diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2023-11-11 19:06:48 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2023-11-11 19:16:07 +0100 |
| commit | 4920b2a4be62b85b6355278fe0d63637bddb624f (patch) | |
| tree | 1dfad91b7a159261ff99334a6c8afa7c268c807e | |
| parent | 8ebaccc27d779e981b500e80b69f62396dcaa0ca (diff) | |
Use c-captured within `test/run_tests.sh`.
* Some logging related modifications were required to achieve this.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
459 files changed, 1800 insertions, 69 deletions
diff --git a/examples/c-captured/c-captured.c b/examples/c-captured/c-captured.c index 14457a175..338125b6f 100644 --- a/examples/c-captured/c-captured.c +++ b/examples/c-captured/c-captured.c @@ -11,7 +11,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <syslog.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/types.h> @@ -141,7 +140,7 @@ static int pcap_open_or_append(int packet_datalink, if (*pd == NULL) { - syslog(LOG_DAEMON | LOG_ERR, "pcap error %s", pcap_geterr(*p)); + logger(1, "pcap error %s", pcap_geterr(*p)); pcap_close(*p); return 1; } @@ -175,13 +174,13 @@ static void decode_base64(pcap_dumper_t * const pd, } else { - syslog(LOG_DAEMON | LOG_ERR, "%s", "BUG: Can not decode base64 packet."); + logger(1, "%s", "BUG: Can not decode base64 packet."); return; } if (nDPIsrvd_base64decode(base64_packet, base64_packet_size, pkt_buf, &pkt_buf_len) != 0 || pkt_buf_len == 0) { - syslog(LOG_DAEMON | LOG_ERR, "packet base64 decode failed (%zu bytes): %s", base64_packet_size, base64_packet); + logger(1, "packet base64 decode failed (%zu bytes): %s", base64_packet_size, base64_packet); } else { @@ -485,7 +484,7 @@ static int packet_write_pcap_file(struct global_user_data const * const global_u if (utarray_len(pd_array) == 0) { - syslog(LOG_DAEMON, "Can not dump packets to pcap; packet array empty"); + logger(0, "Can not dump packets to pcap; packet array empty"); return 1; } @@ -501,7 +500,7 @@ static int packet_write_pcap_file(struct global_user_data const * const global_u char filename[PATH_MAX]; if (packet_generate_pcap_filename(filename, sizeof(filename), packet_datalink) == NULL) { - syslog(LOG_DAEMON | LOG_ERR, "%s", "Internal error. Could not generate PCAP filename, exit .."); + logger(1, "%s", "Internal error. Could not generate PCAP filename, exit .."); return 1; } @@ -509,7 +508,7 @@ static int packet_write_pcap_file(struct global_user_data const * const global_u pcap_dumper_t * pd = NULL; if (pcap_open_or_append(packet_datalink, filename, &p, &pd) != 0) { - syslog(LOG_DAEMON | LOG_ERR, "Can not dump packets to pcap; file open/append failed"); + logger(1, "Can not dump packets to pcap; file open/append failed"); return 1; } @@ -564,13 +563,13 @@ static int flow_write_pcap_file(struct flow_user_data const * const flow_user, c if (utarray_len(pd_array) == 0) { - syslog(LOG_DAEMON | LOG_ERR, "Can not dump flow packets to pcap; flow packet array empty"); + logger(1, "Can not dump flow packets to pcap; flow packet array empty"); return 0; } if (pcap_open_or_append(packet_datalink, filename, &p, &pd) != 0) { - syslog(LOG_DAEMON | LOG_ERR, "Can not dump flow packets to pcap; file open/append failed"); + logger(1, "Can not dump flow packets to pcap; file open/append failed"); return 0; } @@ -619,26 +618,26 @@ static enum nDPIsrvd_conversion_return perror_ull(enum nDPIsrvd_conversion_retur break; case CONVERISON_KEY_NOT_FOUND: - syslog(LOG_DAEMON | LOG_ERR, "%s: Key not found.", prefix); + logger(1, "%s: Key not found.", prefix); break; case CONVERSION_NOT_A_NUMBER: - syslog(LOG_DAEMON | LOG_ERR, "%s: Not a valid number.", prefix); + logger(1, "%s: Not a valid number.", prefix); break; case CONVERSION_RANGE_EXCEEDED: - syslog(LOG_DAEMON | LOG_ERR, "%s: Number too large.", prefix); + logger(1, "%s: Number too large.", prefix); break; default: - syslog(LOG_DAEMON | LOG_ERR, "Internal error, invalid conversion return value."); + logger(1, "Internal error, invalid conversion return value."); break; } return retval; } -static void syslog_event(struct nDPIsrvd_socket * const sock, - struct nDPIsrvd_flow * const flow, - char const * const event_name) +static void log_event(struct nDPIsrvd_socket * const sock, + struct nDPIsrvd_flow * const flow, + char const * const event_name) { struct nDPIsrvd_json_token const * const src_ip = TOKEN_GET_SZ(sock, "src_ip"); struct nDPIsrvd_json_token const * const dst_ip = TOKEN_GET_SZ(sock, "dst_ip"); @@ -653,7 +652,7 @@ static void syslog_event(struct nDPIsrvd_socket * const sock, if (src_ip == NULL || dst_ip == NULL) { - syslog(LOG_DAEMON | LOG_ERR, "Flow %llu: Missing essential source/destination IP address.", flow->id_as_ull); + logger(1, "Flow %llu: Missing essential source/destination IP address.", flow->id_as_ull); } else { @@ -677,18 +676,35 @@ static void syslog_event(struct nDPIsrvd_socket * const sock, } } - syslog(LOG_DAEMON | LOG_ERR, - "Flow %llu %s: %.*s %.*s%s -> %.*s%s", - flow->id_as_ull, - event_name, - (l4_proto_str != NULL ? (int)l4_proto_len : na_len), - (l4_proto_str != NULL ? l4_proto_str : na), - (src_ip_str != NULL ? (int)src_ip_len : na_len), - (src_ip_str != NULL ? src_ip_str : na), - src_port_str, - (dst_ip_str != NULL ? (int)dst_ip_len : na_len), - (dst_ip_str != NULL ? dst_ip_str : na), - dst_port_str); + if (is_console_logger_enabled() != 0) + { + printf("Flow %llu %s: %.*s %.*s%s -> %.*s%s\n", + flow->id_as_ull, + event_name, + (l4_proto_str != NULL ? (int)l4_proto_len : na_len), + (l4_proto_str != NULL ? l4_proto_str : na), + (src_ip_str != NULL ? (int)src_ip_len : na_len), + (src_ip_str != NULL ? src_ip_str : na), + src_port_str, + (dst_ip_str != NULL ? (int)dst_ip_len : na_len), + (dst_ip_str != NULL ? dst_ip_str : na), + dst_port_str); + } + else + { + logger(0, + "Flow %llu %s: %.*s %.*s%s -> %.*s%s", + flow->id_as_ull, + event_name, + (l4_proto_str != NULL ? (int)l4_proto_len : na_len), + (l4_proto_str != NULL ? l4_proto_str : na), + (src_ip_str != NULL ? (int)src_ip_len : na_len), + (src_ip_str != NULL ? src_ip_str : na), + src_port_str, + (dst_ip_str != NULL ? (int)dst_ip_len : na_len), + (dst_ip_str != NULL ? dst_ip_str : na), + dst_port_str); + } } static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_socket * const sock, @@ -708,17 +724,17 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock if (utarray_packets_init(global_user) == 0) { - syslog(LOG_DAEMON | LOG_ERR, "Memory allocation for packet data failed."); + logger(1, "Memory allocation for packet data failed."); return CALLBACK_ERROR; } if (TOKEN_GET_SZ(sock, "error_event_name") != NULL) { - syslog(LOG_DAEMON | LOG_ERR, "Received an error event for packet id %llu.", packet_id); + logger(1, "Received an error event for packet id %llu.", packet_id); if (TOKEN_GET_SZ(sock, "error_event_id") == NULL) { - syslog(LOG_DAEMON | LOG_ERR, "Missing error event id."); + logger(1, "Missing error event id."); return CALLBACK_ERROR; } @@ -727,28 +743,26 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock struct packet_data pd = {.error_event_id = error_event_id, .packet_id = packet_id}; if (utarray_packets_add(global_user, &pd) == 0) { - syslog(LOG_DAEMON | LOG_ERR, "Could not add packet to array with id %llu.", packet_id); + logger(1, "Could not add packet to array with id %llu.", packet_id); return CALLBACK_ERROR; } } else if (TOKEN_VALUE_EQUALS_SZ(sock, TOKEN_GET_SZ(sock, "packet_event_name"), "packet") != 0) { - syslog(LOG_DAEMON | LOG_ERR, "Received an packet event for packet id %llu.", packet_id); + logger(1, "Received an packet event for packet id %llu.", packet_id); if (capture_mode != 0) { struct packet_data * const pd = utarray_packets_get(global_user, packet_id); if (pd == NULL) { - syslog(LOG_DAEMON | LOG_ERR, - "Received an packet event w/o a previous error event for packet id %llu.", - packet_id); + logger(1, "Received an packet event w/o a previous error event for packet id %llu.", packet_id); return CALLBACK_OK; } if (pd->packet_id != packet_id) { - syslog(LOG_DAEMON | LOG_ERR, + logger(1, "Received a packet event with a different packet id then the one seen in the error event: " "%llu != %llu.", packet_id, @@ -759,8 +773,8 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock struct nDPIsrvd_json_token const * const pkt = TOKEN_GET_SZ(sock, "pkt"); if (pkt == NULL) { - syslog(LOG_DAEMON | LOG_ERR, "%s", "No packet data available."); - syslog(LOG_DAEMON | LOG_ERR, + logger(1, "%s", "No packet data available."); + logger(1, "JSON String: '%.*s'", nDPIsrvd_json_buffer_length(sock), nDPIsrvd_json_buffer_string(sock)); @@ -785,7 +799,7 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock if (packet_write_pcap_file(global_user) != 0) { - syslog(LOG_DAEMON | LOG_ERR, "%s", "Could not dump non-flow packet data"); + logger(1, "%s", "Could not dump non-flow packet data"); return CALLBACK_OK; } } @@ -813,17 +827,14 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock struct nDPIsrvd_json_token const * const pkt = TOKEN_GET_SZ(sock, "pkt"); if (pkt == NULL) { - syslog(LOG_DAEMON | LOG_ERR, "%s", "No packet data available."); - syslog(LOG_DAEMON | LOG_ERR, - "JSON String: '%.*s'", - nDPIsrvd_json_buffer_length(sock), - nDPIsrvd_json_buffer_string(sock)); + logger(1, "%s", "No packet data available."); + logger(1, "JSON String: '%.*s'", nDPIsrvd_json_buffer_length(sock), nDPIsrvd_json_buffer_string(sock)); return CALLBACK_OK; } if (utarray_flow_packets_init(flow_user) == 0) { - syslog(LOG_DAEMON | LOG_ERR, "%s", "Memory allocation for captured packets failed."); + logger(1, "%s", "Memory allocation for captured packets failed."); return CALLBACK_ERROR; } @@ -840,7 +851,7 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock .base64_packet_const = nDPIsrvd_get_token_value(sock, pkt)}; if (utarray_flow_packets_add(flow_user, &pd) == 0) { - syslog(LOG_DAEMON | LOG_ERR, "%s", "Memory allocation to add a captured packet failed."); + logger(1, "%s", "Memory allocation to add a captured packet failed."); return CALLBACK_ERROR; } } @@ -930,21 +941,20 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock if (logging_mode != 0) { if (flow_user->guessed != 0) - syslog_event(sock, flow, "guessed"); + log_event(sock, flow, "guessed"); if (flow_user->detected == 0) - syslog_event(sock, flow, "not-detected"); + log_event(sock, flow, "not-detected"); if (flow_user->risky != 0) - syslog_event(sock, flow, "risky"); + log_event(sock, flow, "risky"); if (flow_user->midstream != 0) - syslog_event(sock, flow, "midstream"); + log_event(sock, flow, "midstream"); } - if (flow_user->packets == NULL || flow_user->flow_max_packets == 0 || - utarray_len(flow_user->packets) == 0) + if (flow_user->packets == NULL || flow_user->flow_max_packets == 0 || utarray_len(flow_user->packets) == 0) { if (logging_mode != 0) { - syslog(LOG_DAEMON | LOG_ERR, "Flow %llu: No packets captured.", flow->id_as_ull); + logger(0, "Flow %llu: No packets captured.", flow->id_as_ull); } } else if (capture_mode != 0) @@ -955,7 +965,7 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock char pcap_filename[PATH_MAX]; if (flow_generate_pcap_filename(flow_user, pcap_filename, sizeof(pcap_filename)) == NULL) { - syslog(LOG_DAEMON | LOG_ERR, "%s", "Internal error. Could not generate PCAP filename, exit .."); + logger(1, "%s", "Internal error. Could not generate PCAP filename, exit .."); return CALLBACK_ERROR; } #ifdef VERBOSE @@ -963,7 +973,7 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock #endif if (flow_write_pcap_file(flow_user, pcap_filename) != 0) { - syslog(LOG_DAEMON | LOG_ERR, "Could not dump packet data to pcap file %s", pcap_filename); + logger(1, "Could not dump packet data to pcap file %s", pcap_filename); return CALLBACK_OK; } } @@ -1012,7 +1022,7 @@ static void nDPIsrvd_write_flow_info_cb(struct nDPIsrvd_socket const * sock, flow_user->flow_tot_l4_payload_len, flow_user->packets != NULL ? utarray_len(flow_user->packets) : 0); - syslog(LOG_DAEMON, + logger(0, "[Flow %4llu][ptr: " #ifdef __LP64__ "0x%016llx" @@ -1071,8 +1081,9 @@ static void print_usage(char const * const arg0) { static char const usage[] = "Usage: %s " - "[-d] [-p pidfile] [-s host] [-r rotate-every-n-seconds]\n" + "[-c] [-d] [-p pidfile] [-s host] [-r rotate-every-n-seconds]\n" "\t \t[-u user] [-g group] [-D dir] [-G] [-U] [-R risk] [-M]\n\n" + "\t-c\tLog all messages to stdout/stderr instead of syslog.\n" "\t-d\tForking into background after initialization.\n" "\t-p\tWrite the daemon PID to the given file path.\n" "\t-s\tDestination where nDPIsrvd is listening on.\n" @@ -1112,10 +1123,13 @@ static int parse_options(int argc, char ** argv) { int opt; - while ((opt = getopt(argc, argv, "hdp:s:r:u:g:lLD:GUR:ME")) != -1) + while ((opt = getopt(argc, argv, "hcdp:s:r:u:g:lLD:GUR:ME")) != -1) { switch (opt) { + case 'c': + enable_console_logger(); + break; case 'd': daemonize_enable(); break; @@ -1272,21 +1286,21 @@ static int mainloop(void) } if (read_ret == READ_TIMEOUT) { - syslog(LOG_DAEMON, + logger(0, "No data received during the last %llu second(s).\n", (long long unsigned int)sock->read_timeout.tv_sec); continue; } if (read_ret != READ_OK) { - syslog(LOG_DAEMON | LOG_ERR, "Could not read from socket: %s", nDPIsrvd_enum_to_string(read_ret)); + logger(1, "Could not read from socket: %s", nDPIsrvd_enum_to_string(read_ret)); break; } enum nDPIsrvd_parse_return parse_ret = nDPIsrvd_parse_all(sock); if (parse_ret != PARSE_NEED_MORE_DATA) { - syslog(LOG_DAEMON | LOG_ERR, "Could not parse json string: %s", nDPIsrvd_enum_to_string(parse_ret)); + logger(1, "Could not parse json string: %s", nDPIsrvd_enum_to_string(parse_ret)); break; } } @@ -1321,8 +1335,8 @@ int main(int argc, char ** argv) return 1; } - printf("Recv buffer size: %u\n", NETWORK_BUFFER_MAX_SIZE); - printf("Connecting to `%s'..\n", serv_optarg); + logger(0, "Recv buffer size: %u\n", NETWORK_BUFFER_MAX_SIZE); + logger(0, "Connecting to `%s'..\n", serv_optarg); if (nDPIsrvd_connect(sock) != CONNECT_OK) { @@ -1340,18 +1354,17 @@ int main(int argc, char ** argv) { return 1; } - openlog("nDPIsrvd-captured", LOG_CONS, LOG_DAEMON); errno = 0; if (user != NULL && change_user_group(user, group, pidfile, datadir /* :D */, NULL) != 0) { if (errno != 0) { - syslog(LOG_DAEMON | LOG_ERR, "Change user/group failed: %s", strerror(errno)); + logger(1, "Change user/group failed: %s", strerror(errno)); } else { - syslog(LOG_DAEMON | LOG_ERR, "Change user/group failed."); + logger(1, "Change user/group failed."); } return 1; } @@ -1370,7 +1383,7 @@ int main(int argc, char ** argv) utarray_packets_free((struct global_user_data *)sock->global_user_data); nDPIsrvd_socket_free(&sock); daemonize_shutdown(pidfile); - closelog(); + shutdown_logging(); return retval; } diff --git a/test/results/flow-captured/caches_cfg/ookla.pcap.out b/test/results/flow-captured/caches_cfg/ookla.pcap.out new file mode 100644 index 000000000..76a45ed58 --- /dev/null +++ b/test/results/flow-captured/caches_cfg/ookla.pcap.out @@ -0,0 +1,2 @@ +Flow 3 risky: tcp 192.168.1.7:51207 -> 46.44.253.187:80 +Flow 6 risky: tcp 192.168.1.128:35830 -> 89.96.108.170:8080 diff --git a/test/results/flow-captured/caches_cfg/teams.pcap.out b/test/results/flow-captured/caches_cfg/teams.pcap.out new file mode 100644 index 000000000..7cab07517 --- /dev/null +++ b/test/results/flow-captured/caches_cfg/teams.pcap.out @@ -0,0 +1,19 @@ +Flow 7 risky: tcp 192.168.1.6:60535 -> 52.114.77.33:443 +Flow 48 risky: tcp 192.168.1.6:60559 -> 52.114.77.33:443 +Flow 64 risky: tcp 192.168.1.6:50018 -> 52.114.250.123:443 +Flow 78 risky: udp 93.71.110.205:16332 -> 192.168.1.6:50016 +Flow 67 risky: tcp 192.168.1.6:50021 -> 52.114.250.123:443 +Flow 43 risky: tcp 192.168.1.6:60554 -> 52.113.194.132:443 +Flow 76 risky: udp 192.168.1.6:50016 -> 192.168.0.4:50005 +Flow 77 risky: udp 192.168.1.6:50036 -> 192.168.0.4:50020 +Flow 36 risky: udp 192.168.1.6:61245 -> 192.168.1.1:53 +Flow 4 risky: tcp 192.168.1.6:60532 -> 52.114.77.33:443 +Flow 25 risky: tcp 192.168.1.6:60543 -> 52.114.77.33:443 +Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443 +Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443 +Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434 +Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434 +Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036 +Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53 +Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016 +Flow 80 risky: udp 52.114.252.21:3480 -> 192.168.1.6:50036 diff --git a/test/results/flow-captured/default/1kxun.pcap.out b/test/results/flow-captured/default/1kxun.pcap.out new file mode 100644 index 000000000..e951b4706 --- /dev/null +++ b/test/results/flow-captured/default/1kxun.pcap.out @@ -0,0 +1,98 @@ +Flow 37 risky: tcp 192.168.115.8:49606 -> 106.185.35.110:80 +Flow 41 risky: tcp 192.168.115.8:49609 -> 42.120.51.152:8080 +Flow 14 risky: udp 192.168.115.8:51024 -> 8.8.8.8:53 +Flow 20 risky: udp 192.168.3.95:58779 -> 224.0.0.252:5355 +Flow 19 risky: udp fe80::e98f:bae2:19f7:6b0f:58779 -> ff02::1:3:5355 +Flow 24 risky: udp 192.168.115.8:52723 -> 168.95.1.1:53 +Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53 +Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138 +Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355 +Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53 +Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53 +Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355 +Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355 +Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138 +Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099 +Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80 +Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80 +Flow 45 risky: tcp 192.168.5.16:53623 -> 192.168.115.75:443 +Flow 87 risky: tcp 192.168.5.16:53625 -> 192.168.115.75:443 +Flow 107 risky: tcp 192.168.5.16:53626 -> 192.168.115.75:443 +Flow 117 risky: tcp 192.168.5.16:53629 -> 192.168.115.75:443 +Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80 +Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80 +Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355 +Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80 +Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80 +Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80 +Flow 158 midstream: tcp 192.168.2.126:49372 -> 14.136.136.108:80 +Flow 150 midstream: tcp 192.168.2.126:45416 -> 161.117.13.29:80 +Flow 147 midstream: tcp 192.168.2.126:45388 -> 161.117.13.29:80 +Flow 148 midstream: tcp 192.168.2.126:45398 -> 161.117.13.29:80 +Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80 +Flow 178 risky: tcp 192.168.2.126:56826 -> 8.209.97.107:80 +Flow 178 midstream: tcp 192.168.2.126:56826 -> 8.209.97.107:80 +Flow 149 midstream: tcp 192.168.2.126:45414 -> 161.117.13.29:80 +Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80 +Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80 +Flow 192 midstream: tcp 192.168.2.126:54810 -> 18.233.123.55:80 +Flow 184 midstream: tcp 192.168.2.126:36636 -> 18.64.103.30:80 +Flow 185 midstream: tcp 192.168.2.126:36640 -> 18.64.103.30:80 +Flow 186 midstream: tcp 192.168.2.126:36654 -> 18.64.103.30:80 +Flow 180 midstream: tcp 192.168.2.126:58758 -> 202.153.196.53:80 +Flow 181 midstream: tcp 192.168.2.126:58760 -> 202.153.196.53:80 +Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80 +Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80 +Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80 +Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80 +Flow 155 midstream: tcp 192.168.2.126:38354 -> 142.250.186.34:80 +Flow 157 midstream: tcp 192.168.2.126:49354 -> 14.136.136.108:80 +Flow 159 midstream: tcp 192.168.2.126:49370 -> 14.136.136.108:80 +Flow 162 midstream: tcp 192.168.2.126:49396 -> 14.136.136.108:80 +Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80 +Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80 +Flow 161 midstream: tcp 192.168.2.126:49412 -> 14.136.136.108:80 +Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80 +Flow 164 midstream: tcp 192.168.2.126:50140 -> 161.117.13.29:80 +Flow 165 midstream: tcp 192.168.2.126:50148 -> 161.117.13.29:80 +Flow 166 midstream: tcp 192.168.2.126:50164 -> 161.117.13.29:80 +Flow 167 midstream: tcp 192.168.2.126:50166 -> 161.117.13.29:80 +Flow 168 midstream: tcp 192.168.2.126:50176 -> 161.117.13.29:80 +Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80 +Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80 +Flow 156 midstream: tcp 192.168.2.126:36732 -> 142.250.186.174:80 +Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80 +Flow 189 midstream: tcp 192.168.2.126:42554 -> 35.156.44.13:80 +Flow 190 risky: tcp 192.168.2.126:42566 -> 35.156.44.13:80 +Flow 190 midstream: tcp 192.168.2.126:42566 -> 35.156.44.13:80 +Flow 195 midstream: tcp 192.168.2.126:33042 -> 3.122.190.70:80 +Flow 173 midstream: tcp 192.168.2.126:56094 -> 3.72.69.158:80 +Flow 175 midstream: tcp 192.168.2.126:56096 -> 3.72.69.158:80 +Flow 174 midstream: tcp 192.168.2.126:56098 -> 3.72.69.158:80 +Flow 176 midstream: tcp 192.168.2.126:56104 -> 3.72.69.158:80 +Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80 +Flow 130 risky: tcp 192.168.2.126:60962 -> 172.104.93.92:1234 +Flow 130 midstream: tcp 192.168.2.126:60962 -> 172.104.93.92:1234 +Flow 131 risky: tcp 192.168.2.126:60972 -> 172.104.93.92:1234 +Flow 131 midstream: tcp 192.168.2.126:60972 -> 172.104.93.92:1234 +Flow 132 risky: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 +Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 +Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80 +Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80 +Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80 +Flow 139 midstream: tcp 192.168.2.126:60148 -> 172.105.121.82:80 +Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80 +Flow 138 risky: tcp 192.168.2.126:38834 -> 119.45.78.184:80 +Flow 138 midstream: tcp 192.168.2.126:38834 -> 119.45.78.184:80 +Flow 182 midstream: tcp 192.168.2.126:35664 -> 18.66.2.90:80 +Flow 141 midstream: tcp 192.168.2.126:46184 -> 172.105.121.82:80 +Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80 +Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80 +Flow 188 risky: tcp 192.168.2.126:37100 -> 52.29.177.177:80 +Flow 188 midstream: tcp 192.168.2.126:37100 -> 52.29.177.177:80 +Flow 143 midstream: tcp 192.168.2.126:46200 -> 172.105.121.82:80 +Flow 135 midstream: tcp 192.168.2.126:47246 -> 161.117.13.29:80 +Flow 144 midstream: tcp 192.168.2.126:46212 -> 172.105.121.82:80 +Flow 136 midstream: tcp 192.168.2.126:47262 -> 161.117.13.29:80 +Flow 137 midstream: tcp 192.168.2.126:47272 -> 161.117.13.29:80 +Flow 145 midstream: tcp 192.168.2.126:35200 -> 103.29.71.30:80 diff --git a/test/results/flow-captured/default/443-chrome.pcap.out b/test/results/flow-captured/default/443-chrome.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-chrome.pcap.out diff --git a/test/results/flow-captured/default/443-curl.pcap.out b/test/results/flow-captured/default/443-curl.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-curl.pcap.out diff --git a/test/results/flow-captured/default/443-firefox.pcap.out b/test/results/flow-captured/default/443-firefox.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-firefox.pcap.out diff --git a/test/results/flow-captured/default/443-git.pcap.out b/test/results/flow-captured/default/443-git.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-git.pcap.out diff --git a/test/results/flow-captured/default/443-opvn.pcap.out b/test/results/flow-captured/default/443-opvn.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-opvn.pcap.out diff --git a/test/results/flow-captured/default/443-safari.pcap.out b/test/results/flow-captured/default/443-safari.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-safari.pcap.out diff --git a/test/results/flow-captured/default/4in4tunnel.pcap.out b/test/results/flow-captured/default/4in4tunnel.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/4in4tunnel.pcap.out diff --git a/test/results/flow-captured/default/4in6tunnel.pcap.out b/test/results/flow-captured/default/4in6tunnel.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/4in6tunnel.pcap.out diff --git a/test/results/flow-captured/default/6in4tunnel.pcap.out b/test/results/flow-captured/default/6in4tunnel.pcap.out new file mode 100644 index 000000000..57993fe03 --- /dev/null +++ b/test/results/flow-captured/default/6in4tunnel.pcap.out @@ -0,0 +1 @@ +Flow 1 not-detected: 41 174.3.73.24 -> 184.105.255.26 diff --git a/test/results/flow-captured/default/6in6tunnel.pcap.out b/test/results/flow-captured/default/6in6tunnel.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/6in6tunnel.pcap.out diff --git a/test/results/flow-captured/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/flow-captured/default/BGP_Cisco_hdlc_slarp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/BGP_Cisco_hdlc_slarp.pcap.out diff --git a/test/results/flow-captured/default/BGP_redist.pcap.out b/test/results/flow-captured/default/BGP_redist.pcap.out new file mode 100644 index 000000000..d8ff02094 --- /dev/null +++ b/test/results/flow-captured/default/BGP_redist.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 2.2.2.2:179 -> 5.5.5.5:49433 diff --git a/test/results/flow-captured/default/EAQ.pcap.out b/test/results/flow-captured/default/EAQ.pcap.out new file mode 100644 index 000000000..14208209c --- /dev/null +++ b/test/results/flow-captured/default/EAQ.pcap.out @@ -0,0 +1,23 @@ +Flow 17 risky: udp 10.8.0.1:48563 -> 200.194.141.67:6000 +Flow 14 risky: udp 10.8.0.1:48666 -> 200.194.129.66:6000 +Flow 21 risky: udp 10.8.0.1:57004 -> 200.194.133.67:6000 +Flow 23 risky: udp 10.8.0.1:36552 -> 200.194.136.66:6000 +Flow 2 risky: tcp 10.8.0.1:40467 -> 173.194.119.24:80 +Flow 26 risky: udp 10.8.0.1:59098 -> 200.194.134.68:6000 +Flow 28 risky: udp 10.8.0.1:36577 -> 200.194.149.68:6000 +Flow 22 risky: udp 10.8.0.1:53059 -> 200.194.133.68:6000 +Flow 9 risky: udp 10.8.0.1:34687 -> 200.194.141.68:6000 +Flow 11 risky: udp 10.8.0.1:53354 -> 200.194.137.66:6000 +Flow 25 risky: udp 10.8.0.1:47346 -> 200.194.134.66:6000 +Flow 10 risky: udp 10.8.0.1:39221 -> 200.194.137.67:6000 +Flow 1 risky: tcp 10.8.0.1:53497 -> 173.194.119.48:80 +Flow 6 risky: udp 10.8.0.1:41438 -> 200.194.141.66:6000 +Flow 12 risky: udp 10.8.0.1:59959 -> 200.194.137.68:6000 +Flow 30 risky: udp 10.8.0.1:33356 -> 200.194.149.66:6000 +Flow 15 risky: udp 10.8.0.1:47714 -> 200.194.129.68:6000 +Flow 29 risky: udp 10.8.0.1:60013 -> 200.194.136.67:6000 +Flow 20 risky: udp 10.8.0.1:56128 -> 200.194.133.66:6000 +Flow 24 risky: udp 10.8.0.1:43934 -> 200.194.136.68:6000 +Flow 27 risky: udp 10.8.0.1:50175 -> 200.194.149.67:6000 +Flow 13 risky: udp 10.8.0.1:37985 -> 200.194.129.67:6000 +Flow 31 risky: udp 10.8.0.1:40058 -> 200.194.134.67:6000 diff --git a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out diff --git a/test/results/flow-captured/default/IEC104.pcap.out b/test/results/flow-captured/default/IEC104.pcap.out new file mode 100644 index 000000000..7437a9743 --- /dev/null +++ b/test/results/flow-captured/default/IEC104.pcap.out @@ -0,0 +1,4 @@ +Flow 1 risky: tcp 10.175.211.1:2404 -> 10.119.105.26:54768 +Flow 1 midstream: tcp 10.175.211.1:2404 -> 10.119.105.26:54768 +Flow 2 risky: tcp 10.175.211.3:2404 -> 10.119.105.26:54769 +Flow 2 midstream: tcp 10.175.211.3:2404 -> 10.119.105.26:54769 diff --git a/test/results/flow-captured/default/KakaoTalk_chat.pcap.out b/test/results/flow-captured/default/KakaoTalk_chat.pcap.out new file mode 100644 index 000000000..fe86462c2 --- /dev/null +++ b/test/results/flow-captured/default/KakaoTalk_chat.pcap.out @@ -0,0 +1,5 @@ +Flow 26 risky: tcp 10.24.82.188:43581 -> 31.13.68.70:443 +Flow 34 risky: tcp 10.24.82.188:35511 -> 173.252.97.2:443 +Flow 15 risky: tcp 10.24.82.188:35503 -> 173.252.97.2:443 +Flow 37 midstream: tcp 10.24.82.188:49217 -> 216.58.220.174:443 +Flow 22 midstream: tcp 31.13.68.73:443 -> 10.24.82.188:47007 diff --git a/test/results/flow-captured/default/KakaoTalk_talk.pcap.out b/test/results/flow-captured/default/KakaoTalk_talk.pcap.out new file mode 100644 index 000000000..68d1bf6a1 --- /dev/null +++ b/test/results/flow-captured/default/KakaoTalk_talk.pcap.out @@ -0,0 +1,4 @@ +Flow 6 risky: tcp 10.24.82.188:32968 -> 110.76.143.50:8080 +Flow 8 risky: tcp 10.24.82.188:58857 -> 110.76.143.50:9001 +Flow 19 risky: tcp 10.24.82.188:59954 -> 173.252.88.128:443 +Flow 14 midstream: tcp 10.24.82.188:49217 -> 216.58.220.174:443 diff --git a/test/results/flow-captured/default/NTPv2.pcap.out b/test/results/flow-captured/default/NTPv2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/NTPv2.pcap.out diff --git a/test/results/flow-captured/default/NTPv3.pcap.out b/test/results/flow-captured/default/NTPv3.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/NTPv3.pcap.out diff --git a/test/results/flow-captured/default/NTPv4.pcap.out b/test/results/flow-captured/default/NTPv4.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/NTPv4.pcap.out diff --git a/test/results/flow-captured/default/Oscar.pcap.out b/test/results/flow-captured/default/Oscar.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/Oscar.pcap.out diff --git a/test/results/flow-captured/default/TivoDVR.pcap.out b/test/results/flow-captured/default/TivoDVR.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/TivoDVR.pcap.out diff --git a/test/results/flow-captured/default/WebattackRCE.pcap.out b/test/results/flow-captured/default/WebattackRCE.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/WebattackRCE.pcap.out diff --git a/test/results/flow-captured/default/WebattackSQLinj.pcap.out b/test/results/flow-captured/default/WebattackSQLinj.pcap.out new file mode 100644 index 000000000..7a43f2378 --- /dev/null +++ b/test/results/flow-captured/default/WebattackSQLinj.pcap.out @@ -0,0 +1,9 @@ +Flow 1 risky: tcp 172.16.0.1:36196 -> 192.168.10.50:80 +Flow 2 risky: tcp 172.16.0.1:36198 -> 192.168.10.50:80 +Flow 3 risky: tcp 172.16.0.1:36200 -> 192.168.10.50:80 +Flow 4 risky: tcp 172.16.0.1:36202 -> 192.168.10.50:80 +Flow 5 risky: tcp 172.16.0.1:36204 -> 192.168.10.50:80 +Flow 6 risky: tcp 172.16.0.1:36206 -> 192.168.10.50:80 +Flow 7 risky: tcp 172.16.0.1:36208 -> 192.168.10.50:80 +Flow 8 risky: tcp 172.16.0.1:36210 -> 192.168.10.50:80 +Flow 9 risky: tcp 172.16.0.1:36212 -> 192.168.10.50:80 diff --git a/test/results/flow-captured/default/WebattackXSS.pcap.out b/test/results/flow-captured/default/WebattackXSS.pcap.out new file mode 100644 index 000000000..4793dfb6e --- /dev/null +++ b/test/results/flow-captured/default/WebattackXSS.pcap.out @@ -0,0 +1,22 @@ +Flow 5 risky: tcp 172.16.0.1:52200 -> 192.168.10.50:80 +Flow 9 risky: tcp 172.16.0.1:52298 -> 192.168.10.50:80 +Flow 41 risky: tcp 172.16.0.1:52910 -> 192.168.10.50:80 +Flow 1 risky: tcp 172.16.0.1:52098 -> 192.168.10.50:80 +Flow 78 risky: tcp 172.16.0.1:53584 -> 192.168.10.50:80 +Flow 10 risky: tcp 172.16.0.1:52300 -> 192.168.10.50:80 +Flow 11 risky: tcp 172.16.0.1:52318 -> 192.168.10.50:80 +Flow 114 risky: tcp 172.16.0.1:54268 -> 192.168.10.50:80 +Flow 152 risky: tcp 172.16.0.1:54956 -> 192.168.10.50:80 +Flow 190 risky: tcp 172.16.0.1:55632 -> 192.168.10.50:80 +Flow 227 risky: tcp 172.16.0.1:56306 -> 192.168.10.50:80 +Flow 265 risky: tcp 172.16.0.1:56994 -> 192.168.10.50:80 +Flow 304 risky: tcp 172.16.0.1:57684 -> 192.168.10.50:80 +Flow 342 risky: tcp 172.16.0.1:58360 -> 192.168.10.50:80 +Flow 380 risky: tcp 172.16.0.1:59042 -> 192.168.10.50:80 +Flow 419 risky: tcp 172.16.0.1:59732 -> 192.168.10.50:80 +Flow 458 risky: tcp 172.16.0.1:60464 -> 192.168.10.50:80 +Flow 495 risky: tcp 172.16.0.1:32906 -> 192.168.10.50:80 +Flow 532 risky: tcp 172.16.0.1:33580 -> 192.168.10.50:80 +Flow 569 risky: tcp 172.16.0.1:34278 -> 192.168.10.50:80 +Flow 606 risky: tcp 172.16.0.1:34940 -> 192.168.10.50:80 +Flow 643 risky: tcp 172.16.0.1:35626 -> 192.168.10.50:80 diff --git a/test/results/flow-captured/default/activision.pcap.out b/test/results/flow-captured/default/activision.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/activision.pcap.out diff --git a/test/results/flow-captured/default/adult_content.pcap.out b/test/results/flow-captured/default/adult_content.pcap.out new file mode 100644 index 000000000..76c4502d8 --- /dev/null +++ b/test/results/flow-captured/default/adult_content.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.199:42759 -> 31.220.27.69:80 diff --git a/test/results/flow-captured/default/afp.pcap.out b/test/results/flow-captured/default/afp.pcap.out new file mode 100644 index 000000000..894c05a8a --- /dev/null +++ b/test/results/flow-captured/default/afp.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.27.57:64987 -> 192.168.27.139:548 diff --git a/test/results/flow-captured/default/agora-sd-rtn.pcap.out b/test/results/flow-captured/default/agora-sd-rtn.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/agora-sd-rtn.pcap.out diff --git a/test/results/flow-captured/default/ah.pcapng.out b/test/results/flow-captured/default/ah.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ah.pcapng.out diff --git a/test/results/flow-captured/default/ajp.pcap.out b/test/results/flow-captured/default/ajp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ajp.pcap.out diff --git a/test/results/flow-captured/default/alexa-app.pcapng.out b/test/results/flow-captured/default/alexa-app.pcapng.out new file mode 100644 index 000000000..e0548740c --- /dev/null +++ b/test/results/flow-captured/default/alexa-app.pcapng.out @@ -0,0 +1,51 @@ +Flow 28 risky: tcp 172.16.42.216:45661 -> 52.94.232.134:443 +Flow 80 risky: tcp 172.16.42.216:45703 -> 52.94.232.134:443 +Flow 87 risky: tcp 172.16.42.216:45710 -> 52.94.232.134:443 +Flow 89 risky: tcp 172.16.42.216:45712 -> 52.94.232.134:443 +Flow 107 risky: tcp 172.16.42.216:40856 -> 54.239.29.253:443 +Flow 105 risky: tcp 172.16.42.216:40854 -> 54.239.29.253:443 +Flow 88 risky: tcp 172.16.42.216:45711 -> 52.94.232.134:443 +Flow 125 risky: tcp 172.16.42.216:40871 -> 54.239.29.253:443 +Flow 45 risky: tcp 172.16.42.216:49589 -> 52.94.232.134:80 +Flow 29 risky: tcp 172.16.42.216:45662 -> 52.94.232.134:443 +Flow 30 risky: tcp 172.16.42.216:45663 -> 52.94.232.134:443 +Flow 43 risky: tcp 172.16.42.216:45673 -> 52.94.232.134:443 +Flow 44 risky: tcp 172.16.42.216:45674 -> 52.94.232.134:443 +Flow 46 risky: tcp 172.16.42.216:45676 -> 52.94.232.134:443 +Flow 47 risky: tcp 172.16.42.216:45677 -> 52.94.232.134:443 +Flow 48 risky: tcp 172.16.42.216:45678 -> 52.94.232.134:443 +Flow 49 risky: tcp 172.16.42.216:45679 -> 52.94.232.134:443 +Flow 50 risky: tcp 172.16.42.216:45680 -> 52.94.232.134:443 +Flow 53 risky: tcp 172.16.42.216:45683 -> 52.94.232.134:443 +Flow 57 risky: tcp 172.16.42.216:45687 -> 52.94.232.134:443 +Flow 59 risky: tcp 172.16.42.216:45688 -> 52.94.232.134:443 +Flow 67 risky: tcp 172.16.42.216:45693 -> 52.94.232.134:443 +Flow 70 risky: tcp 172.16.42.216:45695 -> 52.94.232.134:443 +Flow 71 risky: tcp 172.16.42.216:45696 -> 52.94.232.134:443 +Flow 72 risky: tcp 172.16.42.216:45697 -> 52.94.232.134:443 +Flow 74 risky: tcp 172.16.42.216:45698 -> 52.94.232.134:443 +Flow 157 risky: tcp 172.16.42.216:38483 -> 52.85.209.143:443 +Flow 142 risky: tcp 172.16.42.216:50799 -> 54.239.28.178:443 +Flow 93 risky: tcp 172.16.42.216:49630 -> 52.94.232.134:80 +Flow 117 risky: tcp 172.16.42.216:40864 -> 54.239.29.253:443 +Flow 132 risky: tcp 172.16.42.216:40878 -> 54.239.29.253:443 +Flow 75 risky: tcp 172.16.42.216:37113 -> 52.94.232.134:443 +Flow 81 risky: tcp 172.16.42.216:45704 -> 52.94.232.134:443 +Flow 82 risky: tcp 172.16.42.216:45705 -> 52.94.232.134:443 +Flow 86 risky: tcp 172.16.42.216:45709 -> 52.94.232.134:443 +Flow 91 risky: tcp 172.16.42.216:45714 -> 52.94.232.134:443 +Flow 92 risky: tcp 172.16.42.216:45715 -> 52.94.232.134:443 +Flow 109 risky: tcp 172.16.42.216:45728 -> 52.94.232.134:443 +Flow 110 risky: tcp 172.16.42.216:45729 -> 52.94.232.134:443 +Flow 111 risky: tcp 172.16.42.216:45730 -> 52.94.232.134:443 +Flow 112 risky: tcp 172.16.42.216:45731 -> 52.94.232.134:443 +Flow 113 risky: tcp 172.16.42.216:45732 -> 52.94.232.134:443 +Flow 133 risky: tcp 172.16.42.216:45750 -> 52.94.232.134:443 +Flow 134 risky: tcp 172.16.42.216:45751 -> 52.94.232.134:443 +Flow 137 risky: tcp 172.16.42.216:45752 -> 52.94.232.134:443 +Flow 136 risky: tcp 172.16.42.216:39750 -> 52.94.232.134:443 +Flow 156 risky: tcp 172.16.42.216:58048 -> 54.239.28.178:443 +Flow 65 risky: tcp 172.16.42.216:41691 -> 54.239.29.146:443 +Flow 99 risky: tcp 172.16.42.216:44001 -> 176.32.101.52:443 +Flow 11 risky: tcp 172.16.42.216:42878 -> 173.194.223.188:5228 +Flow 16 risky: tcp 172.16.42.216:55242 -> 52.85.209.197:443 diff --git a/test/results/flow-captured/default/alicloud.pcap.out b/test/results/flow-captured/default/alicloud.