From a1451935b8653adc830ee4cb827def3622fb02d6 Mon Sep 17 00:00:00 2001
From: Vitaly Lavrov <vel21ripn@gmail.com>
Date: Tue, 8 Mar 2022 02:20:56 +0300
Subject: Errors fixed (#1482)

Fixed errors for bigendian platforms in ndpiReader.
All address and port comparisons and hash calculations are done with
endian in mind.
The get_ndpi_flow_info() function searched for an existing flow for the
forward and reverse direction of the packet.
The ndpi_workflow_node_cmp() function looked for a flow regardless of
the packet's direction. This is what led to an error in determining the
direction of transmission of the packet.

Fixed error in "synscan" test: the number of packets in the forward and
reverse direction is incorrectly defined (verified via tcpdump).

Fixed bug with icmp protocol checksum check for big endian platforms.
---
 tests/result/anydesk-2.pcap.out | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'tests/result/anydesk-2.pcap.out')

diff --git a/tests/result/anydesk-2.pcap.out b/tests/result/anydesk-2.pcap.out
index d0de427e0..9d45b4a89 100644
--- a/tests/result/anydesk-2.pcap.out
+++ b/tests/result/anydesk-2.pcap.out
@@ -8,8 +8,8 @@ AnyDesk	2083	346113	4
 
 JA3 Host Stats: 
 		 IP Address                  	 # JA3C     
-	1	 192.168.1.187            	 1      
-	2	 192.168.1.178            	 1      
+	1	 192.168.1.178            	 1      
+	2	 192.168.1.187            	 1      
 
 
 	1	TCP 192.168.1.187:54164 <-> 192.168.1.178:7070 [proto: 91.252/TLS.AnyDesk][Encrypted][Confidence: DPI][cat: RemoteAccess/12][509 pkts/226247 bytes <-> 1555 pkts/115282 bytes][Goodput ratio: 88/22][22.84 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/14 2966/3021 229/106][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/74 1511/1514 475/47][Risk: ** Known Protocol on Non Standard Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extension **** Desktop/File Sharing Session **][Risk Score: 120][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA3S: ee644a8a34c434abca4b737ec1d9efad][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0][Firefox][Cipher: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,64,6,1,3,1,1,1,0,1,1,0,0,1,1,0,3,0,0,0,0,0,3,1,0,1,1,0,1,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,1,0,0]
-- 
cgit v1.2.3