From 304747f1fac02038c64dca004a80768db43eeb65 Mon Sep 17 00:00:00 2001
From: lns <matzeton@googlemail.com>
Date: Tue, 10 Oct 2023 15:53:29 +0200
Subject: Improved MGCP detection by allowing '\r' as line feed.

Signed-off-by: lns <matzeton@googlemail.com>
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 tests/cfgs/default/pcap/mgcp.pcap         | Bin 0 -> 3591 bytes
 tests/cfgs/default/pcap/mgcp.pcapng       | Bin 3988 -> 0 bytes
 tests/cfgs/default/result/mgcp.pcap.out   |  29 +++++++++++++++++++++++++++++
 tests/cfgs/default/result/mgcp.pcapng.out |  26 --------------------------
 4 files changed, 29 insertions(+), 26 deletions(-)
 create mode 100644 tests/cfgs/default/pcap/mgcp.pcap
 delete mode 100644 tests/cfgs/default/pcap/mgcp.pcapng
 create mode 100644 tests/cfgs/default/result/mgcp.pcap.out
 delete mode 100644 tests/cfgs/default/result/mgcp.pcapng.out

(limited to 'tests')

diff --git a/tests/cfgs/default/pcap/mgcp.pcap b/tests/cfgs/default/pcap/mgcp.pcap
new file mode 100644
index 000000000..ec74f56cb
Binary files /dev/null and b/tests/cfgs/default/pcap/mgcp.pcap differ
diff --git a/tests/cfgs/default/pcap/mgcp.pcapng b/tests/cfgs/default/pcap/mgcp.pcapng
deleted file mode 100644
index d14f1a4f4..000000000
Binary files a/tests/cfgs/default/pcap/mgcp.pcapng and /dev/null differ
diff --git a/tests/cfgs/default/result/mgcp.pcap.out b/tests/cfgs/default/result/mgcp.pcap.out
new file mode 100644
index 000000000..e28fef129
--- /dev/null
+++ b/tests/cfgs/default/result/mgcp.pcap.out
@@ -0,0 +1,29 @@
+Guessed flow protos:	0
+
+DPI Packets (UDP):	5	(1.00 pkts/flow)
+Confidence DPI              : 5 (flows)
+Num dissector calls: 90 (18.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   10/0 (search/found)
+Patricia risk:        6/0 (search/found)
+Patricia protocols:   10/0 (search/found)
+
+MGCP	23	2731	5
+
+	1	UDP 10.10.228.72:2427 <-> 10.10.244.2:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][6 pkts/1254 bytes <-> 6 pkts/418 bytes][Goodput ratio: 79/40][6.26 sec][Hostname/SNI: vg224][bytes ratio: 0.500 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 884/884 3523/3523 1524/1523][Pkt Len c2s/s2c min/avg/max/stddev: 60/57 209/70 846/104 285/19][PLAIN TEXT (RSIP 262662134 )][Plen Bins: 41,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 172.16.1.116:2427 <-> 172.16.1.119:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][4 pkts/370 bytes <-> 4 pkts/395 bytes][Goodput ratio: 54/57][80.75 sec][Hostname/SNI: gateway44.myplace.com][bytes ratio: -0.033 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/36 26914/26914 76721/76695 35257/35238][Pkt Len c2s/s2c min/avg/max/stddev: 61/98 92/99 103/101 18/1][PLAIN TEXT (RQNT 1 )][Plen Bins: 12,87,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP 67.232.180.250:38238 -> 186.112.128.179:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Hostname/SNI: gateway44.myplace.com][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (RQNT 1 )][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 92.173.166.213:51954 -> 83.250.239.33:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Hostname/SNI: gateway44.myplace.com][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (RQNT 1 )][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP 187.43.37.188:40798 -> 196.167.59.124:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Hostname/SNI: gateway44.myplace.com][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (RQNT 1 )][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/mgcp.pcapng.out b/tests/cfgs/default/result/mgcp.pcapng.out
deleted file mode 100644
index aa6430ca3..000000000
--- a/tests/cfgs/default/result/mgcp.pcapng.out
+++ /dev/null
@@ -1,26 +0,0 @@
-Guessed flow protos:	0
-
-DPI Packets (UDP):	2	(1.00 pkts/flow)
-Confidence DPI              : 2 (flows)
-Num dissector calls: 36 (18.00 diss/flow)
-LRU cache ookla:      0/0/0 (insert/search/found)
-LRU cache bittorrent: 0/0/0 (insert/search/found)
-LRU cache zoom:       0/0/0 (insert/search/found)
-LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
-LRU cache msteams:    0/0/0 (insert/search/found)
-LRU cache stun_zoom:  0/0/0 (insert/search/found)
-Automa host:          0/0 (search/found)
-Automa domain:        0/0 (search/found)
-Automa tls cert:      0/0 (search/found)
-Automa risk mask:     0/0 (search/found)
-Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   4/0 (search/found)
-Patricia risk:        0/0 (search/found)
-Patricia protocols:   4/0 (search/found)
-
-MGCP	20	2437	2
-
-	1	UDP 10.10.228.72:2427 <-> 10.10.244.2:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][6 pkts/1254 bytes <-> 6 pkts/418 bytes][Goodput ratio: 79/40][6.26 sec][Hostname/SNI: vg224][bytes ratio: 0.500 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 884/884 3523/3523 1524/1523][Pkt Len c2s/s2c min/avg/max/stddev: 60/57 209/70 846/104 285/19][PLAIN TEXT (RSIP 262662134 )][Plen Bins: 41,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 172.16.1.116:2427 <-> 172.16.1.119:2427 [proto: 94/MGCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][4 pkts/370 bytes <-> 4 pkts/395 bytes][Goodput ratio: 54/57][80.75 sec][Hostname/SNI: gateway44.myplace.com][bytes ratio: -0.033 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/36 26914/26914 76721/76695 35257/35238][Pkt Len c2s/s2c min/avg/max/stddev: 61/98 92/99 103/101 18/1][PLAIN TEXT (RQNT 1 )][Plen Bins: 12,87,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-- 
cgit v1.2.3