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/alicloud.pcap.out diff --git a/test/results/flow-captured/default/among_us.pcap.out b/test/results/flow-captured/default/among_us.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/among_us.pcap.out diff --git a/test/results/flow-captured/default/amqp.pcap.out b/test/results/flow-captured/default/amqp.pcap.out new file mode 100644 index 000000000..525dbc442 --- /dev/null +++ b/test/results/flow-captured/default/amqp.pcap.out @@ -0,0 +1,3 @@ +Flow 1 midstream: tcp 127.0.0.1:44205 -> 127.0.1.1:5672 +Flow 2 midstream: tcp 127.0.1.1:5672 -> 127.0.0.1:44204 +Flow 3 midstream: tcp 127.0.0.1:44206 -> 127.0.1.1:5672 diff --git a/test/results/flow-captured/default/android.pcap.out b/test/results/flow-captured/default/android.pcap.out new file mode 100644 index 000000000..c16a35e24 --- /dev/null +++ b/test/results/flow-captured/default/android.pcap.out @@ -0,0 +1,5 @@ +Flow 3 risky: tcp 17.248.176.75:443 -> 192.168.2.17:50580 +Flow 3 midstream: tcp 17.248.176.75:443 -> 192.168.2.17:50580 +Flow 2 risky: tcp 17.248.176.75:443 -> 192.168.2.17:50584 +Flow 2 midstream: tcp 17.248.176.75:443 -> 192.168.2.17:50584 +Flow 5 midstream: tcp 17.248.185.10:443 -> 192.168.2.17:50702 diff --git a/test/results/flow-captured/default/anyconnect-vpn.pcap.out b/test/results/flow-captured/default/anyconnect-vpn.pcap.out new file mode 100644 index 000000000..50dc6f6e7 --- /dev/null +++ b/test/results/flow-captured/default/anyconnect-vpn.pcap.out @@ -0,0 +1,19 @@ +Flow 30 risky: tcp 10.0.0.227:56921 -> 8.37.96.194:4287 +Flow 25 midstream: tcp 10.0.0.227:56884 -> 184.25.56.77:80 +Flow 24 midstream: tcp 10.0.0.227:56917 -> 184.25.56.77:80 +Flow 26 risky: udp 10.0.0.227:54851 -> 75.75.76.76:53 +Flow 16 risky: udp 10.0.0.227:63107 -> 75.75.76.76:53 +Flow 34 risky: udp 10.0.0.227:52879 -> 75.75.75.75:53 +Flow 58 risky: udp 10.0.0.227:54107 -> 8.37.102.91:443 +Flow 36 risky: udp 10.0.0.227:57017 -> 75.75.75.75:53 +Flow 68 risky: udp 10.0.0.149:5353 -> 224.0.0.251:5353 +Flow 35 risky: udp 10.0.0.227:59222 -> 75.75.75.75:53 +Flow 33 risky: udp 10.0.0.227:57261 -> 75.75.75.75:53 +Flow 3 risky: tcp 10.0.0.227:56320 -> 10.0.0.149:8009 +Flow 3 midstream: tcp 10.0.0.227:56320 -> 10.0.0.149:8009 +Flow 44 risky: tcp 10.0.0.227:56886 -> 17.57.144.116:5223 +Flow 44 midstream: tcp 10.0.0.227:56886 -> 17.57.144.116:5223 +Flow 15 risky: tcp 10.0.0.227:56919 -> 8.37.102.91:443 +Flow 38 risky: tcp 10.0.0.227:56929 -> 8.37.102.91:443 +Flow 62 risky: tcp 10.0.0.227:56954 -> 10.0.0.149:8008 +Flow 63 risky: tcp 10.0.0.227:56955 -> 10.0.0.151:8060 diff --git a/test/results/flow-captured/default/anydesk.pcapng.out b/test/results/flow-captured/default/anydesk.pcapng.out new file mode 100644 index 000000000..9f090eeb4 --- /dev/null +++ b/test/results/flow-captured/default/anydesk.pcapng.out @@ -0,0 +1,5 @@ +Flow 1 risky: tcp 192.168.149.129:36351 -> 51.83.239.144:80 +Flow 1 midstream: tcp 192.168.149.129:36351 -> 51.83.239.144:80 +Flow 2 risky: tcp 192.168.149.129:43535 -> 51.83.238.219:80 +Flow 5 risky: tcp 192.168.1.187:54164 -> 192.168.1.178:7070 +Flow 7 risky: tcp 192.168.1.128:48260 -> 195.181.174.176:443 diff --git a/test/results/flow-captured/default/avast.pcap.out b/test/results/flow-captured/default/avast.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/avast.pcap.out diff --git a/test/results/flow-captured/default/avast_securedns.pcapng.out b/test/results/flow-captured/default/avast_securedns.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/avast_securedns.pcapng.out diff --git a/test/results/flow-captured/default/bacnet.pcap.out b/test/results/flow-captured/default/bacnet.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bacnet.pcap.out diff --git a/test/results/flow-captured/default/bad-dns-traffic.pcap.out b/test/results/flow-captured/default/bad-dns-traffic.pcap.out new file mode 100644 index 000000000..7969bda5b --- /dev/null +++ b/test/results/flow-captured/default/bad-dns-traffic.pcap.out @@ -0,0 +1,3 @@ +Flow 2 risky: udp 192.168.43.91:56354 -> 4.2.2.4:53 +Flow 1 risky: udp 192.168.43.91:35966 -> 4.2.2.4:53 +Flow 3 risky: udp 192.168.43.91:46961 -> 4.2.2.4:53 diff --git a/test/results/flow-captured/default/badpackets.pcap.out b/test/results/flow-captured/default/badpackets.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/badpackets.pcap.out diff --git a/test/results/flow-captured/default/bets.pcapng.out b/test/results/flow-captured/default/bets.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bets.pcapng.out diff --git a/test/results/flow-captured/default/bitcoin.pcap.out b/test/results/flow-captured/default/bitcoin.pcap.out new file mode 100644 index 000000000..174314cbc --- /dev/null +++ b/test/results/flow-captured/default/bitcoin.pcap.out @@ -0,0 +1,6 @@ +Flow 2 midstream: tcp 192.168.1.142:55328 -> 69.118.54.122:8333 +Flow 3 midstream: tcp 192.168.1.142:55348 -> 74.89.181.229:8333 +Flow 4 midstream: tcp 192.168.1.142:55383 -> 66.68.83.22:8333 +Flow 5 midstream: tcp 192.168.1.142:55400 -> 195.218.16.178:8333 +Flow 6 midstream: tcp 192.168.1.142:55487 -> 184.58.165.119:8333 +Flow 1 midstream: tcp 192.168.1.142:55317 -> 188.165.213.169:8333 diff --git a/test/results/flow-captured/default/bittorrent.pcap.out b/test/results/flow-captured/default/bittorrent.pcap.out new file mode 100644 index 000000000..05cf521a2 --- /dev/null +++ b/test/results/flow-captured/default/bittorrent.pcap.out @@ -0,0 +1,46 @@ +Flow 17 risky: tcp 192.168.1.3:52915 -> 198.100.146.9:60163 +Flow 17 midstream: tcp 192.168.1.3:52915 -> 198.100.146.9:60163 +Flow 2 risky: tcp 192.168.1.3:52887 -> 82.57.97.83:53137 +Flow 2 midstream: tcp 192.168.1.3:52887 -> 82.57.97.83:53137 +Flow 11 risky: tcp 192.168.1.3:52906 -> 82.57.97.83:53137 +Flow 11 midstream: tcp 192.168.1.3:52906 -> 82.57.97.83:53137 +Flow 3 midstream: tcp 192.168.1.3:52895 -> 83.216.184.241:51413 +Flow 22 midstream: tcp 192.168.1.3:52927 -> 83.216.184.241:51413 +Flow 21 risky: tcp 192.168.1.3:52922 -> 95.237.193.34:11321 +Flow 21 midstream: tcp 192.168.1.3:52922 -> 95.237.193.34:11321 +Flow 13 risky: tcp 192.168.1.3:52912 -> 151.72.255.163:59928 +Flow 13 midstream: tcp 192.168.1.3:52912 -> 151.72.255.163:59928 +Flow 6 risky: tcp 192.168.1.3:52897 -> 151.26.95.30:22673 +Flow 6 midstream: tcp 192.168.1.3:52897 -> 151.26.95.30:22673 +Flow 12 risky: tcp 192.168.1.3:52911 -> 151.26.95.30:22673 +Flow 12 midstream: tcp 192.168.1.3:52911 -> 151.26.95.30:22673 +Flow 20 risky: tcp 192.168.1.3:52921 -> 95.234.159.16:41205 +Flow 20 midstream: tcp 192.168.1.3:52921 -> 95.234.159.16:41205 +Flow 23 risky: tcp 192.168.1.3:52926 -> 93.65.249.100:31336 +Flow 23 midstream: tcp 192.168.1.3:52926 -> 93.65.249.100:31336 +Flow 24 risky: tcp 192.168.1.3:52925 -> 93.65.227.100:19116 +Flow 24 midstream: tcp 192.168.1.3:52925 -> 93.65.227.100:19116 +Flow 9 risky: tcp 192.168.1.3:52902 -> 190.103.195.56:46633 +Flow 9 midstream: tcp 192.168.1.3:52902 -> 190.103.195.56:46633 +Flow 18 risky: tcp 192.168.1.3:52914 -> 190.103.195.56:46633 +Flow 18 midstream: tcp 192.168.1.3:52914 -> 190.103.195.56:46633 +Flow 4 risky: tcp 192.168.1.3:52896 -> 79.53.228.2:14627 +Flow 4 midstream: tcp 192.168.1.3:52896 -> 79.53.228.2:14627 +Flow 14 risky: tcp 192.168.1.3:52909 -> 79.53.228.2:14627 +Flow 14 midstream: tcp 192.168.1.3:52909 -> 79.53.228.2:14627 +Flow 7 risky: tcp 192.168.1.3:52893 -> 79.55.129.22:12097 +Flow 7 midstream: tcp 192.168.1.3:52893 -> 79.55.129.22:12097 +Flow 16 risky: tcp 192.168.1.3:52908 -> 79.55.129.22:12097 +Flow 16 midstream: tcp 192.168.1.3:52908 -> 79.55.129.22:12097 +Flow 19 risky: tcp 192.168.1.3:52917 -> 151.15.48.189:47001 +Flow 19 midstream: tcp 192.168.1.3:52917 -> 151.15.48.189:47001 +Flow 8 risky: tcp 192.168.1.3:52903 -> 198.100.146.9:60163 +Flow 8 midstream: tcp 192.168.1.3:52903 -> 198.100.146.9:60163 +Flow 1 risky: tcp 192.168.1.3:52888 -> 82.58.216.115:38305 +Flow 1 midstream: tcp 192.168.1.3:52888 -> 82.58.216.115:38305 +Flow 10 risky: tcp 192.168.1.3:52907 -> 82.58.216.115:38305 +Flow 10 midstream: tcp 192.168.1.3:52907 -> 82.58.216.115:38305 +Flow 5 risky: tcp 192.168.1.3:52894 -> 120.62.33.241:39332 +Flow 5 midstream: tcp 192.168.1.3:52894 -> 120.62.33.241:39332 +Flow 15 risky: tcp 192.168.1.3:52910 -> 120.62.33.241:39332 +Flow 15 midstream: tcp 192.168.1.3:52910 -> 120.62.33.241:39332 diff --git a/test/results/flow-captured/default/bittorrent_tcp_miss.pcapng.out b/test/results/flow-captured/default/bittorrent_tcp_miss.pcapng.out new file mode 100644 index 000000000..294e2dd8f --- /dev/null +++ b/test/results/flow-captured/default/bittorrent_tcp_miss.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.122.34:48987 -> 178.71.206.1:6881 diff --git a/test/results/flow-captured/default/bittorrent_utp.pcap.out b/test/results/flow-captured/default/bittorrent_utp.pcap.out new file mode 100644 index 000000000..e418a8484 --- /dev/null +++ b/test/results/flow-captured/default/bittorrent_utp.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 82.243.113.43:64969 -> 192.168.1.5:40959 diff --git a/test/results/flow-captured/default/bjnp.pcap.out b/test/results/flow-captured/default/bjnp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bjnp.pcap.out diff --git a/test/results/flow-captured/default/bot.pcap.out b/test/results/flow-captured/default/bot.pcap.out new file mode 100644 index 000000000..ccacd19f0 --- /dev/null +++ b/test/results/flow-captured/default/bot.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 40.77.167.36:64768 -> 89.31.72.220:80 diff --git a/test/results/flow-captured/default/bt-dns.pcap.out b/test/results/flow-captured/default/bt-dns.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bt-dns.pcap.out diff --git a/test/results/flow-captured/default/bt-http.pcapng.out b/test/results/flow-captured/default/bt-http.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bt-http.pcapng.out diff --git a/test/results/flow-captured/default/bt_search.pcap.out b/test/results/flow-captured/default/bt_search.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bt_search.pcap.out diff --git a/test/results/flow-captured/default/cachefly.pcapng.out b/test/results/flow-captured/default/cachefly.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cachefly.pcapng.out diff --git a/test/results/flow-captured/default/can.pcap.out b/test/results/flow-captured/default/can.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/can.pcap.out diff --git a/test/results/flow-captured/default/capwap.pcap.out b/test/results/flow-captured/default/capwap.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/capwap.pcap.out diff --git a/test/results/flow-captured/default/capwap_data.pcapng.out b/test/results/flow-captured/default/capwap_data.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/capwap_data.pcapng.out diff --git a/test/results/flow-captured/default/cassandra.pcap.out b/test/results/flow-captured/default/cassandra.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cassandra.pcap.out diff --git a/test/results/flow-captured/default/check_mk_new.pcap.out b/test/results/flow-captured/default/check_mk_new.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/check_mk_new.pcap.out diff --git a/test/results/flow-captured/default/chrome.pcap.out b/test/results/flow-captured/default/chrome.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/chrome.pcap.out diff --git a/test/results/flow-captured/default/citrix.pcap.out b/test/results/flow-captured/default/citrix.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/citrix.pcap.out diff --git a/test/results/flow-captured/default/cloudflare-warp.pcap.out b/test/results/flow-captured/default/cloudflare-warp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cloudflare-warp.pcap.out diff --git a/test/results/flow-captured/default/coap_mqtt.pcap.out b/test/results/flow-captured/default/coap_mqtt.pcap.out new file mode 100644 index 000000000..613370f6b --- /dev/null +++ b/test/results/flow-captured/default/coap_mqtt.pcap.out @@ -0,0 +1,7 @@ +Flow 11 risky: tcp 192.168.56.1:53528 -> 192.168.56.101:17501 +Flow 9 risky: tcp 192.168.56.1:53522 -> 192.168.56.101:17501 +Flow 9 midstream: tcp 192.168.56.1:53522 -> 192.168.56.101:17501 +Flow 10 risky: tcp 192.168.56.1:53523 -> 192.168.56.101:17501 +Flow 10 midstream: tcp 192.168.56.1:53523 -> 192.168.56.101:17501 +Flow 13 risky: tcp 192.168.56.101:17501 -> 192.168.56.1:53524 +Flow 13 midstream: tcp 192.168.56.101:17501 -> 192.168.56.1:53524 diff --git a/test/results/flow-captured/default/collectd.pcap.out b/test/results/flow-captured/default/collectd.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/collectd.pcap.out diff --git a/test/results/flow-captured/default/corba.pcap.out b/test/results/flow-captured/default/corba.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/corba.pcap.out diff --git a/test/results/flow-captured/default/cpha.pcap.out b/test/results/flow-captured/default/cpha.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cpha.pcap.out diff --git a/test/results/flow-captured/default/crawler_false_positive.pcapng.out b/test/results/flow-captured/default/crawler_false_positive.pcapng.out new file mode 100644 index 000000000..e8c8d73e4 --- /dev/null +++ b/test/results/flow-captured/default/crawler_false_positive.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.12.156:38291 -> 93.184.220.29:80 diff --git a/test/results/flow-captured/default/crynet.pcap.out b/test/results/flow-captured/default/crynet.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/crynet.pcap.out diff --git a/test/results/flow-captured/default/custom_categories.pcapng.out b/test/results/flow-captured/default/custom_categories.pcapng.out new file mode 100644 index 000000000..b5bcb9602 --- /dev/null +++ b/test/results/flow-captured/default/custom_categories.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 2001:db8:1::1:64720 -> 2001:db8:200::1:20868 +Flow 2 risky: tcp 172.26.219.44:58639 -> 172.30.69.103:22 diff --git a/test/results/flow-captured/default/custom_risk_mask.pcapng.out b/test/results/flow-captured/default/custom_risk_mask.pcapng.out new file mode 100644 index 000000000..066b1921b --- /dev/null +++ b/test/results/flow-captured/default/custom_risk_mask.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp fe80::7c0:e74e:87c3:5d93:6741 -> ff02::1:3:5355 +Flow 2 risky: udp fe80::356b:e047:3695:f741:16765 -> ff02::1:3:5355 diff --git a/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out b/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out diff --git a/test/results/flow-captured/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/flow-captured/default/custom_rules_same-ip_multiple_ports.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/custom_rules_same-ip_multiple_ports.pcapng.out diff --git a/test/results/flow-captured/default/dazn.pcapng.out b/test/results/flow-captured/default/dazn.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dazn.pcapng.out diff --git a/test/results/flow-captured/default/dcerpc.pcap.out b/test/results/flow-captured/default/dcerpc.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dcerpc.pcap.out diff --git a/test/results/flow-captured/default/dhcp-fuzz.pcapng.out b/test/results/flow-captured/default/dhcp-fuzz.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dhcp-fuzz.pcapng.out diff --git a/test/results/flow-captured/default/diameter.pcap.out b/test/results/flow-captured/default/diameter.pcap.out new file mode 100644 index 000000000..8000c1491 --- /dev/null +++ b/test/results/flow-captured/default/diameter.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 10.201.9.245:50957 -> 10.201.9.11:3868 diff --git a/test/results/flow-captured/default/discord.pcap.out b/test/results/flow-captured/default/discord.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/discord.pcap.out diff --git a/test/results/flow-captured/default/discord_mid_flow.pcap.out b/test/results/flow-captured/default/discord_mid_flow.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/discord_mid_flow.pcap.out diff --git a/test/results/flow-captured/default/dlt_ppp.pcap.out b/test/results/flow-captured/default/dlt_ppp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dlt_ppp.pcap.out diff --git a/test/results/flow-captured/default/dnp3.pcap.out b/test/results/flow-captured/default/dnp3.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dnp3.pcap.out diff --git a/test/results/flow-captured/default/dns-exf.pcap.out b/test/results/flow-captured/default/dns-exf.pcap.out new file mode 100644 index 000000000..836c2ecdb --- /dev/null +++ b/test/results/flow-captured/default/dns-exf.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.2.225:45290 -> 192.168.2.134:53 diff --git a/test/results/flow-captured/default/dns-google-nsid.pcapng.out b/test/results/flow-captured/default/dns-google-nsid.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns-google-nsid.pcapng.out diff --git a/test/results/flow-captured/default/dns-invalid-chars.pcap.out b/test/results/flow-captured/default/dns-invalid-chars.pcap.out new file mode 100644 index 000000000..fe738fa7f --- /dev/null +++ b/test/results/flow-captured/default/dns-invalid-chars.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 127.0.0.1:35980 -> 127.0.0.1:53 diff --git a/test/results/flow-captured/default/dns-tunnel-iodine.pcap.out b/test/results/flow-captured/default/dns-tunnel-iodine.pcap.out new file mode 100644 index 000000000..b4e116e6d --- /dev/null +++ b/test/results/flow-captured/default/dns-tunnel-iodine.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 10.0.2.30:44639 -> 10.0.2.20:53 diff --git a/test/results/flow-captured/default/dns2tcp_tunnel.pcap.out b/test/results/flow-captured/default/dns2tcp_tunnel.pcap.out new file mode 100644 index 000000000..b80aa936c --- /dev/null +++ b/test/results/flow-captured/default/dns2tcp_tunnel.