fuzzed_data.ConsumeIntegral<u_int32_t>());
+ }
+ for (i = 0; i < num_lookup; i++) {
+ ndpi_cm_sketch_count(sketch, fuzzed_data.ConsumeIntegral<u_int32_t>());
+ }
+ ndpi_cm_sketch_destroy(sketch);
+ }
+
+ return 0;
+}
diff --git a/fuzz/fuzz_serialization.cpp b/fuzz/fuzz_serialization.cpp
index e5d02d4d7..d097c683c 100644
--- a/fuzz/fuzz_serialization.cpp
+++ b/fuzz/fuzz_serialization.cpp
@@ -19,7 +19,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
/* To allow memory allocation failures */
fuzz_set_alloc_callbacks_and_seed(size);
- fmt = static_cast<ndpi_serialization_format>(fuzzed_data.ConsumeIntegralInRange(1, 3));
+ fmt = static_cast<ndpi_serialization_format>(fuzzed_data.ConsumeIntegralInRange(1, 4));
if (fuzzed_data.ConsumeBool())
rc = ndpi_init_serializer(&serializer, fmt);
diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c
index 62d14fdd4..f7f9784b6 100644
--- a/src/lib/ndpi_analyze.c
+++ b/src/lib/ndpi_analyze.c
@@ -1760,6 +1760,7 @@ struct ndpi_cm_sketch *ndpi_cm_sketch_init(u_int16_t num_hashes) {
#endif
if(num_hashes < 2) num_hashes = 2;
+ num_hashes = ndpi_nearest_power_of_two(num_hashes);
sketch->num_hashes = num_hashes;
sketch->num_hash_buckets = num_hashes * NDPI_COUNT_MIN_SKETCH_NUM_BUCKETS;
diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c
index 6845ecaf2..6cdac93d1 100644
--- a/src/lib/protocols/socks45.c
+++ b/src/lib/protocols/socks45.c
@@ -90,7 +90,8 @@ static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct,
if(flow->socks5_stage == 0) {
NDPI_LOG_DBG2(ndpi_struct, "SOCKS5 stage 0: \n");
- if((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) {
+ if(((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) ||
+ ((payload_len == 4) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x02) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x01))) {
NDPI_LOG_DBG2(ndpi_struct, "Possible SOCKS5 request detected, we will look further for the response\n");
/* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */
diff --git a/tests/cfgs/default/pcap/edonkey.pcap b/tests/cfgs/default/pcap/edonkey.pcap
new file mode 100644
index 000000000..ce091773c
--- /dev/null
+++ b/tests/cfgs/default/pcap/edonkey.pcap
Binary files differ
diff --git a/tests/cfgs/default/pcap/rdp2.pcap b/tests/cfgs/default/pcap/rdp2.pcap
index 3daa036f9..1ca6eab58 100644
--- a/tests/cfgs/default/pcap/rdp2.pcap
+++ b/tests/cfgs/default/pcap/rdp2.pcap
Binary files differ
diff --git a/tests/cfgs/default/pcap/rdp3.pcap b/tests/cfgs/default/pcap/rdp3.pcap
deleted file mode 100644
index fe7921566..000000000
--- a/tests/cfgs/default/pcap/rdp3.pcap
+++ /dev/null
Binary files differ
diff --git a/tests/cfgs/default/pcap/rtp.pcapng b/tests/cfgs/default/pcap/rtp.pcapng
index 747abe295..f3b10e683 100644
--- a/tests/cfgs/default/pcap/rtp.pcapng
+++ b/tests/cfgs/default/pcap/rtp.pcapng
Binary files differ
diff --git a/tests/cfgs/default/pcap/socks-http-example.pcap b/tests/cfgs/default/pcap/socks.pcap
index 1b82f6032..c32adb15c 100644
--- a/tests/cfgs/default/pcap/socks-http-example.pcap
+++ b/tests/cfgs/default/pcap/socks.pcap
Binary files differ
diff --git a/tests/cfgs/default/result/rdp3.pcap.out b/tests/cfgs/default/result/edonkey.pcap.out
index 45e160b00..34d7e9495 100644
--- a/tests/cfgs/default/result/rdp3.pcap.out
+++ b/tests/cfgs/default/result/edonkey.pcap.out
@@ -1,8 +1,8 @@
Guessed flow protos: 0
-DPI Packets (UDP): 2 (2.00 pkts/flow)
+DPI Packets (TCP): 5 (5.00 pkts/flow)
Confidence DPI : 1 (flows)
-Num dissector calls: 112 (112.00 diss/flow)
+Num dissector calls: 120 (120.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
@@ -17,9 +17,9 @@ Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 0/0 (search/found)
-Patricia risk: 0/0 (search/found)
+Patricia risk: 2/0 (search/found)
Patricia protocols: 2/0 (search/found)
-RDP 6 5028 1
+eDonkey 17 2016 1
- 1 UDP 192.168.122.181:54759 <-> 192.168.122.2:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/2694 bytes <-> 2 pkts/2334 bytes][Goodput ratio: 94/96][1.76 sec][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1649 550/1649 1011/1649 418/0][Pkt Len c2s/s2c min/avg/max/stddev: 184/1060 674/1167 1274/1274 494/107][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (OKBI.HARDENING.COM)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
