aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/tunnelbear.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'tests/cfgs/default/result/tunnelbear.pcap.out')
-rw-r--r--tests/cfgs/default/result/tunnelbear.pcap.out28
1 files changed, 16 insertions, 12 deletions
diff --git a/tests/cfgs/default/result/tunnelbear.pcap.out b/tests/cfgs/default/result/tunnelbear.pcap.out
index 86909c84f..3263f75ec 100644
--- a/tests/cfgs/default/result/tunnelbear.pcap.out
+++ b/tests/cfgs/default/result/tunnelbear.pcap.out
@@ -4,20 +4,20 @@ DPI Packets (TCP): 125 (5.95 pkts/flow)
DPI Packets (UDP): 2 (2.00 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 21 (flows)
-Num dissector calls: 170 (7.73 diss/flow)
+Num dissector calls: 171 (7.77 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
-LRU cache tls_cert: 0/2/0 (insert/search/found)
+LRU cache tls_cert: 0/6/0 (insert/search/found)
LRU cache mining: 0/1/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/22/0 (insert/search/found)
-Automa host: 22/19 (search/found)
+Automa host: 22/17 (search/found)
Automa domain: 22/0 (search/found)
-Automa tls cert: 1/0 (search/found)
-Automa risk mask: 2/0 (search/found)
+Automa tls cert: 3/0 (search/found)
+Automa risk mask: 1/0 (search/found)
Automa common alpns: 32/32 (search/found)
-Patricia risk mask: 6/0 (search/found)
+Patricia risk mask: 4/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
@@ -25,15 +25,19 @@ Patricia protocols: 24/20 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
DNS 5 306 1
-TLS 24 9110 1
-ADS_Analytic_Track 34 13737 2
+TLS 58 22847 3
FacebookMessenger 18 5263 1
GoogleServices 15 2661 1
TunnelBear 337 86766 16
-Safe 24 9110 1
+Safe 58 22847 3
Acceptable 375 94996 19
-Tracker/Ads 34 13737 2
+
+VPN 337 86766 16
+Web 39 11771 2
+Chat 18 5263 1
+Network 5 306 1
+Advertisement 34 13737 2
JA Host Stats:
IP Address # JA4C
@@ -46,8 +50,8 @@ JA Host Stats:
3 TCP 10.8.0.1:50178 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][13 pkts/2849 bytes <-> 12 pkts/7134 bytes][Goodput ratio: 75/91][0.68 sec][Hostname/SNI: api.tunnelbear.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/74 393/449 118/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 219/594 590/5527 219/1499][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,27,9,0,0,0,0,0,0,0,9,9,0,0,0,0,27,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
4 TCP 10.8.0.1:50904 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][10 pkts/2689 bytes <-> 10 pkts/6997 bytes][Goodput ratio: 79/92][0.84 sec][Hostname/SNI: api.tunnelbear.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 105/97 383/336 151/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 269/700 590/5527 236/1622][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,11,0,0,0,0,0,0,0,11,0,11,0,0,0,33,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11]
5 TCP 10.8.0.1:47594 <-> 99.83.135.170:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][11 pkts/2035 bytes <-> 13 pkts/7075 bytes][Goodput ratio: 70/90][2.41 sec][Hostname/SNI: capi.grammarly.com][bytes ratio: -0.553 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/225 445/907 178/264][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 185/544 590/4080 163/1089][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d140700_c866b44c5a26_036209cd1ead][ServerNames: capi.grammarly.com,capi-msdk.grammarly.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=capi.grammarly.com][Certificate SHA-1: 1F:4A:0B:A6:60:01:94:7D:3D:94:03:14:5A:30:AF:64:D5:EC:58:DD][Safari][Validity: 2022-03-22 00:00:00 - 2023-04-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,8,8,0,0,0,8,8,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8]
- 6 TCP 10.8.0.1:48222 <-> 162.247.243.188:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][9 pkts/1985 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 74/91][1.54 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.426 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212/256 1145/1199 391/431][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 221/616 590/3918 217/1255][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410ht_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,14,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
- 7 TCP 10.8.0.1:47496 <-> 162.247.243.188:443 [proto: 91.107/TLS.ADS_Analytic_Track][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][9 pkts/1892 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 73/91][0.51 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 290/290 100/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 210/616 590/3918 211/1255][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410ht_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,14,14,0,0,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
+ 6 TCP 10.8.0.1:48222 <-> 162.247.243.188:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][9 pkts/1985 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 74/91][1.54 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.426 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212/256 1145/1199 391/431][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 221/616 590/3918 217/1255][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410ht_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,14,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
+ 7 TCP 10.8.0.1:47496 <-> 162.247.243.188:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][9 pkts/1892 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 73/91][0.51 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 290/290 100/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 210/616 590/3918 211/1255][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410ht_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,14,14,0,0,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
8 TCP 10.8.0.1:45108 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][10 pkts/1309 bytes <-> 7 pkts/4360 bytes][Goodput ratio: 57/91][0.20 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/39 135/132 44/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/623 571/3709 151/1265][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,34,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
9 TCP 10.8.0.1:45114 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][7 pkts/1147 bytes <-> 6 pkts/4309 bytes][Goodput ratio: 65/92][0.25 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/51 39/61 135/132 53/47][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3712 174/1344][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20]
10 TCP 10.8.0.1:45106 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][7 pkts/1147 bytes <-> 6 pkts/4308 bytes][Goodput ratio: 65/92][0.26 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.579 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 40/62 133/131 52/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3711 174/1344][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20]
Powered by cgit, Themed by Ted Yin.