aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/ndpireader_conf_file/result
diff options
context:
space:
mode:
Diffstat (limited to 'tests/cfgs/ndpireader_conf_file/result')
-rw-r--r--tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out11
-rw-r--r--tests/cfgs/ndpireader_conf_file/result/shadowsocks.pcap.out37
-rw-r--r--tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out6
-rw-r--r--tests/cfgs/ndpireader_conf_file/result/stun_signal_tcp.pcapng.out2
4 files changed, 50 insertions, 6 deletions
diff --git a/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out b/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out
index a8d908bef..b3b379f11 100644
--- a/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out
+++ b/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out
@@ -1,7 +1,7 @@
DPI Packets (TCP): 59 (29.50 pkts/flow)
DPI Packets (UDP): 10 (10.00 pkts/flow)
Confidence DPI (aggressive) : 3 (flows)
-Num dissector calls: 771 (257.00 diss/flow)
+Num dissector calls: 742 (247.33 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
@@ -28,6 +28,9 @@ NordVPN 30 10598 1
Safe 60 17222 1
Acceptable 117 36067 2
- 1 TCP 107.161.86.131:443 <-> 192.168.12.156:48072 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 40][cat: VPN/2][40 pkts/9272 bytes <-> 47 pkts/16197 bytes][Goodput ratio: 70/81][3.15 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 212/303 66/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/345 1514/1090 370/406][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN / Expected on port 1194][PLAIN TEXT (MhLYoT)][Plen Bins: 35,3,3,15,1,1,0,0,1,3,5,1,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,18,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
- 2 TCP 192.168.12.156:37976 <-> 185.128.25.99:465 [proto: 91/TLS][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 19][cat: Web/5][29 pkts/7410 bytes <-> 31 pkts/9812 bytes][Goodput ratio: 74/79][1.73 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/26 1019/153 204/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/317 1090/1514 256/424][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS traffic / Expected on port 443][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,14,30,14,2,0,2,5,0,5,5,2,0,0,2,0,0,0,0,0,2,0,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
- 3 UDP 192.168.12.156:47128 <-> 149.102.238.108:1214 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 10][cat: VPN/2][19 pkts/3629 bytes <-> 11 pkts/6969 bytes][Goodput ratio: 78/93][1.26 sec][bytes ratio: -0.315 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/132 1156/1023 278/337][Pkt Len c2s/s2c min/avg/max/stddev: 115/136 191/634 782/1158 153/438][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Obfuscated Traffic **][Risk Score: 160][Risk Info: Entropy: 6.051 (Executable?) / Obfuscated OpenVPN / Expected on port 1194][PLAIN TEXT (SFhAFI)][Plen Bins: 0,0,23,41,3,0,0,0,3,0,3,6,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
+VPN 117 36067 2
+Web 60 17222 1
+
+ 1 TCP 107.161.86.131:443 <-> 192.168.12.156:48072 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 40][cat: VPN/2][40 pkts/9272 bytes <-> 47 pkts/16197 bytes][Goodput ratio: 70/81][3.15 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 212/303 66/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/345 1514/1090 370/406][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN][PLAIN TEXT (MhLYoT)][Plen Bins: 35,3,3,15,1,1,0,0,1,3,5,1,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,18,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
+ 2 TCP 192.168.12.156:37976 <-> 185.128.25.99:465 [proto: 91/TLS][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 19][cat: Web/5][29 pkts/7410 bytes <-> 31 pkts/9812 bytes][Goodput ratio: 74/79][1.73 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/26 1019/153 204/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/317 1090/1514 256/424][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS traffic][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,14,30,14,2,0,2,5,0,5,5,2,0,0,2,0,0,0,0,0,2,0,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
+ 3 UDP 192.168.12.156:47128 <-> 149.102.238.108:1214 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 10][cat: VPN/2][19 pkts/3629 bytes <-> 11 pkts/6969 bytes][Goodput ratio: 78/93][1.26 sec][bytes ratio: -0.315 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/132 1156/1023 278/337][Pkt Len c2s/s2c min/avg/max/stddev: 115/136 191/634 782/1158 153/438][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Obfuscated Traffic **][Risk Score: 160][Risk Info: Obfuscated OpenVPN][PLAIN TEXT (SFhAFI)][Plen Bins: 0,0,23,41,3,0,0,0,3,0,3,6,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/ndpireader_conf_file/result/shadowsocks.pcap.out b/tests/cfgs/ndpireader_conf_file/result/shadowsocks.pcap.out
new file mode 100644
index 000000000..bee328c88
--- /dev/null
+++ b/tests/cfgs/ndpireader_conf_file/result/shadowsocks.pcap.out
@@ -0,0 +1,37 @@
+DPI Packets (TCP): 21 (10.50 pkts/flow)
+Confidence Unknown : 1 (flows)
+Confidence DPI : 1 (flows)
+Num dissector calls: 381 (190.50 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/3/0 (insert/search/found)
