diff options
Diffstat (limited to 'tests/cfgs/disable_protocols')
11 files changed, 120 insertions, 9 deletions
diff --git a/tests/cfgs/disable_protocols/config.txt b/tests/cfgs/disable_protocols/config.txt index a5fb695b9..eed3e868a 100644 --- a/tests/cfgs/disable_protocols/config.txt +++ b/tests/cfgs/disable_protocols/config.txt @@ -1 +1 @@ --B soap,dns,pluralsight,quic +-B soap,dns,pluralsight,quic,ipsec,ip_ospf diff --git a/tests/cfgs/disable_protocols/pcap/esp.pcapng b/tests/cfgs/disable_protocols/pcap/esp.pcapng new file mode 120000 index 000000000..2a45e7736 --- /dev/null +++ b/tests/cfgs/disable_protocols/pcap/esp.pcapng @@ -0,0 +1 @@ +../../default/pcap/esp.pcapng
\ No newline at end of file diff --git a/tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap b/tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap new file mode 120000 index 000000000..68845591a --- /dev/null +++ b/tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap @@ -0,0 +1 @@ +../../default/pcap/ospfv2_add_new_prefix.pcap
\ No newline at end of file diff --git a/tests/cfgs/disable_protocols/pcap/sctp.cap b/tests/cfgs/disable_protocols/pcap/sctp.cap new file mode 120000 index 000000000..7015152e3 --- /dev/null +++ b/tests/cfgs/disable_protocols/pcap/sctp.cap @@ -0,0 +1 @@ +../../default/pcap/sctp.cap
\ No newline at end of file diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out index 6c41e903d..ca31d733a 100644 --- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 157 (157.00 diss/flow) +Num dissector calls: 156 (156.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) @@ -26,4 +26,6 @@ Google 2 262 1 Acceptable 2 262 1 +Web 2 262 1 + 1 UDP 192.168.1.168:65311 <-> 8.8.8.8:53 [proto: 126/Google][IP: 126/Google][Encrypted][Confidence: Match by IP][FPC: 126/Google, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/103 bytes <-> 1 pkts/159 bytes][Goodput ratio: 59/73][0.02 sec][PLAIN TEXT (fhkfhsdkfhsk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_protocols/result/esp.pcapng.out b/tests/cfgs/disable_protocols/result/esp.pcapng.out new file mode 100644 index 000000000..7c284145d --- /dev/null +++ b/tests/cfgs/disable_protocols/result/esp.pcapng.out @@ -0,0 +1,38 @@ +DPI Packets (UDP): 4 (4.00 pkts/flow) +DPI Packets (other): 1 (1.00 pkts/flow) +Confidence Unknown : 1 (flows) +Confidence DPI : 1 (flows) +Num dissector calls: 172 (86.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/3/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/1/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 0/1/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 4/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +Unknown 4 1524 1 +ESP 2 332 1 + +Safe 2 332 1 +Unrated 4 1524 1 + +Unspecified 4 1524 1 +VPN 2 332 1 + + 1 ESP 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 117/ESP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 117/ESP, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/166 bytes <-> 1 pkts/166 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + + +Undetected flows: + 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][2 pkts/786 bytes <-> 2 pkts/738 bytes][Goodput ratio: 89/88][0.02 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.387 (Executable?)][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out b/tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out new file mode 100644 index 000000000..1e41c0c94 --- /dev/null +++ b/tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out @@ -0,0 +1,32 @@ +DPI Packets (other): 2 (2.00 pkts/flow) +Confidence Unknown : 1 (flows) +Num dissector calls: 1 (1.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/3/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/1/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 0/1/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 2/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +Unknown 2 200 1 + +Unrated 2 200 1 + +Unspecified 2 200 1 + + + +Undetected flows: + 1 OSPF 10.1.10.10:0 <-> 10.1.10.1:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/122 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][2.51 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_protocols/result/pluralsight.pcap.out b/tests/cfgs/disable_protocols/result/pluralsight.pcap.out index 1cb235fe1..164961e95 100644 --- a/tests/cfgs/disable_protocols/result/pluralsight.pcap.out +++ b/tests/cfgs/disable_protocols/result/pluralsight.pcap.out @@ -24,6 +24,8 @@ TLS 44 29652 6 Safe 44 29652 6 +Web 44 29652 6 + JA Host Stats: IP Address # JA4C 1 192.168.1.128 1 diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out index 101026bc2..9a42b860f 100644 --- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 7 (7.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 180 (180.00 diss/flow) +Num dissector calls: 178 (178.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) @@ -26,4 +26,6 @@ Facebook 20 11399 1 Fun 20 11399 1 +SocialNetwork 20 11399 1 + 1 UDP 10.0.2.15:35957 <-> 69.171.250.15:443 [proto: 119/Facebook][IP: 119/Facebook][Encrypted][Confidence: Match by IP][FPC: 119/Facebook, Confidence: IP address][DPI packets: 7][cat: SocialNetwork/6][7 pkts/3196 bytes <-> 13 pkts/8203 bytes][Goodput ratio: 79/85][8.96 sec][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1782/811 8808/8827 3513/2535][Pkt Len c2s/s2c min/avg/max/stddev: 128/115 457/631 1326/1346 492/540][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.857 (Encrypted or Random?)][PLAIN TEXT (Xic gcl)][Plen Bins: 20,25,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,5,20,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_protocols/result/sctp.cap.out b/tests/cfgs/disable_protocols/result/sctp.cap.out new file mode 100644 index 000000000..64554ae81 --- /dev/null +++ b/tests/cfgs/disable_protocols/result/sctp.cap.out @@ -0,0 +1,30 @@ +DPI Packets (other): 2 (1.00 pkts/flow) +Confidence DPI : 2 (flows) +Num dissector calls: 2 (1.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 4/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +SCTP 4 340 2 + +Acceptable 4 340 2 + +Network 4 340 2 + + 1 SCTP 10.28.6.43:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 84/SCTP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/138 bytes <-> 1 pkts/62 bytes][Goodput ratio: 0/0][< 1 sec][PLAIN TEXT (MEGACO/2 )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 SCTP 10.28.6.42:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 84/SCTP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes <-> 1 pkts/70 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_protocols/result/soap.pcap.out b/tests/cfgs/disable_protocols/result/soap.pcap.out index 173dc70c4..813e7d784 100644 --- a/tests/cfgs/disable_protocols/result/soap.pcap.out +++ b/tests/cfgs/disable_protocols/result/soap.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 20 (6.67 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 457 (152.33 diss/flow) +Num dissector calls: 447 (149.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) @@ -16,7 +16,7 @@ Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 4/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -24,11 +24,13 @@ Patricia protocols: 6/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) HTTP 19 9442 2 -Microsoft 1 1506 1 +Microsoft365 1 1506 1 -Safe 1 1506 1 -Acceptable 19 9442 2 +Acceptable 20 10948 3 + +Web 19 9442 2 +Collaborative 1 1506 1 1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Web/5][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] 2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.075 (Executable?)][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.212/HTTP.Microsoft, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] + 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.219/HTTP.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.219/HTTP.Microsoft365, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] |