From bf69321a29699776f24b74e71c5dc3c80ede161b Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Sat, 8 Jan 2022 20:40:24 +0100
Subject: GTP: fix some false positives (#1394)

---
 tests/pcap/gtp_false_positive.pcapng       | Bin 1028 -> 1532 bytes
 tests/result/gtp_false_positive.pcapng.out |   9 +++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

(limited to 'tests')

diff --git a/tests/pcap/gtp_false_positive.pcapng b/tests/pcap/gtp_false_positive.pcapng
index 79ca73a38..d2147864d 100644
Binary files a/tests/pcap/gtp_false_positive.pcapng and b/tests/pcap/gtp_false_positive.pcapng differ
diff --git a/tests/result/gtp_false_positive.pcapng.out b/tests/result/gtp_false_positive.pcapng.out
index d13c6c102..aff366938 100644
--- a/tests/result/gtp_false_positive.pcapng.out
+++ b/tests/result/gtp_false_positive.pcapng.out
@@ -1,11 +1,12 @@
-Guessed flow protos:	2
+Guessed flow protos:	3
 
-DPI Packets (UDP):	6	(3.00 pkts/flow)
+DPI Packets (UDP):	7	(2.33 pkts/flow)
 
 Unknown	5	428	1
-GTP	1	56	1
+GTP	2	424	2
 
-	1	UDP 50.7.111.134:17000 -> 103.225.103.159:2123 [proto: 152/GTP][ClearText][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 14/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 119.185.190.173:2123 -> 66.86.98.114:50140 [proto: 152/GTP][ClearText][cat: Network/14][1 pkts/368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (autoAlgo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 50.7.111.134:17000 -> 103.225.103.159:2123 [proto: 152/GTP][ClearText][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 14/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 
 
 Undetected flows:
-- 
cgit v1.2.3