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.20.211:44404 -> 1.1.1.1:443 diff --git a/test/results/flow-captured/default/dns_ambiguous_names.pcap.out b/test/results/flow-captured/default/dns_ambiguous_names.pcap.out new file mode 100644 index 000000000..512d70709 --- /dev/null +++ b/test/results/flow-captured/default/dns_ambiguous_names.pcap.out @@ -0,0 +1 @@ +Flow 6 risky: udp 10.200.2.11:42790 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/default/dns_doh.pcap.out b/test/results/flow-captured/default/dns_doh.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns_doh.pcap.out diff --git a/test/results/flow-captured/default/dns_dot.pcap.out b/test/results/flow-captured/default/dns_dot.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns_dot.pcap.out diff --git a/test/results/flow-captured/default/dns_exfiltration.pcap.out b/test/results/flow-captured/default/dns_exfiltration.pcap.out new file mode 100644 index 000000000..98f31b78f --- /dev/null +++ b/test/results/flow-captured/default/dns_exfiltration.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.220.56:56373 -> 192.168.203.167:53 diff --git a/test/results/flow-captured/default/dns_fragmented.pcap.out b/test/results/flow-captured/default/dns_fragmented.pcap.out new file mode 100644 index 000000000..31e40f97c --- /dev/null +++ b/test/results/flow-captured/default/dns_fragmented.pcap.out @@ -0,0 +1,9 @@ +Flow 1 risky: udp 172.217.40.76:56680 -> 193.24.227.238:53 +Flow 3 risky: udp 2a00:1450:4013:c06::105:63369 -> 2001:470:765b::a25:53:53 +Flow 7 risky: udp 2a00:1450:4013:c05::10e:34944 -> 2001:470:765b::a25:53:53 +Flow 4 risky: udp 173.194.169.104:59464 -> 193.24.227.238:53 +Flow 6 risky: udp 74.125.47.136:59330 -> 193.24.227.238:53 +Flow 5 risky: udp 2a00:1450:400c:c00::106:54430 -> 2001:470:765b::a25:53:53 +Flow 2 risky: udp 2a00:1450:4013:c03::10a:46433 -> 2001:470:765b::a25:53:53 +Flow 16 risky: udp 2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb:55729 -> 2001:470:765b::a25:53:53 +Flow 17 risky: udp 194.247.5.6:51791 -> 193.24.227.238:53 diff --git a/test/results/flow-captured/default/dns_invert_query.pcapng.out b/test/results/flow-captured/default/dns_invert_query.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns_invert_query.pcapng.out diff --git a/test/results/flow-captured/default/dns_long_domainname.pcap.out b/test/results/flow-captured/default/dns_long_domainname.pcap.out new file mode 100644 index 000000000..310b46b56 --- /dev/null +++ b/test/results/flow-captured/default/dns_long_domainname.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.168:65311 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/flow-captured/default/dnscrypt-v1-and-resolver-pings.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dnscrypt-v1-and-resolver-pings.pcap.out diff --git a/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out b/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out new file mode 100644 index 000000000..402ab903d --- /dev/null +++ b/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out @@ -0,0 +1,38 @@ +Flow 29 risky: tcp 10.0.0.1:35714 -> 209.250.241.25:443 +Flow 29 midstream: tcp 10.0.0.1:35714 -> 209.250.241.25:443 +Flow 12 midstream: tcp 10.0.0.1:41720 -> 116.203.179.248:443 +Flow 34 risky: tcp 10.0.0.1:35742 -> 209.250.241.25:443 +Flow 34 midstream: tcp 10.0.0.1:35742 -> 209.250.241.25:443 +Flow 25 risky: tcp 10.0.0.1:52028 -> 45.76.113.31:8443 +Flow 25 midstream: tcp 10.0.0.1:52028 -> 45.76.113.31:8443 +Flow 26 midstream: tcp 10.0.0.1:34036 -> 217.169.20.23:443 +Flow 10 midstream: tcp 10.0.0.1:55322 -> 185.134.196.55:443 +Flow 14 midstream: tcp 10.0.0.1:46658 -> 185.233.106.232:443 +Flow 20 midstream: tcp 10.0.0.1:33724 -> 104.28.28.34:443 +Flow 6 midstream: tcp 10.0.0.1:40938 -> 172.104.93.80:443 +Flow 4 midstream: tcp 10.0.0.1:55962 -> 51.158.147.50:443 +Flow 8 risky: tcp 10.0.0.1:38186 -> 185.43.135.1:443 +Flow 8 midstream: tcp 10.0.0.1:38186 -> 185.43.135.1:443 +Flow 13 midstream: tcp 10.0.0.1:60026 -> 195.30.94.28:443 +Flow 31 midstream: tcp 10.0.0.1:57058 -> 46.227.200.54:443 +Flow 17 midstream: tcp 10.0.0.1:44640 -> 185.235.81.1:443 +Flow 21 midstream: tcp 10.0.0.1:53802 -> 1.0.0.1:443 +Flow 28 midstream: tcp 10.0.0.1:54164 -> 193.70.85.11:443 +Flow 27 midstream: tcp 10.0.0.1:43718 -> 146.255.56.98:443 +Flow 33 midstream: tcp 10.0.0.1:44704 -> 185.235.81.1:443 +Flow 18 midstream: tcp 10.0.0.1:43106 -> 116.202.176.26:443 +Flow 9 midstream: tcp 10.0.0.1:51770 -> 9.9.9.10:443 +Flow 32 midstream: tcp 10.0.0.1:51846 -> 9.9.9.10:443 +Flow 30 midstream: tcp 10.0.0.1:43888 -> 95.216.229.153:443 +Flow 11 midstream: tcp 10.0.0.1:52386 -> 51.15.124.208:443 +Flow 19 midstream: tcp 10.0.0.1:59026 -> 85.5.93.230:443 +Flow 23 midstream: tcp 10.0.0.1:52176 -> 136.144.215.158:443 +Flow 22 midstream: tcp 10.0.0.1:33338 -> 45.90.28.0:443 +Flow 15 risky: tcp 10.0.0.1:36012 -> 149.56.228.45:453 +Flow 15 midstream: tcp 10.0.0.1:36012 -> 149.56.228.45:453 +Flow 7 risky: tcp 10.0.0.1:37530 -> 167.114.220.125:453 +Flow 7 midstream: tcp 10.0.0.1:37530 -> 167.114.220.125:453 +Flow 3 midstream: tcp 10.0.0.1:50614 -> 185.95.218.42:443 +Flow 24 midstream: tcp 10.0.0.1:39214 -> 104.28.0.106:443 +Flow 16 midstream: tcp 10.0.0.1:38018 -> 45.153.187.96:443 +Flow 5 midstream: tcp 10.0.0.1:59404 -> 185.253.154.66:443 diff --git a/test/results/flow-captured/default/dnscrypt-v2.pcap.out b/test/results/flow-captured/default/dnscrypt-v2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dnscrypt-v2.pcap.out diff --git a/test/results/flow-captured/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/flow-captured/default/dnscrypt_skype_false_positive.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dnscrypt_skype_false_positive.pcapng.out diff --git a/test/results/flow-captured/default/doh.pcapng.out b/test/results/flow-captured/default/doh.pcapng.out new file mode 100644 index 000000000..385d1d5db --- /dev/null +++ b/test/results/flow-captured/default/doh.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.253:35996 -> 1.1.1.1:443 diff --git a/test/results/flow-captured/default/doq.pcapng.out b/test/results/flow-captured/default/doq.pcapng.out new file mode 100644 index 000000000..d3d49007c --- /dev/null +++ b/test/results/flow-captured/default/doq.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp ::1:47826 -> ::1:784 diff --git a/test/results/flow-captured/default/doq_adguard.pcapng.out b/test/results/flow-captured/default/doq_adguard.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/doq_adguard.pcapng.out diff --git a/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out b/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out new file mode 100644 index 000000000..773774dce --- /dev/null +++ b/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out @@ -0,0 +1 @@ +Flow 4 risky: udp 192.168.239.129:138 -> 192.168.239.255:138 diff --git a/test/results/flow-captured/default/drda_db2.pcap.out b/test/results/flow-captured/default/drda_db2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/drda_db2.pcap.out diff --git a/test/results/flow-captured/default/dropbox.pcap.out b/test/results/flow-captured/default/dropbox.pcap.out new file mode 100644 index 000000000..1162dcba4 --- /dev/null +++ b/test/results/flow-captured/default/dropbox.pcap.out @@ -0,0 +1,5 @@ +Flow 7 risky: udp 192.168.1.105:50789 -> 192.168.1.254:53 +Flow 6 risky: udp 192.168.1.105:49112 -> 192.168.1.254:53 +Flow 5 risky: udp 192.168.1.105:55407 -> 192.168.1.254:53 +Flow 11 risky: udp 192.168.1.105:33189 -> 192.168.1.254:53 +Flow 8 risky: udp 192.168.1.105:36173 -> 192.168.1.254:53 diff --git a/test/results/flow-captured/default/dtls.pcap.out b/test/results/flow-captured/default/dtls.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dtls.pcap.out diff --git a/test/results/flow-captured/default/dtls2.pcap.out b/test/results/flow-captured/default/dtls2.pcap.out new file mode 100644 index 000000000..f9eefd58d --- /dev/null +++ b/test/results/flow-captured/default/dtls2.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 61.68.110.153:53045 -> 212.32.214.39:61457 diff --git a/test/results/flow-captured/default/dtls_certificate.pcapng.out b/test/results/flow-captured/default/dtls_certificate.pcapng.out new file mode 100644 index 000000000..61fbba47e --- /dev/null +++ b/test/results/flow-captured/default/dtls_certificate.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 191.62.60.190:443 -> 163.205.15.180:38876 diff --git a/test/results/flow-captured/default/dtls_certificate_fragments.pcap.out b/test/results/flow-captured/default/dtls_certificate_fragments.pcap.out new file mode 100644 index 000000000..3da344ebd --- /dev/null +++ b/test/results/flow-captured/default/dtls_certificate_fragments.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp 10.186.198.149:39347 -> 35.210.59.134:44443 +Flow 2 risky: udp 192.168.1.26:43594 -> 104.153.87.149:50001 diff --git a/test/results/flow-captured/default/dtls_mid_sessions.pcapng.out b/test/results/flow-captured/default/dtls_mid_sessions.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dtls_mid_sessions.pcapng.out diff --git a/test/results/flow-captured/default/dtls_old_version.pcapng.out b/test/results/flow-captured/default/dtls_old_version.pcapng.out new file mode 100644 index 000000000..71505ea8d --- /dev/null +++ b/test/results/flow-captured/default/dtls_old_version.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 37.188.4.115:56453 -> 70.66.6.128:443 diff --git a/test/results/flow-captured/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/flow-captured/default/dtls_session_id_and_coockie_both.pcap.out new file mode 100644 index 000000000..224e21f3a --- /dev/null +++ b/test/results/flow-captured/default/dtls_session_id_and_coockie_both.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 185.196.113.239:50257 -> 223.116.105.247:44443 diff --git a/test/results/flow-captured/default/edonkey.pcap.out b/test/results/flow-captured/default/edonkey.pcap.out new file mode 100644 index 000000000..c07858c23 --- /dev/null +++ b/test/results/flow-captured/default/edonkey.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 201.15.177.227:1754 -> 135.192.214.240:7551 diff --git a/test/results/flow-captured/default/elasticsearch.pcap.out b/test/results/flow-captured/default/elasticsearch.pcap.out new file mode 100644 index 000000000..96a963ce9 --- /dev/null +++ b/test/results/flow-captured/default/elasticsearch.pcap.out @@ -0,0 +1,4 @@ +Flow 7 midstream: tcp 172.16.17.102:47980 -> 172.16.16.106:9300 +Flow 6 midstream: tcp 172.16.17.102:48028 -> 172.16.16.106:9300 +Flow 5 midstream: tcp 172.16.16.107:9300 -> 172.16.17.102:40298 +Flow 4 midstream: tcp 172.16.16.107:9300 -> 172.16.17.102:40342 diff --git a/test/results/flow-captured/default/emotet.pcap.out b/test/results/flow-captured/default/emotet.pcap.out new file mode 100644 index 000000000..d58818b46 --- /dev/null +++ b/test/results/flow-captured/default/emotet.pcap.out @@ -0,0 +1,4 @@ +Flow 3 risky: tcp 10.4.20.102:54319 -> 107.161.178.210:80 +Flow 4 risky: tcp 10.4.25.101:49797 -> 77.105.36.156:80 +Flow 5 risky: tcp 10.4.25.101:49803 -> 138.197.147.101:443 +Flow 6 risky: tcp 10.4.25.101:49804 -> 138.197.147.101:443 diff --git a/test/results/flow-captured/default/encrypted_sni.pcap.out b/test/results/flow-captured/default/encrypted_sni.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/encrypted_sni.pcap.out diff --git a/test/results/flow-captured/default/epicgames.pcapng.out b/test/results/flow-captured/default/epicgames.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/epicgames.pcapng.out diff --git a/test/results/flow-captured/default/esp.pcapng.out b/test/results/flow-captured/default/esp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/esp.pcapng.out diff --git a/test/results/flow-captured/default/ethereum.pcap.out b/test/results/flow-captured/default/ethereum.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ethereum.pcap.out diff --git a/test/results/flow-captured/default/ethernetIP.pcap.out b/test/results/flow-captured/default/ethernetIP.pcap.out new file mode 100644 index 000000000..8ceec982c --- /dev/null +++ b/test/results/flow-captured/default/ethernetIP.pcap.out @@ -0,0 +1,4 @@ +Flow 1 midstream: tcp 141.81.0.10:50275 -> 141.81.0.83:44818 +Flow 4 midstream: tcp 141.81.0.10:62717 -> 141.81.0.23:44818 +Flow 2 midstream: tcp 141.81.0.63:44818 -> 141.81.0.10:52593 +Flow 3 midstream: tcp 141.81.0.10:52594 -> 141.81.0.43:44818 diff --git a/test/results/flow-captured/default/exe_download.pcap.out b/test/results/flow-captured/default/exe_download.pcap.out new file mode 100644 index 000000000..b86743bc7 --- /dev/null +++ b/test/results/flow-captured/default/exe_download.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.9.25.101:49165 -> 144.91.69.195:80 diff --git a/test/results/flow-captured/default/exe_download_as_png.pcap.out b/test/results/flow-captured/default/exe_download_as_png.pcap.out new file mode 100644 index 000000000..6f5ec1233 --- /dev/null +++ b/test/results/flow-captured/default/exe_download_as_png.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.9.25.101:49197 -> 185.98.87.185:80 diff --git a/test/results/flow-captured/default/facebook.pcap.out b/test/results/flow-captured/default/facebook.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/facebook.pcap.out diff --git a/test/results/flow-captured/default/fastcgi.pcap.out b/test/results/flow-captured/default/fastcgi.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fastcgi.pcap.out diff --git a/test/results/flow-captured/default/firefox.pcap.out b/test/results/flow-captured/default/firefox.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/firefox.pcap.out diff --git a/test/results/flow-captured/default/fix.pcap.out b/test/results/flow-captured/default/fix.pcap.out new file mode 100644 index 000000000..f2482baf9 --- /dev/null +++ b/test/results/flow-captured/default/fix.pcap.out @@ -0,0 +1,12 @@ +Flow 3 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:45578 +Flow 2 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:47968 +Flow 1 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:43594 +Flow 5 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:45584 +Flow 8 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:40918 +Flow 12 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:40928 +Flow 11 midstream: tcp 217.192.86.32:4000 -> 192.168.0.20:53330 +Flow 4 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:47952 +Flow 6 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:47962 +Flow 9 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:38646 +Flow 7 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:38652 +Flow 10 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:39094 diff --git a/test/results/flow-captured/default/fix2.pcap.out b/test/results/flow-captured/default/fix2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fix2.pcap.out diff --git a/test/results/flow-captured/default/forticlient.pcap.out b/test/results/flow-captured/default/forticlient.pcap.out new file mode 100644 index 000000000..5754031a2 --- /dev/null +++ b/test/results/flow-captured/default/forticlient.pcap.out @@ -0,0 +1 @@ +Flow 5 risky: tcp 192.168.1.178:61820 -> 82.81.46.13:10443 diff --git a/test/results/flow-captured/default/ftp-start-tls.pcap.out b/test/results/flow-captured/default/ftp-start-tls.pcap.out new file mode 100644 index 000000000..c8e78e3dc --- /dev/null +++ b/test/results/flow-captured/default/ftp-start-tls.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.238.26.36:62092 -> 10.220.50.76:21 diff --git a/test/results/flow-captured/default/ftp.pcap.out b/test/results/flow-captured/default/ftp.pcap.out new file mode 100644 index 000000000..5ad156c68 --- /dev/null +++ b/test/results/flow-captured/default/ftp.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.1.212:50694 -> 90.130.70.73:21 +Flow 2 risky: tcp 192.168.1.212:50695 -> 90.130.70.73:25685 diff --git a/test/results/flow-captured/default/ftp_failed.pcap.out b/test/results/flow-captured/default/ftp_failed.pcap.out new file mode 100644 index 000000000..a016660a3 --- /dev/null +++ b/test/results/flow-captured/default/ftp_failed.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 2a00:d40:1:3:192:12:193:11:44724 -> 2a00:800:1010::1:21 diff --git a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out new file mode 100644 index 000000000..82126799b --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out @@ -0,0 +1,25 @@ +Flow 17 risky: udp 192.168.1.2:138 -> 192.168.1.251:138 +Flow 22 risky: udp 192.168.1.2:2719 -> 192.168.1.1:53 +Flow 91 risky: udp 192.168.1.2:5060 -> 200.68.120.81:5060 +Flow 97 risky: udp 192.168.1.1:53 -> 192.168.1.2:2751 +Flow 100 risky: udp 192.168.1.2:4901 -> 200.68.120.81:29440 +Flow 111 risky: udp 192.168.1.2:2757 -> 192.168.1.1:53 +Flow 122 risky: udp 192.168.1.1:53 -> 192.168.1.2:2763 +Flow 123 risky: udp 192.168.1.2:2764 -> 192.168.1.1:53 +Flow 126 risky: udp 192.168.1.1:53 -> 192.168.1.2:2765 +Flow 141 risky: udp 192.168.1.2:138 -> 192.168.1.255:138 +Flow 147 risky: udp 192.168.1.2:2775 -> 192.168.1.1:53 +Flow 177 risky: udp 192.168.1.1:53 -> 240.168.1.2:2792 +Flow 180 risky: udp 192.168.1.41:138 -> 192.168.1.255:138 +Flow 190 risky: udp 192.168.1.2:2793 -> 192.168.1.1:53 +Flow 193 risky: udp 192.168.1.2:2794 -> 192.168.1.1:53 +Flow 192 risky: udp 192.168.1.2:2795 -> 192.168.1.1:53 +Flow 197 risky: udp 192.168.1.2:2797 -> 192.168.1.1:53 +Flow 204 risky: udp 192.168.1.2:2801 -> 192.168.1.1:53 +Flow 214 risky: udp 192.168.1.1:53 -> 192.168.1.2:2807 +Flow 230 risky: udp 192.168.1.2:2815 -> 192.168.1.1:53 +Flow 243 risky: udp 192.168.1.2:138 -> 192.168.1.255:138 +Flow 244 risky: udp 192.168.1.2:2826 -> 192.168.1.1:53 +Flow 249 risky: udp 192.168.1.1:53 -> 192.168.1.2:2572 +Flow 254 risky: udp 192.168.1.2:2830 -> 192.168.1.1:53 +Flow 32 midstream: tcp 147.234.1.253:21 -> 192.168.1.2:2732 diff --git a/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out new file mode 100644 index 000000000..e5cc2fa8c --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out @@ -0,0 +1,6 @@ +Flow 34 risky: tcp 172.20.3.13:53136 -> 172.20.3.5:80 +Flow 34 midstream: tcp 172.20.3.13:53136 -> 172.20.3.5:80 +Flow 11 risky: tcp 172.20.3.5:2602 -> 172.20.3.13:80 +Flow 11 midstream: tcp 172.20.3.5:2602 -> 172.20.3.13:80 +Flow 18 risky: tcp 172.20.3.5:2604 -> 172.20.3.13:80 +Flow 27 risky: tcp 172.20.3.5:2606 -> 172.20.3.13:80 diff --git a/test/results/flow-captured/default/fuzz-2020-02-16-11740.pcap.out b/test/results/flow-captured/default/fuzz-2020-02-16-11740.