diff options
Diffstat (limited to 'tests/cfgs/flow_risk_infos_disabled')
5 files changed, 66 insertions, 0 deletions
diff --git a/tests/cfgs/flow_risk_infos_disabled/config.txt b/tests/cfgs/flow_risk_infos_disabled/config.txt new file mode 100644 index 000000000..3aaa83b6b --- /dev/null +++ b/tests/cfgs/flow_risk_infos_disabled/config.txt @@ -0,0 +1 @@ +--cfg=flow_risk.all.info,0 diff --git a/tests/cfgs/flow_risk_infos_disabled/pcap/http_invalid_server.pcap b/tests/cfgs/flow_risk_infos_disabled/pcap/http_invalid_server.pcap new file mode 120000 index 000000000..5d0c340e8 --- /dev/null +++ b/tests/cfgs/flow_risk_infos_disabled/pcap/http_invalid_server.pcap @@ -0,0 +1 @@ +../../default/pcap/http_invalid_server.pcap
\ No newline at end of file diff --git a/tests/cfgs/flow_risk_infos_disabled/pcap/tls_malicious_sha1.pcapng b/tests/cfgs/flow_risk_infos_disabled/pcap/tls_malicious_sha1.pcapng new file mode 120000 index 000000000..c7cf588f0 --- /dev/null +++ b/tests/cfgs/flow_risk_infos_disabled/pcap/tls_malicious_sha1.pcapng @@ -0,0 +1 @@ +../../default/pcap/tls_malicious_sha1.pcapng
\ No newline at end of file diff --git a/tests/cfgs/flow_risk_infos_disabled/result/http_invalid_server.pcap.out b/tests/cfgs/flow_risk_infos_disabled/result/http_invalid_server.pcap.out new file mode 100644 index 000000000..c57f39eff --- /dev/null +++ b/tests/cfgs/flow_risk_infos_disabled/result/http_invalid_server.pcap.out @@ -0,0 +1,29 @@ +DPI Packets (TCP): 6 (6.00 pkts/flow) +Confidence DPI : 1 (flows) +Num dissector calls: 13 (13.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 0/1/0 (insert/search/found) +Automa host: 1/1 (search/found) +Automa domain: 1/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 1/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 1/1 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +OCSP 12 1301 1 + +Safe 12 1301 1 + +Network 12 1301 1 + + 1 TCP 192.168.1.29:51536 <-> 143.204.14.183:80 [proto: 7.63/HTTP.OCSP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Network/14][7 pkts/556 bytes <-> 5 pkts/745 bytes][Goodput ratio: 15/55][0.04 sec][Hostname/SNI: ocsp.rootg2.amazontrust.com][bytes ratio: -0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 12/12 6/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/149 148/468 28/160][URL: ocsp.rootg2.amazontrust.com/][StatusCode: 200][Content-Type: application/ocsp-response][Server: ¯\_(ツ)_/¯][User-Agent: **][Risk: ** HTTP Susp User-Agent **** HTTP Susp Header **][Risk Score: 200][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 33,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/flow_risk_infos_disabled/result/tls_malicious_sha1.pcapng.out b/tests/cfgs/flow_risk_infos_disabled/result/tls_malicious_sha1.pcapng.out new file mode 100644 index 000000000..23a1d5b67 --- /dev/null +++ b/tests/cfgs/flow_risk_infos_disabled/result/tls_malicious_sha1.pcapng.out @@ -0,0 +1,34 @@ +DPI Packets (TCP): 8 (8.00 pkts/flow) +Confidence DPI : 1 (flows) +Num dissector calls: 1 (1.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/2/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 0/1/0 (insert/search/found) +Automa host: 2/0 (search/found) +Automa domain: 2/0 (search/found) +Automa tls cert: 1/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 1/0 (search/found) +Patricia protocols: 0/0 (search/found) +Patricia protocols IPv6: 1/1 (search/found) + +TLS 22 7204 1 + +Safe 22 7204 1 + +Web 22 7204 1 + +JA Host Stats: + IP Address # JA4C + 1 2001:b07:a3d:c112:9726:f643:a838:b0c4 1 + + + 1 TCP [2001:b07:a3d:c112:9726:f643:a838:b0c4]:40294 <-> [2a00:1450:4002:414::2013]:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 8][cat: Web/5][12 pkts/1574 bytes <-> 10 pkts/5630 bytes][Goodput ratio: 34/85][0.12 sec][Hostname/SNI: www.prbtest.dev][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.563 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/6 23/20 7/7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 131/563 316/2502 62/920][Risk: ** Malicious SSL Cert/SHA1 Fingerp. **][Risk Score: 50][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.2][JA4: t12d2808h2_d943125447b4_dd0a478c1db3][ServerNames: www.prbtest.dev][JA3S: e2bc06b738d7e5d2b0cec5d2196b1d80][Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1D4][Subject: CN=www.prbtest.dev][Certificate SHA-1: 0D:DB:34:F8:75:63:2C:7E:1E:C0:9D:75:82:7F:82:D2:33:6D:FE:B6][Firefox][Validity: 2023-11-28 12:50:11 - 2024-02-26 13:39:22][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 16,51,8,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16] |