aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/disable_protocols
diff options
context:
space:
mode:
Diffstat (limited to 'tests/cfgs/disable_protocols')
-rw-r--r--tests/cfgs/disable_protocols/config.txt2
l---------tests/cfgs/disable_protocols/pcap/esp.pcapng1
l---------tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap1
l---------tests/cfgs/disable_protocols/pcap/sctp.cap1
-rw-r--r--tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out4
-rw-r--r--tests/cfgs/disable_protocols/result/esp.pcapng.out38
-rw-r--r--tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out32
-rw-r--r--tests/cfgs/disable_protocols/result/pluralsight.pcap.out2
-rw-r--r--tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out4
-rw-r--r--tests/cfgs/disable_protocols/result/sctp.cap.out30
-rw-r--r--tests/cfgs/disable_protocols/result/soap.pcap.out14
11 files changed, 120 insertions, 9 deletions
diff --git a/tests/cfgs/disable_protocols/config.txt b/tests/cfgs/disable_protocols/config.txt
index a5fb695b9..eed3e868a 100644
--- a/tests/cfgs/disable_protocols/config.txt
+++ b/tests/cfgs/disable_protocols/config.txt
@@ -1 +1 @@
--B soap,dns,pluralsight,quic
+-B soap,dns,pluralsight,quic,ipsec,ip_ospf
diff --git a/tests/cfgs/disable_protocols/pcap/esp.pcapng b/tests/cfgs/disable_protocols/pcap/esp.pcapng
new file mode 120000
index 000000000..2a45e7736
--- /dev/null
+++ b/tests/cfgs/disable_protocols/pcap/esp.pcapng
@@ -0,0 +1 @@
+../../default/pcap/esp.pcapng \ No newline at end of file
diff --git a/tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap b/tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap
new file mode 120000
index 000000000..68845591a
--- /dev/null
+++ b/tests/cfgs/disable_protocols/pcap/ospfv2_add_new_prefix.pcap
@@ -0,0 +1 @@
+../../default/pcap/ospfv2_add_new_prefix.pcap \ No newline at end of file
diff --git a/tests/cfgs/disable_protocols/pcap/sctp.cap b/tests/cfgs/disable_protocols/pcap/sctp.cap
new file mode 120000
index 000000000..7015152e3
--- /dev/null
+++ b/tests/cfgs/disable_protocols/pcap/sctp.cap
@@ -0,0 +1 @@
+../../default/pcap/sctp.cap \ No newline at end of file
diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out
index 6c41e903d..ca31d733a 100644
--- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out
+++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos: 1
DPI Packets (UDP): 2 (2.00 pkts/flow)
Confidence Match by IP : 1 (flows)
-Num dissector calls: 157 (157.00 diss/flow)
+Num dissector calls: 156 (156.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
@@ -26,4 +26,6 @@ Google 2 262 1
Acceptable 2 262 1
+Web 2 262 1
+
1 UDP 192.168.1.168:65311 <-> 8.8.8.8:53 [proto: 126/Google][IP: 126/Google][Encrypted][Confidence: Match by IP][FPC: 126/Google, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/103 bytes <-> 1 pkts/159 bytes][Goodput ratio: 59/73][0.02 sec][PLAIN TEXT (fhkfhsdkfhsk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_protocols/result/esp.pcapng.out b/tests/cfgs/disable_protocols/result/esp.pcapng.out
new file mode 100644
index 000000000..7c284145d
--- /dev/null
+++ b/tests/cfgs/disable_protocols/result/esp.pcapng.out
@@ -0,0 +1,38 @@
+DPI Packets (UDP): 4 (4.00 pkts/flow)
+DPI Packets (other): 1 (1.00 pkts/flow)
+Confidence Unknown : 1 (flows)
+Confidence DPI : 1 (flows)
+Num dissector calls: 172 (86.00 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/3/0 (insert/search/found)
+LRU cache stun: 0/0/0 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/1/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/1/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Unknown 4 1524 1
+ESP 2 332 1
+
+Safe 2 332 1
+Unrated 4 1524 1
+
+Unspecified 4 1524 1
+VPN 2 332 1
+
+ 1 ESP 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 117/ESP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 117/ESP, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/166 bytes <-> 1 pkts/166 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+
+
+Undetected flows:
+ 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][2 pkts/786 bytes <-> 2 pkts/738 bytes][Goodput ratio: 89/88][0.02 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.387 (Executable?)][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out b/tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out
new file mode 100644
index 000000000..1e41c0c94
--- /dev/null
+++ b/tests/cfgs/disable_protocols/result/ospfv2_add_new_prefix.pcap.out
@@ -0,0 +1,32 @@
+DPI Packets (other): 2 (2.00 pkts/flow)
+Confidence Unknown : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/3/0 (insert/search/found)