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2020-02-16-11740.pcap.out diff --git a/test/results/flow-captured/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/flow-captured/default/fuzz-2021-06-07-c6c72a0a56.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2021-06-07-c6c72a0a56.pcap.out diff --git a/test/results/flow-captured/default/fuzz-2021-10-13.pcap.out b/test/results/flow-captured/default/fuzz-2021-10-13.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2021-10-13.pcap.out diff --git a/test/results/flow-captured/default/geforcenow.pcapng.out b/test/results/flow-captured/default/geforcenow.pcapng.out new file mode 100644 index 000000000..3a86d393a --- /dev/null +++ b/test/results/flow-captured/default/geforcenow.pcapng.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 192.168.1.245:52441 -> 80.84.167.206:18452 +Flow 1 risky: tcp 192.168.1.245:57490 -> 80.84.167.206:49100 diff --git a/test/results/flow-captured/default/genshin-impact.pcap.out b/test/results/flow-captured/default/genshin-impact.pcap.out new file mode 100644 index 000000000..ac357a6b5 --- /dev/null +++ b/test/results/flow-captured/default/genshin-impact.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp 192.168.2.100:58766 -> 47.245.143.85:22101 +Flow 3 risky: udp 192.168.2.100:52575 -> 8.209.69.191:22101 diff --git a/test/results/flow-captured/default/git.pcap.out b/test/results/flow-captured/default/git.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/git.pcap.out diff --git a/test/results/flow-captured/default/gnutella.pcap.out b/test/results/flow-captured/default/gnutella.pcap.out new file mode 100644 index 000000000..a14f24445 --- /dev/null +++ b/test/results/flow-captured/default/gnutella.pcap.out @@ -0,0 +1,358 @@ +Flow 20 risky: udp 10.0.2.15:138 -> 10.0.2.255:138 +Flow 239 risky: tcp 10.0.2.15:50285 -> 75.133.101.93:52367 +Flow 238 risky: tcp 10.0.2.15:50284 -> 104.156.226.72:53258 +Flow 288 risky: tcp 10.0.2.15:50312 -> 104.238.172.250:23548 +Flow 276 risky: tcp 10.0.2.15:50300 -> 188.61.52.183:11852 +Flow 134 risky: udp 10.0.2.15:28681 -> 78.231.73.14:6346 +Flow 128 risky: udp 10.0.2.15:28681 -> 77.141.219.27:37580 +Flow 114 risky: udp 10.0.2.15:28681 -> 86.23.75.69:6346 +Flow 88 risky: udp 10.0.2.15:28681 -> 81.50.24.2:17874 +Flow 96 risky: udp 10.0.2.15:28681 -> 88.160.214.137:6346 +Flow 118 risky: udp 10.0.2.15:28681 -> 5.180.62.100:46385 +Flow 100 risky: udp 10.0.2.15:28681 -> 220.133.122.217:23458 +Flow 117 risky: udp 10.0.2.15:28681 -> 200.120.243.143:6346 +Flow 115 risky: udp 10.0.2.15:28681 -> 154.3.42.104:11804 +Flow 101 risky: udp 10.0.2.15:28681 -> 123.205.126.102:5193 +Flow 98 risky: udp 10.0.2.15:28681 -> 203.222.14.170:23332 +Flow 131 risky: udp 10.0.2.15:28681 -> 86.225.140.186:6346 +Flow 111 risky: udp 10.0.2.15:28681 -> 90.65.141.157:6346 +Flow 106 risky: udp 10.0.2.15:28681 -> 114.39.154.69:4832 +Flow 139 risky: udp 10.0.2.15:28681 -> 165.169.226.142:6346 +Flow 141 risky: udp 10.0.2.15:28681 -> 172.97.199.14:6346 +Flow 126 risky: udp 10.0.2.15:28681 -> 91.69.159.133:28000 +Flow 136 risky: udp 10.0.2.15:28681 -> 80.236.247.120:16047 +Flow 86 risky: udp 10.0.2.15:28681 -> 74.210.244.72:6346 +Flow 85 risky: udp 10.0.2.15:28681 -> 85.138.20.110:6346 +Flow 135 risky: udp 10.0.2.15:28681 -> 193.250.99.158:6346 +Flow 127 risky: udp 10.0.2.15:28681 -> 176.191.49.159:1024 +Flow 112 risky: udp 10.0.2.15:28681 -> 36.239.213.146:21750 +Flow 125 risky: udp 10.0.2.15:28681 -> 83.92.178.182:57302 +Flow 116 risky: udp 10.0.2.15:28681 -> 124.44.190.145:10170 +Flow 133 risky: udp 10.0.2.15:28681 -> 91.175.220.161:15721 +Flow 99 risky: udp 10.0.2.15:28681 -> 114.38.9.82:24223 +Flow 124 risky: udp 10.0.2.15:28681 -> 170.254.19.6:24180 +Flow 130 risky: udp 10.0.2.15:28681 -> 119.224.95.97:46356 +Flow 107 risky: udp 10.0.2.15:28681 -> 202.151.63.59:7624 +Flow 129 risky: udp 10.0.2.15:28681 -> 176.138.50.179:29411 +Flow 103 risky: udp 10.0.2.15:28681 -> 220.134.167.82:5820 +Flow 97 risky: udp 10.0.2.15:28681 -> 24.78.134.188:49046 +Flow 104 risky: udp 10.0.2.15:28681 -> 42.98.115.128:23458 +Flow 137 risky: udp 10.0.2.15:28681 -> 82.65.70.197:21693 +Flow 109 risky: udp 10.0.2.15:28681 -> 88.169.2.153:52414 +Flow 140 risky: udp 10.0.2.15:28681 -> 77.197.111.186:6346 +Flow 102 risky: udp 10.0.2.15:28681 -> 218.164.39.233:20855 +Flow 108 risky: udp 10.0.2.15:28681 -> 112.119.242.110:7922 +Flow 113 risky: udp 10.0.2.15:28681 -> 105.101.132.146:57746 +Flow 132 risky: udp 10.0.2.15:28681 -> 79.86.173.45:6346 +Flow 87 risky: udp 10.0.2.15:28681 -> 92.131.85.245:31743 +Flow 110 risky: udp 10.0.2.15:28681 -> 195.132.75.56:56009 +Flow 105 risky: udp 10.0.2.15:28681 -> 219.85.11.85:10722 +Flow 138 risky: udp 10.0.2.15:28681 -> 167.114.170.156:23844 +Flow 170 risky: udp 10.0.2.15:28681 -> 67.193.8.52:38584 +Flow 166 risky: udp 10.0.2.15:28681 -> 90.59.253.186:15555 +Flow 183 risky: udp 10.0.2.15:28681 -> 91.172.15.182:37829 +Flow 184 risky: udp 10.0.2.15:28681 -> 86.239.62.213:6346 +Flow 196 risky: udp 10.0.2.15:28681 -> 88.127.72.106:6346 +Flow 195 risky: udp 10.0.2.15:28681 -> 177.231.151.16:6346 +Flow 219 risky: udp 10.0.2.15:28681 -> 76.30.86.144:53821 +Flow 217 risky: udp 10.0.2.15:28681 -> 126.117.45.151:19323 +Flow 155 risky: udp 10.0.2.15:28681 -> 88.168.182.103:6346 +Flow 198 risky: udp 10.0.2.15:28681 -> 58.182.171.50:15180 +Flow 191 risky: udp 10.0.2.15:28681 -> 190.153.143.54:65535 +Flow 172 risky: udp 10.0.2.15:28681 -> 87.69.142.133:15471 +Flow 192 risky: udp 10.0.2.15:28681 -> 92.8.59.80:35192 +Flow 181 risky: udp 10.0.2.15:28681 -> 66.177.5.135:6346 +Flow 162 risky: udp 10.0.2.15:28681 -> 88.123.159.111:44729 +Flow 214 risky: udp 10.0.2.15:28681 -> 91.169.215.227:26820 +Flow 193 risky: udp 10.0.2.15:28681 -> 188.44.126.74:54633 +Flow 169 risky: udp 10.0.2.15:28681 -> 91.162.52.93:34799 +Flow 187 risky: udp 10.0.2.15:28681 -> 92.88.92.56:21009 +Flow 190 risky: udp 10.0.2.15:28681 -> 165.169.195.227:6346 +Flow 206 risky: udp 10.0.2.15:28681 -> 213.166.132.204:11194 +Flow 203 risky: udp 10.0.2.15:28681 -> 120.156.204.38:54832 +Flow 199 risky: udp 10.0.2.15:28681 -> 114.73.129.26:53585 +Flow 207 risky: udp 10.0.2.15:28681 -> 81.242.191.215:6346 +Flow 208 risky: udp 10.0.2.15:28681 -> 81.249.64.215:25058 +Flow 173 risky: udp 10.0.2.15:28681 -> 121.99.222.36:44988 +Flow 180 risky: udp 10.0.2.15:28681 -> 66.131.24.72:30711 +Flow 212 risky: udp 10.0.2.15:28681 -> 36.233.3.223:12848 +Flow 197 risky: udp 10.0.2.15:28681 -> 208.92.106.151:32476 +Flow 168 risky: udp 10.0.2.15:28681 -> 89.157.59.43:56919 +Flow 156 risky: udp 10.0.2.15:28681 -> 86.244.228.86:10131 +Flow 215 risky: udp 10.0.2.15:28681 -> 78.159.27.22:17563 +Flow 176 risky: udp 10.0.2.15:28681 -> 41.99.164.4:6346 +Flow 164 risky: udp 10.0.2.15:28681 -> 142.197.219.85:26234 +Flow 157 risky: udp 10.0.2.15:28681 -> 86.227.162.150:6346 +Flow 209 risky: udp 10.0.2.15:28681 -> 91.179.98.234:6346 +Flow 189 risky: udp 10.0.2.15:28681 -> 115.195.105.243:6346 +Flow 159 risky: udp 10.0.2.15:28681 -> 176.163.231.160:6346 +Flow 179 risky: udp 10.0.2.15:28681 -> 178.51.146.115:6346 +Flow 186 risky: udp 10.0.2.15:28681 -> 91.182.44.202:30277 +Flow 213 risky: udp 10.0.2.15:28681 -> 5.180.62.37:6346 +Flow 167 risky: udp 10.0.2.15:28681 -> 93.29.107.176:20363 +Flow 171 risky: udp 10.0.2.15:28681 -> 196.217.132.111:25394 +Flow 160 risky: udp 10.0.2.15:28681 -> 83.150.49.35:32448 +Flow 174 risky: udp 10.0.2.15:28681 -> 196.74.159.56:29271 +Flow 185 risky: udp 10.0.2.15:28681 -> 109.132.196.58:6346 +Flow 165 risky: udp 10.0.2.15:28681 -> 86.75.43.182:43502 +Flow 161 risky: udp 10.0.2.15:28681 -> 213.120.26.86:29946 +Flow 188 risky: udp 10.0.2.15:28681 -> 83.134.107.32:38836 +Flow 177 risky: udp 10.0.2.15:28681 -> 69.157.183.106:6346 +Flow 205 risky: udp 10.0.2.15:28681 -> 96.29.197.138:6346 +Flow 175 risky: udp 10.0.2.15:28681 -> 115.69.62.99:6346 +Flow 182 risky: udp 10.0.2.15:28681 -> 73.3.103.37:35589 +Flow 210 risky: udp 10.0.2.15:28681 -> 41.100.120.146:12838 +Flow 218 risky: udp 10.0.2.15:28681 -> 176.155.52.115:53956 +Flow 211 risky: udp 10.0.2.15:28681 -> 186.93.139.92:6346 +Flow 200 risky: udp 10.0.2.15:28681 -> 138.199.16.123:52993 +Flow 154 risky: udp 10.0.2.15:28681 -> 174.115.111.224:51984 +Flow 201 risky: udp 10.0.2.15:28681 -> 85.170.209.214:46210 +Flow 194 risky: udp 10.0.2.15:28681 -> 176.150.126.156:16471 +Flow 178 risky: udp 10.0.2.15:28681 -> 83.46.253.7:6346 +Flow 163 risky: udp 10.0.2.15:28681 -> 88.126.160.158:6346 +Flow 216 risky: udp 10.0.2.15:28681 -> 212.68.248.153:27223 +Flow 158 risky: udp 10.0.2.15:28681 -> 118.166.226.70:6346 +Flow 204 risky: udp 10.0.2.15:28681 -> 84.126.240.32:45313 +Flow 202 risky: udp 10.0.2.15:28681 -> 176.134.139.39:6346 +Flow 93 risky: tcp 10.0.2.15:50248 -> 109.214.154.216:6346 +Flow 247 risky: udp 10.0.2.15:28681 -> 181.84.178.16:60262 +Flow 307 risky: udp 10.0.2.15:28681 -> 72.201.208.57:38617 +Flow 309 risky: udp 10.0.2.15:28681 -> 47.220.186.140:27641 +Flow 254 risky: udp 10.0.2.15:28681 -> 88.120.73.215:24562 +Flow 258 risky: udp 10.0.2.15:28681 -> 24.26.216.95:13889 +Flow 315 risky: udp 10.0.2.15:28681 -> 92.217.84.16:20223 +Flow 305 risky: udp 10.0.2.15:28681 -> 88.168.175.31:6346 +Flow 310 risky: udp 10.0.2.15:28681 -> 118.240.69.199:6348 +Flow 306 risky: udp 10.0.2.15:28681 -> 41.249.63.200:22582 +Flow 265 risky: udp 10.0.2.15:28681 -> 203.220.198.244:1194 +Flow 318 risky: udp 10.0.2.15:28681 -> 173.183.183.110:59920 +Flow 260 risky: udp 10.0.2.15:28681 -> 46.128.114.107:6578 +Flow 311 risky: udp 10.0.2.15:28681 -> 109.132.188.98:62851 +Flow 308 risky: udp 10.0.2.15:28681 -> 81.205.91.45:40137 +Flow 251 risky: udp 10.0.2.15:28681 -> 185.203.218.92:56962 +Flow 259 risky: udp 10.0.2.15:28681 -> 103.232.107.100:43508 +Flow 250 risky: udp 10.0.2.15:28681 -> 51.68.153.214:26253 +Flow 256 risky: udp 10.0.2.15:28681 -> 96.246.156.126:50297 +Flow 249 risky: udp 10.0.2.15:28681 -> 45.88.117.218:6909 +Flow 257 risky: udp 10.0.2.15:28681 -> 82.181.251.218:36368 +Flow 246 risky: udp 10.0.2.15:28681 -> 96.65.68.194:35481 +Flow 314 risky: udp 10.0.2.15:28681 -> 71.237.202.91:16117 +Flow 317 risky: udp 10.0.2.15:28681 -> 96.236.205.7:34794 +Flow 261 risky: udp 10.0.2.15:28681 -> 60.241.48.194:21301 +Flow 313 risky: udp 10.0.2.15:28681 -> 176.99.176.20:6346 +Flow 255 risky: udp 10.0.2.15:28681 -> 80.61.221.246:30577 +Flow 248 risky: udp 10.0.2.15:28681 -> 66.30.221.181:12012 +Flow 263 risky: udp 10.0.2.15:28681 -> 82.217.176.52:7446 +Flow 253 risky: udp 10.0.2.15:28681 -> 193.37.255.130:61616 +Flow 252 risky: udp 10.0.2.15:28681 -> 72.140.120.41:47739 +Flow 316 risky: udp 10.0.2.15:28681 -> 94.54.66.82:63637 +Flow 262 risky: udp 10.0.2.15:28681 -> 89.75.52.19:46010 +Flow 264 risky: udp 10.0.2.15:28681 -> 95.10.205.67:11603 +Flow 312 risky: udp 10.0.2.15:28681 -> 24.167.201.53:47282 +Flow 329 risky: udp 10.0.2.15:28681 -> 92.117.249.98:6815 +Flow 328 risky: udp 10.0.2.15:28681 -> 203.220.105.27:19260 +Flow 331 risky: udp 10.0.2.15:28681 -> 45.31.152.112:26851 +Flow 320 risky: udp 10.0.2.15:28681 -> 185.236.200.137:48142 +Flow 332 risky: udp 10.0.2.15:28681 -> 213.229.111.224:4876 +Flow 325 risky: udp 10.0.2.15:28681 -> 83.160.143.48:37036 +Flow 323 risky: udp 10.0.2.15:28681 -> 96.246.156.126:56070 +Flow 322 risky: udp 10.0.2.15:28681 -> 45.88.117.219:6909 +Flow 327 risky: udp 10.0.2.15:28681 -> 84.28.53.225:44859 +Flow 321 risky: udp 10.0.2.15:28681 -> 188.165.203.190:21995 +Flow 324 risky: udp 10.0.2.15:28681 -> 73.250.179.237:20848 +Flow 319 risky: udp 10.0.2.15:28681 -> 164.132.10.25:55302 +Flow 330 risky: udp 10.0.2.15:28681 -> 82.64.44.11:1352 +Flow 326 risky: udp 10.0.2.15:28681 -> 100.1.231.138:56558 +Flow 336 risky: udp 10.0.2.15:28681 -> 80.7.252.192:6888 +Flow 338 risky: udp 10.0.2.15:28681 -> 221.198.205.196:20778 +Flow 340 risky: udp 10.0.2.15:28681 -> 38.142.119.234:49732 +Flow 350 risky: udp 10.0.2.15:28681 -> 99.250.253.99:11819 +Flow 343 risky: udp 10.0.2.15:28681 -> 89.212.91.155:5195 +Flow 344 risky: udp 10.0.2.15:28681 -> 207.38.163.228:6778 +Flow 348 risky: udp 10.0.2.15:28681 -> 84.197.97.94:1360 +Flow 346 risky: udp 10.0.2.15:28681 -> 76.226.85.105:6346 +Flow 342 risky: udp 10.0.2.15:28681 -> 98.208.26.154:4994 +Flow 337 risky: udp 10.0.2.15:28681 -> 24.116.64.132:51227 +Flow 347 risky: udp 10.0.2.15:28681 -> 176.10.169.10:12799 +Flow 339 risky: udp 10.0.2.15:28681 -> 87.123.54.234:54130 +Flow 341 risky: udp 10.0.2.15:28681 -> 24.129.233.60:19990 +Flow 354 risky: udp 10.0.2.15:28681 -> 80.236.247.120:1032 +Flow 352 risky: udp 10.0.2.15:28681 -> 176.191.49.159:6346 +Flow 353 risky: udp 10.0.2.15:28681 -> 195.181.151.217:25282 +Flow 351 risky: udp 10.0.2.15:28681 -> 187.37.87.189:6346 +Flow 94 risky: tcp 10.0.2.15:50249 -> 86.208.180.181:45883 +Flow 35 risky: tcp 10.0.2.15:50196 -> 218.250.6.59:12556 +Flow 46 risky: tcp 10.0.2.15:50206 -> 175.181.156.244:8255 +Flow 77 risky: tcp 10.0.2.15:50236 -> 93.29.135.209:6346 +Flow 73 risky: tcp 10.0.2.15:50232 -> 182.155.242.225:15068 +Flow 67 risky: tcp 10.0.2.15:50226 -> 116.241.162.162:15677 +Flow 119 risky: tcp 10.0.2.15:50250 -> 27.94.154.53:6346 +Flow 36 risky: tcp 10.0.2.15:50197 -> 118.168.15.71:3931 +Flow 121 risky: tcp 10.0.2.15:50252 -> 123.202.31.113:19768 +Flow 43 risky: tcp 10.0.2.15:50203 -> 61.222.160.99:18994 +Flow 122 risky: tcp 10.0.2.15:50253 -> 103.232.107.100:43508 +Flow 38 risky: tcp 10.0.2.15:50199 -> 47.147.52.21:36728 +Flow 51 risky: tcp 10.0.2.15:50211 -> 14.199.10.60:23458 +Flow 76 risky: tcp 10.0.2.15:50235 -> 45.88.118.70:6906 +Flow 358 risky: udp 10.0.2.15:28681 -> 47.224.174.174:6346 +Flow 357 risky: udp 10.0.2.15:28681 -> 98.35.85.238:32173 +Flow 356 risky: udp 10.0.2.15:28681 -> 63.228.175.169:1936 +Flow 355 risky: udp 10.0.2.15:28681 -> 181.118.53.212:29998 +Flow 293 risky: tcp 10.0.2.15:50317 -> 188.165.203.190:21995 +Flow 292 risky: tcp 10.0.2.15:50316 -> 142.132.165.13:30566 +Flow 289 risky: tcp 10.0.2.15:50313 -> 96.65.68.194:35481 +Flow 223 risky: tcp 10.0.2.15:50269 -> 218.103.139.2:3186 +Flow 148 risky: tcp 10.0.2.15:50261 -> 156.57.42.2:33476 +Flow 280 risky: tcp 10.0.2.15:50304 -> 85.168.34.105:39908 +Flow 285 risky: tcp 10.0.2.15:50309 -> 60.241.48.194:21301 +Flow 283 risky: tcp 10.0.2.15:50307 -> 176.99.176.20:6346 +Flow 149 risky: tcp 10.0.2.15:50262 -> 80.61.221.246:30577 +Flow 295 risky: tcp 10.0.2.15:50319 -> 185.187.74.173:53489 +Flow 298 risky: tcp 10.0.2.15:50322 -> 164.132.10.25:55302 +Flow 269 risky: tcp 10.0.2.15:50293 -> 97.83.183.148:8890 +Flow 296 risky: tcp 10.0.2.15:50320 -> 194.163.180.126:10825 +Flow 284 risky: tcp 10.0.2.15:50308 -> 193.37.255.130:61616 +Flow 37 risky: tcp 10.0.2.15:50198 -> 86.129.196.84:9915 +Flow 287 risky: tcp 10.0.2.15:50311 -> 149.28.163.175:49956 +Flow 291 risky: tcp 10.0.2.15:50315 -> 45.31.152.112:26851 +Flow 279 risky: tcp 10.0.2.15:50303 -> 88.120.73.215:24562 +Flow 271 risky: tcp 10.0.2.15:50295 -> 38.142.119.234:49732 +Flow 221 risky: tcp 10.0.2.15:50267 -> 113.252.86.162:9239 +Flow 270 risky: tcp 10.0.2.15:50294 -> 14.200.255.229:37058 +Flow 272 risky: tcp 10.0.2.15:50296 -> 77.58.211.52:3806 +Flow 275 risky: tcp 10.0.2.15:50299 -> 203.220.198.244:1194 +Flow 294 risky: tcp 10.0.2.15:50318 -> 193.32.126.214:59596 +Flow 274 risky: tcp 10.0.2.15:50298 -> 46.128.114.107:6578 +Flow 146 risky: tcp 10.0.2.15:50259 -> 183.179.90.112:9852 +Flow 222 risky: tcp 10.0.2.15:50268 -> 210.209.249.84:24751 +Flow 273 risky: tcp 10.0.2.15:50297 -> 14.200.255.229:45710 +Flow 299 risky: tcp 10.0.2.15:50323 -> 51.68.153.214:26253 +Flow 361 risky: udp 10.0.2.15:28681 -> 86.129.196.84:9915 +Flow 362 risky: udp 10.0.2.15:28681 -> 190.192.210.182:6754 +Flow 360 risky: udp 10.0.2.15:28681 -> 198.58.218.12:47912 +Flow 277 risky: tcp 10.0.2.15:50301 -> 87.123.54.234:54130 +Flow 282 risky: tcp 10.0.2.15:50306 -> 220.238.145.82:33527 +Flow 278 risky: tcp 10.0.2.15:50302 -> 75.64.6.175:4743 +Flow 366 risky: udp 10.0.2.15:28681 -> 94.8.55.158:51140 +Flow 365 risky: udp 10.0.2.15:28681 -> 188.23.24.213:18561 +Flow 368 risky: udp 10.0.2.15:28681 -> 47.147.52.21:36728 +Flow 363 risky: udp 10.0.2.15:28681 -> 81.205.91.45:38297 +Flow 364 risky: udp 10.0.2.15:28681 -> 194.163.180.126:10825 +Flow 367 risky: udp 10.0.2.15:28681 -> 149.28.163.175:49956 +Flow 267 risky: tcp 10.0.2.15:50291 -> 200.7.155.210:28365 +Flow 345 risky: tcp 10.0.2.15:50330 -> 69.118.162.229:46906 +Flow 371 risky: udp 10.0.2.15:28681 -> 109.131.202.24:44748 +Flow 370 risky: udp 10.0.2.15:28681 -> 91.172.56.198:11984 +Flow 374 risky: udp 10.0.2.15:28681 -> 62.35.190.5:18604 +Flow 372 risky: udp 10.0.2.15:28681 -> 91.179.185.126:6346 +Flow 373 risky: udp 10.0.2.15:28681 -> 88.122.233.15:11488 +Flow 433 risky: udp 10.0.2.15:28681 -> 99.255.145.191:47264 +Flow 404 risky: udp 10.0.2.15:28681 -> 86.234.216.251:17845 +Flow 426 risky: udp 10.0.2.15:28681 -> 219.71.44.121:14398 +Flow 411 risky: udp 10.0.2.15:28681 -> 89.143.28.64:6346 +Flow 408 risky: udp 10.0.2.15:28681 -> 90.103.2.245:6346 +Flow 424 risky: udp 10.0.2.15:28681 -> 93.15.216.216:6346 +Flow 422 risky: udp 10.0.2.15:28681 -> 88.123.35.219:42211 +Flow 439 risky: udp 10.0.2.15:28681 -> 176.135.15.86:6346 +Flow 481 risky: udp 10.0.2.15:28681 -> 82.120.219.74:6346 +Flow 435 risky: udp 10.0.2.15:28681 -> 109.24.146.101:6346 +Flow 465 risky: udp 10.0.2.15:28681 -> 2.28.39.18:15672 +Flow 421 risky: udp 10.0.2.15:28681 -> 175.182.39.11:12977 +Flow 416 risky: udp 10.0.2.15:28681 -> 92.139.61.103:24096 +Flow 413 risky: udp 10.0.2.15:28681 -> 87.65.188.29:24676 +Flow 412 risky: udp 10.0.2.15:28681 -> 58.177.52.73:6346 +Flow 418 risky: udp 10.0.2.15:28681 -> 75.129.149.103:6346 +Flow 468 risky: udp 10.0.2.15:28681 -> 94.214.12.247:44001 +Flow 466 risky: udp 10.0.2.15:28681 -> 70.119.248.5:49929 +Flow 428 risky: udp 10.0.2.15:28681 -> 86.162.97.8:6346 +Flow 425 risky: udp 10.0.2.15:28681 -> 145.82.53.165:6346 +Flow 401 risky: udp 10.0.2.15:28681 -> 173.178.192.76:6346 +Flow 484 risky: udp 10.0.2.15:28681 -> 107.4.56.177:10000 +Flow 406 risky: udp 10.0.2.15:28681 -> 109.27.3.68:57380 +Flow 467 risky: udp 10.0.2.15:28681 -> 61.64.177.53:23458 +Flow 431 risky: udp 10.0.2.15:28681 -> 88.124.71.246:49035 +Flow 402 risky: udp 10.0.2.15:28681 -> 78.219.202.2:6346 +Flow 420 risky: udp 10.0.2.15:28681 -> 86.227.127.34:6346 +Flow 417 risky: udp 10.0.2.15:28681 -> 94.187.236.179:6346 +Flow 485 risky: udp 10.0.2.15:28681 -> 154.3.42.209:6346 +Flow 427 risky: udp 10.0.2.15:28681 -> 81.249.13.30:15138 +Flow 405 risky: udp 10.0.2.15:28681 -> 176.155.31.118:6346 +Flow 415 risky: udp 10.0.2.15:28681 -> 90.247.160.96:17817 +Flow 486 risky: udp 10.0.2.15:28681 -> 88.68.45.203:6346 +Flow 410 risky: udp 10.0.2.15:28681 -> 93.28.130.131:6346 +Flow 423 risky: udp 10.0.2.15:28681 -> 119.247.6.226:9713 +Flow 438 risky: udp 10.0.2.15:28681 -> 71.86.190.163:14142 +Flow 403 risky: udp 10.0.2.15:28681 -> 197.244.171.132:6346 +Flow 429 risky: udp 10.0.2.15:28681 -> 165.169.215.213:23576 +Flow 436 risky: udp 10.0.2.15:28681 -> 219.68.179.137:6406 +Flow 414 risky: udp 10.0.2.15:28681 -> 175.181.156.244:8255 +Flow 409 risky: udp 10.0.2.15:28681 -> 86.194.53.68:33770 +Flow 482 risky: udp 10.0.2.15:28681 -> 86.193.23.172:42227 +Flow 400 risky: udp 10.0.2.15:28681 -> 129.45.47.167:6346 +Flow 407 risky: udp 10.0.2.15:28681 -> 195.181.151.217:6346 +Flow 440 risky: udp 10.0.2.15:28681 -> 203.165.170.112:37087 +Flow 437 risky: udp 10.0.2.15:28681 -> 31.38.163.2:6346 +Flow 419 risky: udp 10.0.2.15:28681 -> 78.193.236.8:46557 +Flow 432 risky: udp 10.0.2.15:28681 -> 104.6.118.53:6346 +Flow 434 risky: udp 10.0.2.15:28681 -> 114.24.182.130:22232 +Flow 430 risky: udp 10.0.2.15:28681 -> 90.8.95.165:40763 +Flow 488 risky: udp 10.0.2.15:28681 -> 183.179.90.112:9852 +Flow 490 risky: udp 10.0.2.15:28681 -> 90.3.215.132:20356 +Flow 489 risky: udp 10.0.2.15:28681 -> 108.44.45.25:6346 +Flow 487 risky: udp 10.0.2.15:28681 -> 24.78.134.188:49046 +Flow 491 risky: udp 10.0.2.15:28681 -> 36.233.42.210:5512 +Flow 492 risky: udp 10.0.2.15:28681 -> 172.94.41.71:6346 +Flow 509 risky: udp 10.0.2.15:28681 -> 92.142.109.190:41370 +Flow 511 risky: udp 10.0.2.15:28681 -> 68.47.223.27:6346 +Flow 496 risky: udp 10.0.2.15:28681 -> 218.173.230.98:19004 +Flow 495 risky: udp 10.0.2.15:28681 -> 81.247.89.20:6346 +Flow 516 risky: udp 10.0.2.15:28681 -> 119.246.147.72:4572 +Flow 501 risky: udp 10.0.2.15:28681 -> 88.160.214.137:6346 +Flow 506 risky: udp 10.0.2.15:28681 -> 136.32.84.139:6346 +Flow 508 risky: udp 10.0.2.15:28681 -> 92.144.99.73:10745 +Flow 513 risky: udp 10.0.2.15:28681 -> 78.196.216.12:58910 +Flow 499 risky: udp 10.0.2.15:28681 -> 1.161.80.82:8656 +Flow 503 risky: udp 10.0.2.15:28681 -> 74.210.244.72:6346 +Flow 505 risky: udp 10.0.2.15:28681 -> 42.2.62.28:6387 +Flow 494 risky: udp 10.0.2.15:28681 -> 86.210.81.59:6346 +Flow 498 risky: udp 10.0.2.15:28681 -> 8.44.149.207:30551 +Flow 504 risky: udp 10.0.2.15:28681 -> 85.203.45.107:6346 +Flow 502 risky: udp 10.0.2.15:28681 -> 47.156.58.211:6346 +Flow 507 risky: udp 10.0.2.15:28681 -> 50.4.204.220:6346 +Flow 512 risky: udp 10.0.2.15:28681 -> 209.204.207.5:49256 +Flow 518 risky: udp 10.0.2.15:28681 -> 202.151.63.59:7624 +Flow 500 risky: udp 10.0.2.15:28681 -> 220.143.34.225:20071 +Flow 514 risky: udp 10.0.2.15:28681 -> 83.114.40.175:23552 +Flow 517 risky: udp 10.0.2.15:28681 -> 36.239.162.27:7986 +Flow 519 risky: udp 10.0.2.15:28681 -> 219.70.48.23:8070 +Flow 510 risky: udp 10.0.2.15:28681 -> 79.94.85.113:6346 +Flow 497 risky: udp 10.0.2.15:28681 -> 84.100.76.123:39628 +Flow 515 risky: udp 10.0.2.15:28681 -> 220.137.106.173:11625 +Flow 750 risky: udp 10.0.2.15:28681 -> 67.193.8.52:38584 +Flow 752 risky: udp 10.0.2.15:28681 -> 78.231.73.14:6346 +Flow 748 risky: udp 10.0.2.15:28681 -> 92.8.59.80:35192 +Flow 751 risky: udp 10.0.2.15:28681 -> 142.115.218.152:5900 +Flow 749 risky: udp 10.0.2.15:28681 -> 78.159.27.22:17563 +Flow 753 risky: udp 10.0.2.15:28681 -> 165.84.140.96:14400 +Flow 755 risky: udp 10.0.2.15:28681 -> 83.134.107.32:38836 +Flow 756 risky: udp 10.0.2.15:28681 -> 41.100.68.255:12838 +Flow 759 risky: udp 10.0.2.15:28681 -> 104.238.172.250:23548 +Flow 757 risky: udp 10.0.2.15:28681 -> 104.156.226.72:53258 +Flow 760 risky: udp 10.0.2.15:138 -> 10.0.2.255:138 +Flow 764 risky: udp 10.0.2.15:28681 -> 208.92.106.151:32476 +Flow 762 risky: udp 10.0.2.15:28681 -> 86.75.43.182:43502 +Flow 763 risky: udp 10.0.2.15:28681 -> 85.170.209.214:46210 +Flow 761 risky: udp 10.0.2.15:28681 -> 195.132.75.56:56009 +Flow 787 risky: udp 10.0.2.15:28681 -> 220.133.122.217:23458 +Flow 793 risky: udp 10.0.2.15:28681 -> 123.205.126.102:5193 +Flow 792 risky: udp 10.0.2.15:28681 -> 36.239.213.146:21750 +Flow 786 risky: udp 10.0.2.15:28681 -> 114.38.9.82:24223 +Flow 788 risky: udp 10.0.2.15:28681 -> 220.134.167.82:5820 +Flow 789 risky: udp 10.0.2.15:28681 -> 42.98.115.128:23458 +Flow 790 risky: udp 10.0.2.15:28681 -> 218.164.39.233:20855 +Flow 785 risky: udp 10.0.2.15:28681 -> 176.134.139.39:6346 +Flow 791 risky: udp 10.0.2.15:28681 -> 219.85.11.85:10722 +Flow 796 risky: udp 10.0.2.15:28681 -> 41.249.63.200:22582 +Flow 333 risky: tcp 10.0.2.15:50327 -> 69.118.162.229:46906 +Flow 795 risky: udp 10.0.2.15:28681 -> 213.120.26.86:29946 +Flow 334 risky: tcp 10.0.2.15:50328 -> 189.147.72.83:26108 diff --git a/test/results/flow-captured/default/google_ssl.pcap.out b/test/results/flow-captured/default/google_ssl.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/google_ssl.pcap.out diff --git a/test/results/flow-captured/default/googledns_android10.pcap.out b/test/results/flow-captured/default/googledns_android10.pcap.out new file mode 100644 index 000000000..2551e4bf2 --- /dev/null +++ b/test/results/flow-captured/default/googledns_android10.pcap.out @@ -0,0 +1,3 @@ +Flow 4 risky: tcp 192.168.1.159:48048 -> 8.8.4.4:853 +Flow 7 risky: tcp 192.168.1.159:48098 -> 8.8.4.4:853 +Flow 8 risky: tcp 192.168.1.159:48210 -> 8.8.4.4:853 diff --git a/test/results/flow-captured/default/gquic.pcap.out b/test/results/flow-captured/default/gquic.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gquic.pcap.out diff --git a/test/results/flow-captured/default/gtp_c.pcap.out b/test/results/flow-captured/default/gtp_c.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gtp_c.pcap.out diff --git a/test/results/flow-captured/default/gtp_false_positive.pcapng.out b/test/results/flow-captured/default/gtp_false_positive.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gtp_false_positive.pcapng.out diff --git a/test/results/flow-captured/default/gtp_prime.pcapng.out b/test/results/flow-captured/default/gtp_prime.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gtp_prime.pcapng.out diff --git a/test/results/flow-captured/default/h323-overflow.pcap.out b/test/results/flow-captured/default/h323-overflow.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/h323-overflow.pcap.out diff --git a/test/results/flow-captured/default/h323.pcap.out b/test/results/flow-captured/default/h323.pcap.out new file mode 100644 index 000000000..1892ef261 --- /dev/null +++ b/test/results/flow-captured/default/h323.pcap.out @@ -0,0 +1 @@ +Flow 2 midstream: tcp 17.2.0.124:3032 -> 17.2.0.122:1720 diff --git a/test/results/flow-captured/default/haproxy.pcap.out b/test/results/flow-captured/default/haproxy.pcap.out new file mode 100644 index 000000000..cf0b40fae --- /dev/null +++ b/test/results/flow-captured/default/haproxy.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 1.1.1.1:48502 -> 2.2.2.2:443 diff --git a/test/results/flow-captured/default/heuristic_tcp_ack_payload.pcap.out b/test/results/flow-captured/default/heuristic_tcp_ack_payload.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/heuristic_tcp_ack_payload.pcap.out diff --git a/test/results/flow-captured/default/hots.pcapng.out b/test/results/flow-captured/default/hots.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hots.pcapng.out diff --git a/test/results/flow-captured/default/hpvirtgrp.pcap.out b/test/results/flow-captured/default/hpvirtgrp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hpvirtgrp.pcap.out diff --git a/test/results/flow-captured/default/hsrp0.pcap.out b/test/results/flow-captured/default/hsrp0.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hsrp0.pcap.out diff --git a/test/results/flow-captured/default/hsrp2.pcap.out b/test/results/flow-captured/default/hsrp2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hsrp2.pcap.out diff --git a/test/results/flow-captured/default/hsrp2_ipv6.pcapng.out b/test/results/flow-captured/default/hsrp2_ipv6.pcapng.out new file mode 100644 index 000000000..b1302caae --- /dev/null +++ b/test/results/flow-captured/default/hsrp2_ipv6.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp fe80::1:2029 -> ff02::66:2029 +Flow 2 risky: udp fe80::2:2029 -> ff02::66:2029 diff --git a/test/results/flow-captured/default/http-crash-content-disposition.pcap.out b/test/results/flow-captured/default/http-crash-content-disposition.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http-crash-content-disposition.pcap.out diff --git a/test/results/flow-captured/default/http-lines-split.pcap.out b/test/results/flow-captured/default/http-lines-split.pcap.out new file mode 100644 index 000000000..732e4e5bc --- /dev/null +++ b/test/results/flow-captured/default/http-lines-split.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.1:39236 -> 192.168.0.20:31337 diff --git a/test/results/flow-captured/default/http-manipulated.pcap.out b/test/results/flow-captured/default/http-manipulated.pcap.out new file mode 100644 index 000000000..b5694910f --- /dev/null +++ b/test/results/flow-captured/default/http-manipulated.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.0.20:33632 -> 192.168.0.7:8080 +Flow 2 risky: tcp 192.168.0.20:33684 -> 192.168.0.7:8080 diff --git a/test/results/flow-captured/default/http-proxy.pcapng.out b/test/results/flow-captured/default/http-proxy.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http-proxy.pcapng.out diff --git a/test/results/flow-captured/default/http2.pcapng.out b/test/results/flow-captured/default/http2.pcapng.out new file mode 100644 index 000000000..9fc14eec9 --- /dev/null +++ b/test/results/flow-captured/default/http2.pcapng.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 127.0.0.1:37824 -> 127.0.0.1:29518 diff --git a/test/results/flow-captured/default/http_asymmetric.pcapng.out b/test/results/flow-captured/default/http_asymmetric.pcapng.out new file mode 100644 index 000000000..525d309cb --- /dev/null +++ b/test/results/flow-captured/default/http_asymmetric.pcapng.out @@ -0,0 +1 @@ +Flow 2 risky: tcp 192.168.1.146:80 -> 192.168.1.103:1044 diff --git a/test/results/flow-captured/default/http_auth.pcap.out b/test/results/flow-captured/default/http_auth.pcap.out new file mode 100644 index 000000000..f64f8755f --- /dev/null +++ b/test/results/flow-captured/default/http_auth.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.4:54337 -> 192.254.189.169:80 diff --git a/test/results/flow-captured/default/http_connect.pcap.out b/test/results/flow-captured/default/http_connect.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http_connect.pcap.out diff --git a/test/results/flow-captured/default/http_guessed_host_and_guessed.pcapng.out b/test/results/flow-captured/default/http_guessed_host_and_guessed.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http_guessed_host_and_guessed.pcapng.out diff --git a/test/results/flow-captured/default/http_invalid_server.pcap.out b/test/results/flow-captured/default/http_invalid_server.pcap.out new file mode 100644 index 000000000..6ef4eba5e --- /dev/null +++ b/test/results/flow-captured/default/http_invalid_server.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.29:51536 -> 143.204.14.183:80 diff --git a/test/results/flow-captured/default/http_ipv6.pcap.out b/test/results/flow-captured/default/http_ipv6.pcap.out new file mode 100644 index 000000000..5ac0c101b --- /dev/null +++ b/test/results/flow-captured/default/http_ipv6.pcap.out @@ -0,0 +1 @@ +Flow 12 risky: tcp 2a00:d40:1:3:7aac:c0ff:fea7:d4c:37506 -> 2a03:b0c0:3:d0::70:1001:443 diff --git a/test/results/flow-captured/default/http_on_sip_port.pcap.out b/test/results/flow-captured/default/http_on_sip_port.pcap.out new file mode 100644 index 000000000..fc0712800 --- /dev/null +++ b/test/results/flow-captured/default/http_on_sip_port.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 82.178.111.221:5060 -> 45.58.148.2:8888 diff --git a/test/results/flow-captured/default/http_origin_different_than_host.pcap.out b/test/results/flow-captured/default/http_origin_different_than_host.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http_origin_different_than_host.pcap.out diff --git a/test/results/flow-captured/default/http_starting_with_reply.pcapng.out b/test/results/flow-captured/default/http_starting_with_reply.pcapng.out new file mode 100644 index 000000000..9b306b725 --- /dev/null +++ b/test/results/flow-captured/default/http_starting_with_reply.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.1.146:80 -> 192.168.1.103:1044 +Flow 1 midstream: tcp 192.168.1.146:80 -> 192.168.1.103:1044 diff --git a/test/results/flow-captured/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/flow-captured/default/http_ua_splitted_in_two_pkts.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http_ua_splitted_in_two_pkts.pcapng.out diff --git a/test/results/flow-captured/default/i3d.pcap.out b/test/results/flow-captured/default/i3d.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/i3d.pcap.out diff --git a/test/results/flow-captured/default/iax.pcap.out b/test/results/flow-captured/default/iax.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/iax.pcap.out diff --git a/test/results/flow-captured/default/icmp-tunnel.pcap.out b/test/results/flow-captured/default/icmp-tunnel.pcap.out new file mode 100644 index 000000000..3373684f9 --- /dev/null +++ b/test/results/flow-captured/default/icmp-tunnel.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: icmp 192.168.154.131 -> 192.168.154.132 diff --git a/test/results/flow-captured/default/iec60780-5-104.pcap.out b/test/results/flow-captured/default/iec60780-5-104.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/iec60780-5-104.pcap.out diff --git a/test/results/flow-captured/default/imap-starttls.pcap.out b/test/results/flow-captured/default/imap-starttls.pcap.out new file mode 100644 index 000000000..712597ffd --- /dev/null +++ b/test/results/flow-captured/default/imap-starttls.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.17.53:49640 -> 212.227.17.186:143 diff --git a/test/results/flow-captured/default/imap.pcap.out b/test/results/flow-captured/default/imap.pcap.out new file mode 100644 index 000000000..a86b94957 --- /dev/null +++ b/test/results/flow-captured/default/imap.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.40.4.2:46045 -> 10.40.3.2:143 diff --git a/test/results/flow-captured/default/imaps.pcap.out b/test/results/flow-captured/default/imaps.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/imaps.pcap.out diff --git a/test/results/flow-captured/default/imo.pcap.out b/test/results/flow-captured/default/imo.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/imo.pcap.out diff --git a/test/results/flow-captured/default/instagram.pcap.out b/test/results/flow-captured/default/instagram.pcap.out new file mode 100644 index 000000000..fb7493269 --- /dev/null +++ b/test/results/flow-captured/default/instagram.pcap.out @@ -0,0 +1,7 @@ +Flow 3 midstream: tcp 192.168.0.103:38816 -> 46.33.70.160:80 +Flow 4 midstream: tcp 192.168.0.103:57936 -> 82.85.26.162:80 +Flow 5 midstream: tcp 192.168.0.103:44379 -> 82.85.26.186:80 +Flow 26 midstream: tcp 192.168.0.103:58052 -> 82.85.26.162:80 +Flow 30 midstream: tcp 192.168.0.103:58690 -> 46.33.70.159:443 +Flow 1 risky: tcp 192.168.0.103:56382 -> 173.252.107.4:443 +Flow 2 midstream: tcp 192.168.0.103:33936 -> 31.13.93.52:443 diff --git a/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out b/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out diff --git a/test/results/flow-captured/default/iphone.pcap.out b/test/results/flow-captured/default/iphone.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/iphone.pcap.out diff --git a/test/results/flow-captured/default/ipp.pcap.out b/test/results/flow-captured/default/ipp.pcap.out new file mode 100644 index 000000000..81e3094da --- /dev/null +++ b/test/results/flow-captured/default/ipp.pcap.out @@ -0,0 +1,3 @@ +Flow 2 risky: tcp 10.10.10.49:55342 -> 10.10.10.251:631 +Flow 1 risky: tcp 10.10.10.49:55341 -> 10.10.10.251:631 +Flow 3 risky: tcp 10.10.10.49:55343 -> 10.10.10.251:631 diff --git a/test/results/flow-captured/default/ipsec_isakmp_esp.pcap.out b/test/results/flow-captured/default/ipsec_isakmp_esp.pcap.out new file mode 100644 index 000000000..14323e6a2 --- /dev/null +++ b/test/results/flow-captured/default/ipsec_isakmp_esp.pcap.out @@ -0,0 +1,2 @@ +Flow 10 risky: udp 192.168.2.100:14500 -> 109.237.187.225:4500 +Flow 11 risky: udp 192.168.2.100:10500 -> 109.237.187.131:500 diff --git a/test/results/flow-captured/default/ipv6_in_gtp.pcap.out b/test/results/flow-captured/default/ipv6_in_gtp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ipv6_in_gtp.pcap.out diff --git a/test/results/flow-captured/default/irc.pcap.out b/test/results/flow-captured/default/irc.pcap.out new file mode 100644 index 000000000..ffa979fdc --- /dev/null +++ b/test/results/flow-captured/default/irc.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.180.156.249:45921 -> 38.229.70.20:8000 diff --git a/test/results/flow-captured/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/flow-captured/default/ja3_lots_of_cipher_suites.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ja3_lots_of_cipher_suites.pcap.out diff --git a/test/results/flow-captured/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/flow-captured/default/ja3_lots_of_cipher_suites_2_anon.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ja3_lots_of_cipher_suites_2_anon.pcap.out diff --git a/test/results/flow-captured/default/jabber.pcap.out b/test/results/flow-captured/default/jabber.pcap.out new file mode 100644 index 000000000..2bcc043f2 --- /dev/null +++ b/test/results/flow-captured/default/jabber.pcap.out @@ -0,0 +1,3 @@ +Flow 3 midstream: tcp 172.16.0.62:57126 -> 172.16.1.138:5222 +Flow 6 midstream: tcp 172.16.0.62:57149 -> 172.16.1.138:5222 +Flow 4 midstream: tcp 172.16.0.62:57129 -> 172.16.1.138:5222 diff --git a/test/results/flow-captured/default/kerberos-error.pcap.out b/test/results/flow-captured/default/kerberos-error.