From 843e4872706b07b9e78418986d35fc86bc156d60 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Wed, 3 Jul 2024 18:02:07 +0200
Subject: Add infrastructure for explicit support of Fist Packet Classification
 (#2488)

Let's start with some basic helpers and with FPC based on flow addresses.

See: #2322
---
 tests/cfgs/default/result/tls_cipher_lens.pcap.out | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'tests/cfgs/default/result/tls_cipher_lens.pcap.out')

diff --git a/tests/cfgs/default/result/tls_cipher_lens.pcap.out b/tests/cfgs/default/result/tls_cipher_lens.pcap.out
index 23dbccefa..bfe506cec 100644
--- a/tests/cfgs/default/result/tls_cipher_lens.pcap.out
+++ b/tests/cfgs/default/result/tls_cipher_lens.pcap.out
@@ -30,8 +30,8 @@ JA3 Host Stats:
 	1	 192.168.11.11            	 2      
 
 
-	1	TCP 192.168.11.11:51587 -> 173.194.35.191:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: www.google.it][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 755cdaa3496eb8728247a639dee17aad][JA4: t10d360600_77f462745360_6072aad2e91d][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 192.168.11.11:51588 -> 173.194.35.191:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 8eae3e18d36ce24c4ac6b9eeb84ac762][JA4: t10d660000_1ade43d4e5bc_e3b0c44298fc][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.11.11:51589 -> 173.194.35.191:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	TCP 192.168.11.11:51590 -> 173.194.35.191:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	TCP 192.168.11.11:51591 -> 173.194.35.191:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.11.11:51587 -> 173.194.35.191:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: www.google.it][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 755cdaa3496eb8728247a639dee17aad][JA4: t10d360600_77f462745360_6072aad2e91d][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.11.11:51588 -> 173.194.35.191:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 8eae3e18d36ce24c4ac6b9eeb84ac762][JA4: t10d660000_1ade43d4e5bc_e3b0c44298fc][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.11.11:51589 -> 173.194.35.191:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.11.11:51590 -> 173.194.35.191:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	TCP 192.168.11.11:51591 -> 173.194.35.191:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **** Probing attempt **][Risk Score: 160][Risk Info: No server to client traffic / TLSv1 / TCP connection with unidirectional traffic][TLSv1][PLAIN TEXT (www.google.it)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-- 
cgit v1.2.3