From e78c164a6b18f6b7eb368db2899507bd7f238599 Mon Sep 17 00:00:00 2001 From: lns Date: Wed, 15 Jun 2022 16:18:52 +0200 Subject: Improved IPSec/ISAKMP detection. Signed-off-by: lns --- tests/result/ah.pcapng.out | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'tests/result/ah.pcapng.out') diff --git a/tests/result/ah.pcapng.out b/tests/result/ah.pcapng.out index 389483df8..0f0302951 100644 --- a/tests/result/ah.pcapng.out +++ b/tests/result/ah.pcapng.out @@ -1,11 +1,10 @@ -Guessed flow protos: 1 +Guessed flow protos: 0 -DPI Packets (UDP): 4 (4.00 pkts/flow) +DPI Packets (UDP): 1 (1.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) -Confidence Match by port : 1 (flows) -Confidence DPI : 1 (flows) +Confidence DPI : 2 (flows) -IPsec 6 1768 2 +IPSec 6 1768 2 - 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 79/IPsec][Encrypted][Confidence: Match by port][cat: VPN/2][2 pkts/770 bytes <-> 2 pkts/722 bytes][Goodput ratio: 89/88][0.02 sec][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 51 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPsec][Encrypted][Confidence: DPI][cat: VPN/2][1 pkts/138 bytes <-> 1 pkts/138 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 79/IPSec][Encrypted][Confidence: DPI][cat: VPN/2][2 pkts/770 bytes <-> 2 pkts/722 bytes][Goodput ratio: 89/88][0.02 sec][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 51 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 79/IPSec][Encrypted][Confidence: DPI][cat: VPN/2][1 pkts/138 bytes <-> 1 pkts/138 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] -- cgit v1.2.3