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/kerberos-error.pcap.out diff --git a/test/results/flow-captured/default/kerberos-login.pcap.out b/test/results/flow-captured/default/kerberos-login.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/kerberos-login.pcap.out diff --git a/test/results/flow-captured/default/kerberos.pcap.out b/test/results/flow-captured/default/kerberos.pcap.out new file mode 100644 index 000000000..4dc46dfe3 --- /dev/null +++ b/test/results/flow-captured/default/kerberos.pcap.out @@ -0,0 +1,7 @@ +Flow 1 midstream: tcp 172.16.8.201:49157 -> 172.16.8.8:88 +Flow 4 midstream: tcp 172.16.8.201:49160 -> 172.16.8.8:88 +Flow 8 midstream: tcp 172.16.8.201:49166 -> 172.16.8.8:88 +Flow 14 midstream: tcp 172.16.8.201:49171 -> 172.16.8.8:88 +Flow 18 midstream: tcp 172.16.8.201:49176 -> 172.16.8.8:88 +Flow 22 midstream: tcp 172.16.8.201:49181 -> 172.16.8.8:88 +Flow 27 midstream: tcp 172.16.8.201:49187 -> 172.16.8.8:88 diff --git a/test/results/flow-captured/default/kerberos_fuzz.pcapng.out b/test/results/flow-captured/default/kerberos_fuzz.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/kerberos_fuzz.pcapng.out diff --git a/test/results/flow-captured/default/kismet.pcap.out b/test/results/flow-captured/default/kismet.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/kismet.pcap.out diff --git a/test/results/flow-captured/default/kontiki.pcap.out b/test/results/flow-captured/default/kontiki.pcap.out new file mode 100644 index 000000000..ee389391f --- /dev/null +++ b/test/results/flow-captured/default/kontiki.pcap.out @@ -0,0 +1,2 @@ +Flow 3 risky: udp 10.25.32.59:19948 -> 64.200.148.86:8888 +Flow 5 risky: udp 10.25.32.59:19948 -> 64.200.148.88:80 diff --git a/test/results/flow-captured/default/line.pcap.out b/test/results/flow-captured/default/line.pcap.out new file mode 100644 index 000000000..03fb8f673 --- /dev/null +++ b/test/results/flow-captured/default/line.pcap.out @@ -0,0 +1,2 @@ +Flow 2 midstream: tcp 10.200.3.125:57841 -> 147.92.165.194:443 +Flow 3 risky: tcp 10.200.3.125:58160 -> 147.92.242.232:443 diff --git a/test/results/flow-captured/default/linecall_falsepositve.pcap.out b/test/results/flow-captured/default/linecall_falsepositve.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/linecall_falsepositve.pcap.out diff --git a/test/results/flow-captured/default/lisp_registration.pcap.out b/test/results/flow-captured/default/lisp_registration.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/lisp_registration.pcap.out diff --git a/test/results/flow-captured/default/log4j-webapp-exploit.pcap.out b/test/results/flow-captured/default/log4j-webapp-exploit.pcap.out new file mode 100644 index 000000000..f9f40ec93 --- /dev/null +++ b/test/results/flow-captured/default/log4j-webapp-exploit.pcap.out @@ -0,0 +1,5 @@ +Flow 5 risky: tcp 172.16.238.10:57742 -> 172.16.238.11:1389 +Flow 1 risky: tcp 172.16.238.1:1984 -> 172.16.238.10:8080 +Flow 3 risky: tcp 172.16.238.10:48444 -> 172.16.238.11:80 +Flow 6 risky: tcp 172.16.238.10:48534 -> 172.16.238.11:80 +Flow 2 risky: tcp 172.16.238.10:57650 -> 172.16.238.11:1389 diff --git a/test/results/flow-captured/default/long_tls_certificate.pcap.out b/test/results/flow-captured/default/long_tls_certificate.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/long_tls_certificate.pcap.out diff --git a/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out b/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out new file mode 100644 index 000000000..79c0e80d8 --- /dev/null +++ b/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881 -> 3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27:60506 +Flow 3 risky: udp 2a2f:8509:1cb2:466d:ecbf:69d6:109c:608:62229 -> 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881 diff --git a/test/results/flow-captured/default/malformed_dns.pcap.out b/test/results/flow-captured/default/malformed_dns.pcap.out new file mode 100644 index 000000000..392b85044 --- /dev/null +++ b/test/results/flow-captured/default/malformed_dns.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 127.0.0.1:50435 -> 127.0.0.1:53 diff --git a/test/results/flow-captured/default/malformed_icmp.pcap.out b/test/results/flow-captured/default/malformed_icmp.pcap.out new file mode 100644 index 000000000..b0a82a373 --- /dev/null +++ b/test/results/flow-captured/default/malformed_icmp.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: icmp 218.152.179.213 -> 218.152.179.54 diff --git a/test/results/flow-captured/default/malware.pcap.out b/test/results/flow-captured/default/malware.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/malware.pcap.out diff --git a/test/results/flow-captured/default/memcached.cap.out b/test/results/flow-captured/default/memcached.cap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/memcached.cap.out diff --git a/test/results/flow-captured/default/merakicloud.pcapng.out b/test/results/flow-captured/default/merakicloud.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/merakicloud.pcapng.out diff --git a/test/results/flow-captured/default/mgcp.pcap.out b/test/results/flow-captured/default/mgcp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mgcp.pcap.out diff --git a/test/results/flow-captured/default/modbus.pcap.out b/test/results/flow-captured/default/modbus.pcap.out new file mode 100644 index 000000000..92aa2f084 --- /dev/null +++ b/test/results/flow-captured/default/modbus.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.110.131:2074 -> 192.168.110.138:502 diff --git a/test/results/flow-captured/default/monero.pcap.out b/test/results/flow-captured/default/monero.pcap.out new file mode 100644 index 000000000..007f6106f --- /dev/null +++ b/test/results/flow-captured/default/monero.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.2.148:46838 -> 94.23.199.191:3333 +Flow 2 risky: tcp 192.168.2.148:53846 -> 116.211.167.195:3333 diff --git a/test/results/flow-captured/default/mongo_false_positive.pcapng.out b/test/results/flow-captured/default/mongo_false_positive.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mongo_false_positive.pcapng.out diff --git a/test/results/flow-captured/default/mongodb.pcap.out b/test/results/flow-captured/default/mongodb.pcap.out new file mode 100644 index 000000000..a3a4febda --- /dev/null +++ b/test/results/flow-captured/default/mongodb.pcap.out @@ -0,0 +1 @@ +Flow 5 risky: tcp 10.10.10.18:64566 -> 10.10.10.19:30000 diff --git a/test/results/flow-captured/default/mpeg-dash.pcap.out b/test/results/flow-captured/default/mpeg-dash.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mpeg-dash.pcap.out diff --git a/test/results/flow-captured/default/mpeg.pcap.out b/test/results/flow-captured/default/mpeg.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mpeg.pcap.out diff --git a/test/results/flow-captured/default/mpegts.pcap.out b/test/results/flow-captured/default/mpegts.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mpegts.pcap.out diff --git a/test/results/flow-captured/default/mqtt.pcap.out b/test/results/flow-captured/default/mqtt.pcap.out new file mode 100644 index 000000000..3d37db6a1 --- /dev/null +++ b/test/results/flow-captured/default/mqtt.pcap.out @@ -0,0 +1 @@ +Flow 2 midstream: tcp 100.67.35.238:35035 -> 51.137.28.239:1883 diff --git a/test/results/flow-captured/default/mssql_tds.pcap.out b/test/results/flow-captured/default/mssql_tds.pcap.out new file mode 100644 index 000000000..d4890f968 --- /dev/null +++ b/test/results/flow-captured/default/mssql_tds.pcap.out @@ -0,0 +1,11 @@ +Flow 1 midstream: tcp 10.111.111.111:1111 -> 10.0.0.1:1433 +Flow 10 midstream: tcp 10.111.111.111:11111 -> 10.0.0.1:1433 +Flow 3 midstream: tcp 10.111.111.111:3333 -> 10.0.0.1:1433 +Flow 5 midstream: tcp 10.111.111.111:5555 -> 10.0.0.1:1433 +Flow 7 midstream: tcp 10.111.111.111:7777 -> 10.0.0.1:1433 +Flow 11 midstream: tcp 10.111.111.111:22222 -> 10.0.0.1:1433 +Flow 9 midstream: tcp 10.111.111.111:9999 -> 10.0.0.1:1433 +Flow 2 midstream: tcp 10.111.111.111:2222 -> 10.0.0.1:1433 +Flow 4 midstream: tcp 10.111.111.111:4444 -> 10.0.0.1:1433 +Flow 12 midstream: tcp 10.111.111.111:33333 -> 10.0.0.1:1433 +Flow 8 midstream: tcp 10.111.111.111:8888 -> 10.0.0.1:1433 diff --git a/test/results/flow-captured/default/mullvad_dns.pcap.out b/test/results/flow-captured/default/mullvad_dns.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mullvad_dns.pcap.out diff --git a/test/results/flow-captured/default/mullvad_wireguard.pcap.out b/test/results/flow-captured/default/mullvad_wireguard.pcap.out new file mode 100644 index 000000000..50b22645f --- /dev/null +++ b/test/results/flow-captured/default/mullvad_wireguard.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.122.11:22595 -> 198.54.131.98:5060 diff --git a/test/results/flow-captured/default/munin.pcap.out b/test/results/flow-captured/default/munin.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/munin.pcap.out diff --git a/test/results/flow-captured/default/mysql-8.pcap.out b/test/results/flow-captured/default/mysql-8.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mysql-8.pcap.out diff --git a/test/results/flow-captured/default/natpmp.pcap.out b/test/results/flow-captured/default/natpmp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/natpmp.pcap.out diff --git a/test/results/flow-captured/default/nats.pcap.out b/test/results/flow-captured/default/nats.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/nats.pcap.out diff --git a/test/results/flow-captured/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/flow-captured/default/ndpi_match_string_subprotocol__error.pcapng.out new file mode 100644 index 000000000..e70ca0572 --- /dev/null +++ b/test/results/flow-captured/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.3.9.19:40632 -> 10.68.137.118:8091 diff --git a/test/results/flow-captured/default/nest_log_sink.pcap.out b/test/results/flow-captured/default/nest_log_sink.pcap.out new file mode 100644 index 000000000..6c40f7682 --- /dev/null +++ b/test/results/flow-captured/default/nest_log_sink.pcap.out @@ -0,0 +1,3 @@ +Flow 1 guessed: tcp 192.168.242.15:63340 -> 35.174.82.237:11095 +Flow 1 midstream: tcp 192.168.242.15:63340 -> 35.174.82.237:11095 +Flow 10 risky: udp 192.168.242.15:52849 -> 192.168.242.1:53 diff --git a/test/results/flow-captured/default/netbios.pcap.out b/test/results/flow-captured/default/netbios.pcap.out new file mode 100644 index 000000000..f61a5ea26 --- /dev/null +++ b/test/results/flow-captured/default/netbios.pcap.out @@ -0,0 +1,2 @@ +Flow 3 risky: udp 10.0.5.9:138 -> 10.0.5.255:138 +Flow 12 risky: udp 10.0.5.93:138 -> 10.0.5.255:138 diff --git a/test/results/flow-captured/default/netbios_wildcard_dns_query.pcap.out b/test/results/flow-captured/default/netbios_wildcard_dns_query.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/netbios_wildcard_dns_query.pcap.out diff --git a/test/results/flow-captured/default/netflix.pcap.out b/test/results/flow-captured/default/netflix.pcap.out new file mode 100644 index 000000000..2b4cb701c --- /dev/null +++ b/test/results/flow-captured/default/netflix.pcap.out @@ -0,0 +1,28 @@ +Flow 30 risky: tcp 192.168.1.7:53163 -> 23.246.11.145:80 +Flow 32 risky: tcp 192.168.1.7:53171 -> 23.246.3.140:80 +Flow 41 risky: tcp 192.168.1.7:53180 -> 23.246.11.141:80 +Flow 38 risky: tcp 192.168.1.7:53177 -> 23.246.11.141:80 +Flow 36 risky: tcp 192.168.1.7:53175 -> 23.246.11.141:80 +Flow 34 risky: tcp 192.168.1.7:53173 -> 23.246.11.133:80 +Flow 43 risky: tcp 192.168.1.7:53182 -> 23.246.11.141:80 +Flow 35 risky: tcp 192.168.1.7:53174 -> 23.246.11.141:80 +Flow 42 risky: tcp 192.168.1.7:53181 -> 23.246.11.141:80 +Flow 33 risky: tcp 192.168.1.7:53172 -> 23.246.11.133:80 +Flow 39 risky: tcp 192.168.1.7:53178 -> 23.246.11.141:80 +Flow 40 risky: tcp 192.168.1.7:53179 -> 23.246.11.141:80 +Flow 37 risky: tcp 192.168.1.7:53176 -> 23.246.11.141:80 +Flow 44 risky: tcp 192.168.1.7:53183 -> 23.246.3.140:80 +Flow 2 risky: udp 192.168.1.7:51543 -> 192.168.1.1:53 +Flow 57 risky: tcp 192.168.1.7:53249 -> 52.41.30.5:443 +Flow 47 risky: tcp 192.168.1.7:53202 -> 54.191.17.51:443 +Flow 8 risky: tcp 192.168.1.7:53117 -> 52.32.196.36:443 +Flow 28 risky: tcp 192.168.1.7:53153 -> 184.25.204.24:80 +Flow 14 risky: tcp 192.168.1.7:53132 -> 52.89.39.139:443 +Flow 15 risky: tcp 192.168.1.7:53133 -> 52.89.39.139:443 +Flow 16 risky: tcp 192.168.1.7:53134 -> 52.89.39.139:443 +Flow 52 risky: udp 192.168.1.7:51622 -> 192.168.1.1:53 +Flow 58 risky: tcp 192.168.1.7:53250 -> 52.41.30.5:443 +Flow 31 risky: tcp 192.168.1.7:53164 -> 23.246.10.139:80 +Flow 45 risky: tcp 192.168.1.7:53184 -> 23.246.11.141:80 +Flow 50 risky: tcp 192.168.1.7:53210 -> 23.246.11.133:80 +Flow 51 risky: tcp 192.168.1.7:53217 -> 23.246.11.141:80 diff --git a/test/results/flow-captured/default/netflow-fritz.pcap.out b/test/results/flow-captured/default/netflow-fritz.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/netflow-fritz.pcap.out diff --git a/test/results/flow-captured/default/netflowv9.pcap.out b/test/results/flow-captured/default/netflowv9.pcap.out new file mode 100644 index 000000000..4d62d7491 --- /dev/null +++ b/test/results/flow-captured/default/netflowv9.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.2.134:48629 -> 192.168.2.222:2057 diff --git a/test/results/flow-captured/default/nfsv2.pcap.out b/test/results/flow-captured/default/nfsv2.pcap.out new file mode 100644 index 000000000..0f5483abe --- /dev/null +++ b/test/results/flow-captured/default/nfsv2.pcap.out @@ -0,0 +1,5 @@ +Flow 1 risky: udp 139.25.22.2:3289 -> 139.25.22.102:111 +Flow 3 risky: udp 139.25.22.2:3291 -> 139.25.22.102:111 +Flow 6 risky: udp 139.25.22.2:3293 -> 139.25.22.102:111 +Flow 2 risky: udp 139.25.22.2:671 -> 139.25.22.102:1048 +Flow 7 risky: udp 139.25.22.2:686 -> 139.25.22.102:1048 diff --git a/test/results/flow-captured/default/nfsv3.pcap.out b/test/results/flow-captured/default/nfsv3.pcap.out new file mode 100644 index 000000000..8c97e0992 --- /dev/null +++ b/test/results/flow-captured/default/nfsv3.pcap.out @@ -0,0 +1,6 @@ +Flow 1 risky: udp 139.25.22.2:3295 -> 139.25.22.102:111 +Flow 4 risky: udp 139.25.22.2:3297 -> 139.25.22.102:111 +Flow 7 risky: udp 139.25.22.2:3299 -> 139.25.22.102:111 +Flow 3 risky: udp 139.25.22.2:706 -> 139.25.22.102:1048 +Flow 8 risky: udp 139.25.22.2:722 -> 139.25.22.102:1048 +Flow 2 risky: udp 139.25.22.2:3296 -> 139.25.22.102:1048 diff --git a/test/results/flow-captured/default/nintendo.pcap.out b/test/results/flow-captured/default/nintendo.pcap.out new file mode 100644 index 000000000..ff0ee8d8c --- /dev/null +++ b/test/results/flow-captured/default/nintendo.pcap.out @@ -0,0 +1 @@ +Flow 4 midstream: tcp 54.187.10.185:443 -> 192.168.12.114:48328 diff --git a/test/results/flow-captured/default/nntp.pcap.out b/test/results/flow-captured/default/nntp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/nntp.pcap.out diff --git a/test/results/flow-captured/default/no_sni.pcap.out b/test/results/flow-captured/default/no_sni.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/no_sni.pcap.out diff --git a/test/results/flow-captured/default/ocs.pcap.out b/test/results/flow-captured/default/ocs.pcap.out new file mode 100644 index 000000000..90f35e706 --- /dev/null +++ b/test/results/flow-captured/default/ocs.pcap.out @@ -0,0 +1,7 @@ +Flow 13 risky: tcp 192.168.180.2:49881 -> 178.248.208.54:80 +Flow 20 risky: tcp 192.168.180.2:42590 -> 178.248.208.210:80 +Flow 6 risky: tcp 192.168.180.2:39263 -> 23.21.230.199:443 +Flow 15 risky: tcp 192.168.180.2:36680 -> 178.248.208.54:443 +Flow 16 risky: tcp 192.168.180.2:32946 -> 64.233.184.188:443 +Flow 10 risky: tcp 192.168.180.2:41223 -> 216.58.208.46:443 +Flow 18 risky: tcp 192.168.180.2:47803 -> 64.233.166.95:443 diff --git a/test/results/flow-captured/default/ocsp.pcapng.out b/test/results/flow-captured/default/ocsp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ocsp.pcapng.out diff --git a/test/results/flow-captured/default/oicq.pcap.out b/test/results/flow-captured/default/oicq.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/oicq.pcap.out diff --git a/test/results/flow-captured/default/ookla.pcap.out b/test/results/flow-captured/default/ookla.pcap.out new file mode 100644 index 000000000..76a45ed58 --- /dev/null +++ b/test/results/flow-captured/default/ookla.pcap.out @@ -0,0 +1,2 @@ +Flow 3 risky: tcp 192.168.1.7:51207 -> 46.44.253.187:80 +Flow 6 risky: tcp 192.168.1.128:35830 -> 89.96.108.170:8080 diff --git a/test/results/flow-captured/default/openvpn.pcap.out b/test/results/flow-captured/default/openvpn.pcap.out new file mode 100644 index 000000000..b1269c92d --- /dev/null +++ b/test/results/flow-captured/default/openvpn.pcap.out @@ -0,0 +1,3 @@ +Flow 1 risky: tcp 192.168.1.77:60140 -> 46.101.231.218:443 +Flow 2 risky: udp 192.168.43.12:41507 -> 139.59.151.137:13680 +Flow 3 risky: udp 192.168.43.18:13680 -> 139.59.151.137:13680 diff --git a/test/results/flow-captured/default/opera-vpn.pcapng.out b/test/results/flow-captured/default/opera-vpn.pcapng.out new file mode 100644 index 000000000..cc77e416b --- /dev/null +++ b/test/results/flow-captured/default/opera-vpn.pcapng.out @@ -0,0 +1 @@ +Flow 32 risky: tcp 192.168.1.29:51429 -> 77.111.247.69:443 diff --git a/test/results/flow-captured/default/oracle12.pcapng.out b/test/results/flow-captured/default/oracle12.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/oracle12.pcapng.out diff --git a/test/results/flow-captured/default/os_detected.pcapng.out b/test/results/flow-captured/default/os_detected.pcapng.out new file mode 100644 index 000000000..669422d95 --- /dev/null +++ b/test/results/flow-captured/default/os_detected.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.128:39821 -> 8.8.8.8:443 diff --git a/test/results/flow-captured/default/ospfv2_add_new_prefix.pcap.out b/test/results/flow-captured/default/ospfv2_add_new_prefix.