+LRU cache stun: 0/0/0 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/1/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/2/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Unknown 15 68444 1
+SOCKS 29 69355 1
+
+Acceptable 29 69355 1
+Unrated 15 68444 1
+
+Unspecified 15 68444 1
+Web 29 69355 1
+
+ 1 TCP 127.0.0.1:37904 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/1160 bytes <-> 13 pkts/68195 bytes][Goodput ratio: 8/99][1.49 sec][bytes ratio: -0.967 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 114/160 659/660 191/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/5246 148/16450 20/7185][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 33,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41]
+
+
+Undetected flows:
+ 1 TCP 127.0.0.1:44276 <-> 127.0.0.1:8388 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][8 pkts/641 bytes <-> 7 pkts/67803 bytes][Goodput ratio: 16/99][0.83 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/163 103/165 334/334 122/118][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 80/9686 171/18151 34/8394][Risk: ** Obfuscated Traffic **][Risk Score: 100][Risk Info: Fully Encrypted][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (EBjATMT)][Plen Bins: 0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80]
diff --git a/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out b/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out
index 54b4859e0..179ffae9d 100644
--- a/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out
+++ b/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out
@@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
-Patricia risk mask: 6/0 (search/found)
+Patricia risk mask: 0/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
@@ -25,6 +25,8 @@ SignalVoip 334 123259 3
Acceptable 334 123259 3
- 1 UDP 192.168.12.67:47926 <-> 35.219.252.146:56377 [proto: 338.269/SRTP.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 298][DPI packets before monitoring: 201][cat: VoIP/10][167 pkts/87565 bytes <-> 131 pkts/31930 bytes][Goodput ratio: 92/83][10.75 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/82 2304/2449 291/279][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 524/244 1223/900 385/198][Mapped IP/Port: 93.35.168.30:45266, 35.219.252.146:56377][RTP packets: 68/124][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (17uAgN)][Plen Bins: 3,28,9,7,0,0,0,0,16,8,1,0,0,1,1,0,1,1,0,1,0,0,0,0,7,3,0,1,0,0,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+VoIP 334 123259 3
+
+ 1 UDP 192.168.12.67:47926 <-> 35.219.252.146:56377 [proto: 338.269/SRTP.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 298][DPI packets before monitoring: 201][cat: VoIP/10][167 pkts/87565 bytes <-> 131 pkts/31930 bytes][Goodput ratio: 92/83][10.75 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/82 2304/2449 291/279][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 524/244 1223/900 385/198][Mapped IP/Port: 93.35.168.30:45266, 35.219.252.146:56377][RTP packets: 68/124][PLAIN TEXT (17uAgN)][Plen Bins: 3,28,9,7,0,0,0,0,16,8,1,0,0,1,1,0,1,1,0,1,0,0,0,0,7,3,0,1,0,0,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.67:47926 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 26][cat: VoIP/10][13 pkts/1258 bytes <-> 13 pkts/1454 bytes][Goodput ratio: 57/62][10.01 sec][Hostname/SNI: signal.org][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/6 804/804 4015/4015 1248/1248][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 97/112 162/126 43/14][Mapped IP/Port: 93.35.168.30:45265][Peer IP/Port: 35.219.252.146:56377, 35.219.252.146:34099, 35.219.252.146:37175][Relayed IP/Port: 35.219.252.146:40378][PLAIN TEXT (BFODsIPgWuCIX)][Plen Bins: 34,19,30,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.12.67:47926 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/4 2503/2503 9988/9988 4321/4321][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45265][Relayed IP/Port: 35.216.234.234:29688][PLAIN TEXT (42oPBlgi)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/ndpireader_conf_file/result/stun_signal_tcp.pcapng.out b/tests/cfgs/ndpireader_conf_file/result/stun_signal_tcp.pcapng.out
index 08a064731..9439affc1 100644
--- a/tests/cfgs/ndpireader_conf_file/result/stun_signal_tcp.pcapng.out
+++ b/tests/cfgs/ndpireader_conf_file/result/stun_signal_tcp.pcapng.out
@@ -24,4 +24,6 @@ SignalVoip 500 114216 1
Acceptable 500 114216 1
+VoIP 500 114216 1
+
1 TCP 192.168.1.117:51296 <-> 35.219.252.146:80 [proto: 338.269/SRTP.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 500][DPI packets before monitoring: 204][cat: VoIP/10][226 pkts/71104 bytes <-> 274 pkts/43112 bytes][Goodput ratio: 82/64][17.42 sec][Hostname/SNI: signal.org][bytes ratio: 0.245 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 80/68 2434/2433 281/278][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 315/157 1242/1474 338/185][Mapped IP/Port: 93.35.171.86:51262, 35.219.252.146:13140, 93.33.26.150:37920][Peer IP/Port: 93.33.26.150:37920, 35.219.252.146:17691, 35.219.252.146:38054, 35.219.252.146:18788][Relayed IP/Port: 35.219.252.146:13140][RTP packets: 106/62][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (LODkFIIf)][Plen Bins: 0,21,18,20,5,0,0,0,21,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.