+ 1 TCP 201.15.177.227:1754 <-> 135.192.214.240:7551 [proto: 36/eDonkey][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][6 pkts/598 bytes <-> 11 pkts/1418 bytes][Goodput ratio: 41/56][57.40 sec][bytes ratio: -0.407 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/91 5347/4749 12107/12106 5400/4962][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 100/129 178/186 55/63][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (VeryCD)][Plen Bins: 0,0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/rdp2.pcap.out b/tests/cfgs/default/result/rdp2.pcap.out
index 21e3158b2..b10098491 100644
--- a/tests/cfgs/default/result/rdp2.pcap.out
+++ b/tests/cfgs/default/result/rdp2.pcap.out
@@ -1,8 +1,8 @@
Guessed flow protos: 0
-DPI Packets (UDP): 6 (3.00 pkts/flow)
-Confidence DPI : 2 (flows)
-Num dissector calls: 261 (130.50 diss/flow)
+DPI Packets (UDP): 8 (2.67 pkts/flow)
+Confidence DPI : 3 (flows)
+Num dissector calls: 373 (124.33 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
@@ -18,9 +18,10 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
-Patricia protocols: 4/0 (search/found)
+Patricia protocols: 6/0 (search/found)
-RDP 33 6343 2
+RDP 39 11371 3
- 1 UDP 10.50.181.210:60355 <-> 10.50.73.36:3389 [VLAN: 1108][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/1907 bytes <-> 3 pkts/1468 bytes][Goodput ratio: 90/90][0.13 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/7 41/48 80/90 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 199/64 477/489 1278/1278 463/558][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (drcsalgfc)][Plen Bins: 14,0,14,0,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0]
- 2 UDP 10.8.37.100:51652 <-> 10.100.2.87:3389 [VLAN: 1308][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][12 pkts/1418 bytes <-> 14 pkts/1550 bytes][Goodput ratio: 60/58][0.73 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 80/65 428/261 140/94][Pkt Len c2s/s2c min/avg/max/stddev: 64/60 118/111 384/148 82/26][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][Plen Bins: 19,46,19,11,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.122.181:54759 <-> 192.168.122.2:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/2694 bytes <-> 2 pkts/2334 bytes][Goodput ratio: 94/96][1.76 sec][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1649 550/1649 1011/1649 418/0][Pkt Len c2s/s2c min/avg/max/stddev: 184/1060 674/1167 1274/1274 494/107][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (OKBI.HARDENING.COM)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
+ 2 UDP 10.50.181.210:60355 <-> 10.50.73.36:3389 [VLAN: 1108][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/1907 bytes <-> 3 pkts/1468 bytes][Goodput ratio: 90/90][0.13 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/7 41/48 80/90 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 199/64 477/489 1278/1278 463/558][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (drcsalgfc)][Plen Bins: 14,0,14,0,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0]
+ 3 UDP 10.8.37.100:51652 <-> 10.100.2.87:3389 [VLAN: 1308][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][12 pkts/1418 bytes <-> 14 pkts/1550 bytes][Goodput ratio: 60/58][0.73 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 80/65 428/261 140/94][Pkt Len c2s/s2c min/avg/max/stddev: 64/60 118/111 384/148 82/26][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][Plen Bins: 19,46,19,11,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/rtp.pcapng.out b/tests/cfgs/default/result/rtp.pcapng.out
index 8a0774a4e..2010f0fda 100644
--- a/tests/cfgs/default/result/rtp.pcapng.out
+++ b/tests/cfgs/default/result/rtp.pcapng.out
@@ -1,8 +1,8 @@
Guessed flow protos: 0
-DPI Packets (UDP): 6 (3.00 pkts/flow)
-Confidence DPI : 2 (flows)
-Num dissector calls: 278 (139.00 diss/flow)
+DPI Packets (UDP): 9 (3.00 pkts/flow)