+LRU cache stun: 0/0/0 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/1/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/1/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Unknown 2 200 1
+
+Unrated 2 200 1
+
+Unspecified 2 200 1
+
+
+
+Undetected flows:
+ 1 OSPF 10.1.10.10:0 <-> 10.1.10.1:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/122 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][2.51 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_protocols/result/pluralsight.pcap.out b/tests/cfgs/disable_protocols/result/pluralsight.pcap.out
index 1cb235fe1..164961e95 100644
--- a/tests/cfgs/disable_protocols/result/pluralsight.pcap.out
+++ b/tests/cfgs/disable_protocols/result/pluralsight.pcap.out
@@ -24,6 +24,8 @@ TLS 44 29652 6
Safe 44 29652 6
+Web 44 29652 6
+
JA Host Stats:
IP Address # JA4C
1 192.168.1.128 1
diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out
index 101026bc2..9a42b860f 100644
--- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out
+++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos: 1
DPI Packets (UDP): 7 (7.00 pkts/flow)
Confidence Match by IP : 1 (flows)
-Num dissector calls: 180 (180.00 diss/flow)
+Num dissector calls: 178 (178.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
@@ -26,4 +26,6 @@ Facebook 20 11399 1
Fun 20 11399 1
+SocialNetwork 20 11399 1
+
1 UDP 10.0.2.15:35957 <-> 69.171.250.15:443 [proto: 119/Facebook][IP: 119/Facebook][Encrypted][Confidence: Match by IP][FPC: 119/Facebook, Confidence: IP address][DPI packets: 7][cat: SocialNetwork/6][7 pkts/3196 bytes <-> 13 pkts/8203 bytes][Goodput ratio: 79/85][8.96 sec][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1782/811 8808/8827 3513/2535][Pkt Len c2s/s2c min/avg/max/stddev: 128/115 457/631 1326/1346 492/540][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.857 (Encrypted or Random?)][PLAIN TEXT (Xic gcl)][Plen Bins: 20,25,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,5,20,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_protocols/result/sctp.cap.out b/tests/cfgs/disable_protocols/result/sctp.cap.out
new file mode 100644
index 000000000..64554ae81
--- /dev/null
+++ b/tests/cfgs/disable_protocols/result/sctp.cap.out
@@ -0,0 +1,30 @@
+DPI Packets (other): 2 (1.00 pkts/flow)
+Confidence DPI : 2 (flows)
+Num dissector calls: 2 (1.00 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 0/0/0 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/0/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+SCTP 4 340 2
+
+Acceptable 4 340 2
+
+Network 4 340 2
+
+ 1 SCTP 10.28.6.43:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 84/SCTP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/138 bytes <-> 1 pkts/62 bytes][Goodput ratio: 0/0][< 1 sec][PLAIN TEXT (MEGACO/2 )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 SCTP 10.28.6.42:0 <-> 10.28.6.44:0 [proto: 84/SCTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 84/SCTP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes <-> 1 pkts/70 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_protocols/result/soap.pcap.out b/tests/cfgs/disable_protocols/result/soap.pcap.out
index 173dc70c4..813e7d784 100644
--- a/tests/cfgs/disable_protocols/result/soap.pcap.out
+++ b/tests/cfgs/disable_protocols/result/soap.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos: 2
DPI Packets (TCP): 20 (6.67 pkts/flow)
Confidence Match by port : 2 (flows)
Confidence DPI : 1 (flows)
-Num dissector calls: 457 (152.33 diss/flow)
+Num dissector calls: 447 (149.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/6/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
@@ -16,7 +16,7 @@ Automa domain: 1/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
-Patricia risk mask: 4/0 (search/found)
+Patricia risk mask: 2/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 1/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
@@ -24,11 +24,13 @@ Patricia protocols: 6/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
HTTP 19 9442 2
-Microsoft 1 1506 1
+Microsoft365 1 1506 1
-Safe 1 1506 1
-Acceptable 19 9442 2
+Acceptable 20 10948 3
+
+Web 19 9442 2
+Collaborative 1 1506 1
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Web/5][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.075 (Executable?)][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.212/HTTP.Microsoft, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
+ 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.219/HTTP.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.219/HTTP.Microsoft365, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]