+Confidence DPI : 3 (flows)
+Num dissector calls: 408 (136.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
@@ -16,12 +16,13 @@ Automa domain: 0/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
-Patricia risk mask: 2/0 (search/found)
+Patricia risk mask: 4/0 (search/found)
Patricia risk: 2/0 (search/found)
-Patricia protocols: 4/0 (search/found)
+Patricia protocols: 6/0 (search/found)
Discord 30 16092 1
-RTP 30 2181 1
+RTP 45 20619 2
- 1 UDP 150.219.118.19:54234 <-> 192.113.193.227:50003 [proto: 58/Discord][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Collaborative/15][11 pkts/1455 bytes <-> 19 pkts/14637 bytes][Goodput ratio: 68/95][0.14 sec][Client IP: 85.154.2.145][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 36/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/116 132/770 207/1146 54/475][PLAIN TEXT (85.154.2.145)][Plen Bins: 0,20,6,20,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 10.204.220.71:6000 -> 10.204.220.171:6000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][15 pkts/18438 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 25/0 77/0 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 1229/0 1486/0 467/0][Plen Bins: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,68,0,0]
+ 2 UDP 150.219.118.19:54234 <-> 192.113.193.227:50003 [proto: 58/Discord][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Collaborative/15][11 pkts/1455 bytes <-> 19 pkts/14637 bytes][Goodput ratio: 68/95][0.14 sec][Client IP: 85.154.2.145][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 36/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/116 132/770 207/1146 54/475][PLAIN TEXT (85.154.2.145)][Plen Bins: 0,20,6,20,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/socks-http-example.pcap.out b/tests/cfgs/default/result/socks.pcap.out
index be1502abe..2955b5898 100644
--- a/tests/cfgs/default/result/socks-http-example.pcap.out
+++ b/tests/cfgs/default/result/socks.pcap.out
@@ -1,15 +1,14 @@
-Guessed flow protos: 1
+Guessed flow protos: 0
-DPI Packets (TCP): 29 (9.67 pkts/flow)
-Confidence Match by port : 1 (flows)
-Confidence DPI : 2 (flows)
-Num dissector calls: 445 (148.33 diss/flow)
+DPI Packets (TCP): 23 (5.75 pkts/flow)
+Confidence DPI : 4 (flows)
+Num dissector calls: 474 (118.50 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
-LRU cache bittorrent: 0/3/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
-LRU cache mining: 0/1/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache stun_zoom: 0/0/0 (insert/search/found)
Automa host: 0/0 (search/found)
@@ -19,10 +18,11 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
-Patricia protocols: 6/0 (search/found)
+Patricia protocols: 8/0 (search/found)
-SOCKS 46 8383 3
+SOCKS 60 10559 4
- 1 TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 17][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
+ 1 TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
2 TCP 10.180.156.185:53534 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/711 bytes <-> 7 pkts/2069 bytes][Goodput ratio: 24/77][0.05 sec][bytes ratio: -0.488 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/12 47/46 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/296 212/1514 47/500][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
3 TCP 10.180.156.185:53533 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/695 bytes <-> 6 pkts/2003 bytes][Goodput ratio: 22/80][0.01 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 3/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/334 212/1514 48/530][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+ 4 TCP 10.0.0.1:1637 <-> 10.0.0.2:21477 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][8 pkts/886 bytes <-> 6 pkts/1290 bytes][Goodput ratio: 47/73][117.94 sec][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/356 370/415 644/479 191/50][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 111/215 449/984 128/344][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 67,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.