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ospfv2_add_new_prefix.pcap.out diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out new file mode 100644 index 000000000..a36692a5b --- /dev/null +++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -0,0 +1,13 @@ +Flow 2 risky: udp 127.0.0.1:1119 -> 127.0.0.1:1120 +Flow 4 risky: tcp 192.168.1.128:1 -> 121.254.200.130:1119 +Flow 4 midstream: tcp 192.168.1.128:1 -> 121.254.200.130:1119 +Flow 6 risky: tcp 192.168.1.128:1 -> 12.129.236.254:1119 +Flow 6 midstream: tcp 192.168.1.128:1 -> 12.129.236.254:1119 +Flow 3 risky: tcp 192.168.1.128:1 -> 12.129.206.130:1119 +Flow 3 midstream: tcp 192.168.1.128:1 -> 12.129.206.130:1119 +Flow 5 risky: tcp 192.168.1.128:1 -> 202.9.66.76:1119 +Flow 5 midstream: tcp 192.168.1.128:1 -> 202.9.66.76:1119 +Flow 9 risky: tcp 192.168.1.128:1 -> 1.2.3.4:10 +Flow 9 midstream: tcp 192.168.1.128:1 -> 1.2.3.4:10 +Flow 10 risky: tcp 192.168.1.128:1 -> 1.2.3.4:11 +Flow 10 midstream: tcp 192.168.1.128:1 -> 1.2.3.4:11 diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_3.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_3.pcapng.out diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_4.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_4.pcapng.out diff --git a/test/results/flow-captured/default/pgm.pcap.out b/test/results/flow-captured/default/pgm.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pgm.pcap.out diff --git a/test/results/flow-captured/default/pgsql.pcap.out b/test/results/flow-captured/default/pgsql.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pgsql.pcap.out diff --git a/test/results/flow-captured/default/pim.pcap.out b/test/results/flow-captured/default/pim.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pim.pcap.out diff --git a/test/results/flow-captured/default/pinterest.pcap.out b/test/results/flow-captured/default/pinterest.pcap.out new file mode 100644 index 000000000..0387bd20d --- /dev/null +++ b/test/results/flow-captured/default/pinterest.pcap.out @@ -0,0 +1,2 @@ +Flow 22 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43562 -> 2a00:1450:4007:805::2003:443 +Flow 22 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43562 -> 2a00:1450:4007:805::2003:443 diff --git a/test/results/flow-captured/default/pluralsight.pcap.out b/test/results/flow-captured/default/pluralsight.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pluralsight.pcap.out diff --git a/test/results/flow-captured/default/pop3.pcap.out b/test/results/flow-captured/default/pop3.pcap.out new file mode 100644 index 000000000..23e99f27c --- /dev/null +++ b/test/results/flow-captured/default/pop3.pcap.out @@ -0,0 +1,4 @@ +Flow 1 risky: tcp 143.225.229.181:35287 -> 74.208.5.28:110 +Flow 6 risky: tcp 192.168.0.4:26383 -> 212.227.15.166:110 +Flow 3 risky: tcp 192.168.0.4:26284 -> 212.227.15.166:110 +Flow 5 risky: tcp 192.168.0.4:26308 -> 212.227.15.166:110 diff --git a/test/results/flow-captured/default/pop3_stls.pcap.out b/test/results/flow-captured/default/pop3_stls.pcap.out new file mode 100644 index 000000000..1952fafdc --- /dev/null +++ b/test/results/flow-captured/default/pop3_stls.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.20.18:50583 -> 72.249.41.52:110 diff --git a/test/results/flow-captured/default/pops.pcapng.out b/test/results/flow-captured/default/pops.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pops.pcapng.out diff --git a/test/results/flow-captured/default/pps.pcap.out b/test/results/flow-captured/default/pps.pcap.out new file mode 100644 index 000000000..73e527fd0 --- /dev/null +++ b/test/results/flow-captured/default/pps.pcap.out @@ -0,0 +1,97 @@ +Flow 54 risky: tcp 192.168.115.8:50486 -> 77.234.40.96:80 +Flow 54 midstream: tcp 192.168.115.8:50486 -> 77.234.40.96:80 +Flow 64 risky: tcp 192.168.5.15:65127 -> 68.233.253.133:80 +Flow 64 midstream: tcp 192.168.5.15:65127 -> 68.233.253.133:80 +Flow 78 risky: tcp 192.168.5.15:65128 -> 68.233.253.133:80 +Flow 78 midstream: tcp 192.168.5.15:65128 -> 68.233.253.133:80 +Flow 39 midstream: tcp 192.168.115.8:50466 -> 203.66.182.24:80 +Flow 57 midstream: tcp 192.168.115.8:50488 -> 223.26.106.20:80 +Flow 60 risky: tcp 192.168.115.8:50491 -> 223.26.106.66:80 +Flow 60 midstream: tcp 192.168.115.8:50491 -> 223.26.106.66:80 +Flow 63 risky: tcp 192.168.115.8:50494 -> 223.26.106.66:80 +Flow 63 midstream: tcp 192.168.115.8:50494 -> 223.26.106.66:80 +Flow 81 risky: tcp 192.168.115.8:50505 -> 223.26.106.19:80 +Flow 81 midstream: tcp 192.168.115.8:50505 -> 223.26.106.19:80 +Flow 85 risky: tcp 192.168.115.8:50507 -> 223.26.106.19:80 +Flow 85 midstream: tcp 192.168.115.8:50507 -> 223.26.106.19:80 +Flow 88 risky: tcp 192.168.115.8:50508 -> 223.26.106.19:80 +Flow 88 midstream: tcp 192.168.115.8:50508 -> 223.26.106.19:80 +Flow 37 risky: tcp 192.168.115.8:50463 -> 101.227.200.11:80 +Flow 37 midstream: tcp 192.168.115.8:50463 -> 101.227.200.11:80 +Flow 47 risky: tcp 192.168.115.8:50476 -> 101.227.32.39:80 +Flow 47 midstream: tcp 192.168.115.8:50476 -> 101.227.32.39:80 +Flow 67 risky: tcp 192.168.115.8:50496 -> 101.227.200.11:80 +Flow 67 midstream: tcp 192.168.115.8:50496 -> 101.227.200.11:80 +Flow 90 risky: tcp 192.168.115.8:50766 -> 223.26.106.20:80 +Flow 90 midstream: tcp 192.168.115.8:50766 -> 223.26.106.20:80 +Flow 91 risky: tcp 192.168.115.8:50767 -> 223.26.106.20:80 +Flow 91 midstream: tcp 192.168.115.8:50767 -> 223.26.106.20:80 +Flow 93 risky: tcp 192.168.115.8:50768 -> 223.26.106.19:80 +Flow 93 midstream: tcp 192.168.115.8:50768 -> 223.26.106.19:80 +Flow 102 midstream: tcp 192.168.115.8:50778 -> 223.26.106.20:80 +Flow 105 midstream: tcp 192.168.115.8:50780 -> 223.26.106.20:80 +Flow 58 risky: tcp 192.168.115.8:50489 -> 119.188.13.188:80 +Flow 58 midstream: tcp 192.168.115.8:50489 -> 119.188.13.188:80 +Flow 59 risky: tcp 192.168.115.8:50490 -> 119.188.13.188:80 +Flow 59 midstream: tcp 192.168.115.8:50490 -> 119.188.13.188:80 +Flow 94 risky: tcp 192.168.115.8:50769 -> 101.227.200.11:80 +Flow 94 midstream: tcp 192.168.115.8:50769 -> 101.227.200.11:80 +Flow 40 risky: tcp 192.168.115.8:50467 -> 202.108.14.219:80 +Flow 40 midstream: tcp 192.168.115.8:50467 -> 202.108.14.219:80 +Flow 41 risky: tcp 192.168.115.8:50469 -> 202.108.14.219:80 +Flow 41 midstream: tcp 192.168.115.8:50469 -> 202.108.14.219:80 +Flow 42 risky: tcp 192.168.115.8:50470 -> 202.108.14.236:80 +Flow 42 midstream: tcp 192.168.115.8:50470 -> 202.108.14.236:80 +Flow 43 risky: tcp 192.168.115.8:50471 -> 202.108.14.236:80 +Flow 43 midstream: tcp 192.168.115.8:50471 -> 202.108.14.236:80 +Flow 46 risky: tcp 192.168.115.8:50473 -> 202.108.14.219:80 +Flow 46 midstream: tcp 192.168.115.8:50473 -> 202.108.14.219:80 +Flow 44 risky: tcp 192.168.115.8:50474 -> 202.108.14.221:80 +Flow 44 midstream: tcp 192.168.115.8:50474 -> 202.108.14.221:80 +Flow 45 risky: tcp 192.168.115.8:50475 -> 202.108.14.236:80 +Flow 45 midstream: tcp 192.168.115.8:50475 -> 202.108.14.236:80 +Flow 48 risky: tcp 192.168.115.8:50477 -> 202.108.14.219:80 +Flow 48 midstream: tcp 192.168.115.8:50477 -> 202.108.14.219:80 +Flow 51 risky: tcp 192.168.115.8:50483 -> 202.108.14.219:80 +Flow 51 midstream: tcp 192.168.115.8:50483 -> 202.108.14.219:80 +Flow 52 risky: tcp 192.168.115.8:50484 -> 202.108.14.219:80 +Flow 52 midstream: tcp 192.168.115.8:50484 -> 202.108.14.219:80 +Flow 53 risky: tcp 192.168.115.8:50485 -> 202.108.14.236:80 +Flow 53 midstream: tcp 192.168.115.8:50485 -> 202.108.14.236:80 +Flow 62 risky: tcp 192.168.115.8:50493 -> 202.108.14.236:80 +Flow 62 midstream: tcp 192.168.115.8:50493 -> 202.108.14.236:80 +Flow 66 risky: tcp 192.168.115.8:50495 -> 202.108.14.236:80 +Flow 66 midstream: tcp 192.168.115.8:50495 -> 202.108.14.236:80 +Flow 74 risky: tcp 192.168.115.8:50501 -> 202.108.14.236:80 +Flow 74 midstream: tcp 192.168.115.8:50501 -> 202.108.14.236:80 +Flow 76 risky: tcp 192.168.115.8:50502 -> 202.108.14.236:80 +Flow 76 midstream: tcp 192.168.115.8:50502 -> 202.108.14.236:80 +Flow 79 risky: tcp 192.168.115.8:50503 -> 202.108.14.219:80 +Flow 79 midstream: tcp 192.168.115.8:50503 -> 202.108.14.219:80 +Flow 38 midstream: tcp 192.168.115.8:50464 -> 123.125.112.49:80 +Flow 68 midstream: tcp 192.168.115.8:50497 -> 123.125.112.49:80 +Flow 50 midstream: tcp 192.168.115.8:50482 -> 140.205.243.64:80 +Flow 95 risky: tcp 192.168.115.8:50771 -> 202.108.14.236:80 +Flow 95 midstream: tcp 192.168.115.8:50771 -> 202.108.14.236:80 +Flow 97 risky: tcp 192.168.115.8:50773 -> 202.108.14.221:80 +Flow 97 midstream: tcp 192.168.115.8:50773 -> 202.108.14.221:80 +Flow 99 risky: tcp 192.168.115.8:50774 -> 202.108.14.219:80 +Flow 99 midstream: tcp 192.168.115.8:50774 -> 202.108.14.219:80 +Flow 71 risky: tcp 192.168.115.8:50498 -> 36.110.220.15:80 +Flow 71 midstream: tcp 192.168.115.8:50498 -> 36.110.220.15:80 +Flow 61 risky: tcp 192.168.115.8:50492 -> 111.206.13.3:80 +Flow 61 midstream: tcp 192.168.115.8:50492 -> 111.206.13.3:80 +Flow 72 risky: tcp 192.168.115.8:50499 -> 111.206.22.76:80 +Flow 72 midstream: tcp 192.168.115.8:50499 -> 111.206.22.76:80 +Flow 89 midstream: tcp 192.168.115.8:50509 -> 106.38.219.107:80 +Flow 96 midstream: tcp 192.168.115.8:50772 -> 123.125.111.70:80 +Flow 98 midstream: tcp 192.168.115.8:50775 -> 123.125.111.70:80 +Flow 92 risky: tcp 192.168.115.8:50765 -> 36.110.220.15:80 +Flow 92 midstream: tcp 192.168.115.8:50765 -> 36.110.220.15:80 +Flow 100 risky: tcp 192.168.115.8:50776 -> 111.206.22.77:80 +Flow 100 midstream: tcp 192.168.115.8:50776 -> 111.206.22.77:80 +Flow 101 risky: tcp 192.168.115.8:50777 -> 111.206.22.77:80 +Flow 101 midstream: tcp 192.168.115.8:50777 -> 111.206.22.77:80 +Flow 104 risky: tcp 192.168.115.8:50779 -> 111.206.22.77:80 +Flow 104 midstream: tcp 192.168.115.8:50779 -> 111.206.22.77:80 +Flow 73 midstream: tcp 192.168.115.8:50500 -> 23.41.133.163:80 diff --git a/test/results/flow-captured/default/pptp.pcap.out b/test/results/flow-captured/default/pptp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pptp.pcap.out diff --git a/test/results/flow-captured/default/protobuf.pcap.out b/test/results/flow-captured/default/protobuf.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/protobuf.pcap.out diff --git a/test/results/flow-captured/default/protonvpn.pcap.out b/test/results/flow-captured/default/protonvpn.pcap.out new file mode 100644 index 000000000..7cce13929 --- /dev/null +++ b/test/results/flow-captured/default/protonvpn.pcap.out @@ -0,0 +1 @@ +Flow 2 risky: udp 10.0.2.15:57701 -> 217.23.3.76:443 diff --git a/test/results/flow-captured/default/psiphon3.pcap.out b/test/results/flow-captured/default/psiphon3.pcap.out new file mode 100644 index 000000000..910fc73c4 --- /dev/null +++ b/test/results/flow-captured/default/psiphon3.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.103:40557 -> 104.18.151.190:443 diff --git a/test/results/flow-captured/default/punycode-idn.pcap.out b/test/results/flow-captured/default/punycode-idn.pcap.out new file mode 100644 index 000000000..3e939ada6 --- /dev/null +++ b/test/results/flow-captured/default/punycode-idn.pcap.out @@ -0,0 +1 @@ +Flow 3 risky: tcp 192.168.2.140:56011 -> 170.33.9.230:80 diff --git a/test/results/flow-captured/default/quic-23.pcap.out b/test/results/flow-captured/default/quic-23.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-23.pcap.out diff --git a/test/results/flow-captured/default/quic-24.pcap.out b/test/results/flow-captured/default/quic-24.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-24.pcap.out diff --git a/test/results/flow-captured/default/quic-27.pcap.out b/test/results/flow-captured/default/quic-27.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-27.pcap.out diff --git a/test/results/flow-captured/default/quic-28.pcap.out b/test/results/flow-captured/default/quic-28.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-28.pcap.out diff --git a/test/results/flow-captured/default/quic-29.pcap.out b/test/results/flow-captured/default/quic-29.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-29.pcap.out diff --git a/test/results/flow-captured/default/quic-33.pcapng.out b/test/results/flow-captured/default/quic-33.pcapng.out new file mode 100644 index 000000000..04495fe36 --- /dev/null +++ b/test/results/flow-captured/default/quic-33.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp ::1:51430 -> ::1:4443 diff --git a/test/results/flow-captured/default/quic-34.pcap.out b/test/results/flow-captured/default/quic-34.pcap.out new file mode 100644 index 000000000..db9c8160e --- /dev/null +++ b/test/results/flow-captured/default/quic-34.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.56.1:55880 -> 192.168.56.198:4443 diff --git a/test/results/flow-captured/default/quic-forcing-vn-with-data.pcapng.out b/test/results/flow-captured/default/quic-forcing-vn-with-data.pcapng.out new file mode 100644 index 000000000..6a938acab --- /dev/null +++ b/test/results/flow-captured/default/quic-forcing-vn-with-data.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.56.103:55523 -> 192.168.56.104:4433 diff --git a/test/results/flow-captured/default/quic-fuzz-overflow.pcapng.out b/test/results/flow-captured/default/quic-fuzz-overflow.pcapng.out new file mode 100644 index 000000000..dfb714c6f --- /dev/null +++ b/test/results/flow-captured/default/quic-fuzz-overflow.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 255.255.255.255:8224 -> 255.255.255.32:8224 diff --git a/test/results/flow-captured/default/quic-mvfst-22.pcap.out b/test/results/flow-captured/default/quic-mvfst-22.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-mvfst-22.pcap.out diff --git a/test/results/flow-captured/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/flow-captured/default/quic-mvfst-22_decryption_error.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-mvfst-22_decryption_error.pcap.out diff --git a/test/results/flow-captured/default/quic-mvfst-27.pcapng.out b/test/results/flow-captured/default/quic-mvfst-27.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-mvfst-27.pcapng.out diff --git a/test/results/flow-captured/default/quic-mvfst-exp.pcap.out b/test/results/flow-captured/default/quic-mvfst-exp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-mvfst-exp.pcap.out diff --git a/test/results/flow-captured/default/quic-v2.pcapng.out b/test/results/flow-captured/default/quic-v2.pcapng.out new file mode 100644 index 000000000..160408163 --- /dev/null +++ b/test/results/flow-captured/default/quic-v2.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp ::1:42086 -> ::1:4443 diff --git a/test/results/flow-captured/default/quic.pcap.out b/test/results/flow-captured/default/quic.pcap.out new file mode 100644 index 000000000..5494eefc1 --- /dev/null +++ b/test/results/flow-captured/default/quic.pcap.out @@ -0,0 +1 @@ +Flow 2 risky: udp 10.0.0.4:40134 -> 10.0.0.3:6121 diff --git a/test/results/flow-captured/default/quic046.pcap.out b/test/results/flow-captured/default/quic046.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic046.pcap.out diff --git a/test/results/flow-captured/default/quic_0RTT.pcap.out b/test/results/flow-captured/default/quic_0RTT.pcap.out new file mode 100644 index 000000000..82a581b30 --- /dev/null +++ b/test/results/flow-captured/default/quic_0RTT.pcap.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 192.168.2.100:51972 -> 142.250.181.227:443 +Flow 1 risky: udp ::1:60459 -> ::1:4443 diff --git a/test/results/flow-captured/default/quic_cc_ack.pcapng.out b/test/results/flow-captured/default/quic_cc_ack.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_cc_ack.pcapng.out diff --git a/test/results/flow-captured/default/quic_crypto_aes_auth_size.pcap.out b/test/results/flow-captured/default/quic_crypto_aes_auth_size.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_crypto_aes_auth_size.pcap.out diff --git a/test/results/flow-captured/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/flow-captured/default/quic_frags_ch_in_multiple_packets.pcapng.out new file mode 100644 index 000000000..f4fbad9ba --- /dev/null +++ b/test/results/flow-captured/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp ::1:58822 -> ::1:4443 diff --git a/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out diff --git a/test/results/flow-captured/default/quic_interop_V.pcapng.out b/test/results/flow-captured/default/quic_interop_V.pcapng.out new file mode 100644 index 000000000..a3bfc5fcb --- /dev/null +++ b/test/results/flow-captured/default/quic_interop_V.pcapng.out @@ -0,0 +1,36 @@ +Flow 21 risky: udp 192.168.1.128:59171 -> 193.190.10.98:4433 +Flow 8 risky: udp 192.168.1.128:46576 -> 40.112.191.60:4433 +Flow 34 risky: icmp 131.159.24.198 -> 192.168.1.128 +Flow 1 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:38077 -> 2400:8902::f03c:91ff:fe69:a454:443 +Flow 13 risky: udp 192.168.1.128:60784 -> 3.121.242.54:4433 +Flow 38 risky: udp 192.168.1.128:50289 -> 71.202.41.169:4434 +Flow 15 risky: udp 192.168.1.128:34511 -> 131.159.24.198:443 +Flow 45 risky: udp 192.168.1.128:59515 -> 193.190.10.98:4434 +Flow 31 risky: udp 192.168.1.128:38933 -> 202.238.220.92:443 +Flow 26 risky: udp 192.168.1.128:37784 -> 140.227.52.92:443 +Flow 11 risky: icmp 3.121.242.54 -> 192.168.1.128 +Flow 56 risky: udp 192.168.1.128:39975 -> 138.91.188.147:443 +Flow 52 risky: udp 192.168.1.128:35263 -> 202.238.220.92:4434 +Flow 55 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:44924 -> 2400:8902::f03c:91ff:fe69:a454:4434 +Flow 36 risky: udp 192.168.1.128:42456 -> 133.242.206.244:443 +Flow 75 risky: icmp 133.242.206.244 -> 192.168.1.128 +Flow 28 risky: udp 192.168.1.128:49658 -> 193.190.10.98:443 +Flow 62 risky: udp 192.168.1.128:42468 -> 138.91.188.147:4433 +Flow 57 risky: udp 192.168.1.128:50705 -> 138.91.188.147:4434 +Flow 64 risky: udp 192.168.1.128:53402 -> 3.121.242.54:4434 +Flow 48 risky: udp 192.168.1.128:44619 -> 140.227.52.92:4433 +Flow 44 risky: udp 192.168.1.128:53791 -> 40.112.191.60:4434 +Flow 18 risky: udp 192.168.1.128:49151 -> 133.242.206.244:4433 +Flow 12 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:32957 -> 2606:4700:10::6816:826:4433 +Flow 72 risky: icmp 18.189.84.245 -> 192.168.1.128 +Flow 47 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:46242 -> 2600:1f18:2310:d230:5103:7d9e:7d75:374f:443 +Flow 10 risky: udp 192.168.1.128:38366 -> 202.238.220.92:4433 +Flow 23 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:56213 -> 2400:8902::f03c:91ff:fe69:a454:4433 +Flow 30 risky: icmp 51.158.105.98 -> 192.168.1.128 +Flow 25 risky: udp 192.168.1.128:37661 -> 71.202.41.169:4433 +Flow 71 risky: icmp 202.238.220.92 -> 192.168.1.128 +Flow 9 risky: udp 192.168.1.128:46334 -> 40.112.191.60:443 +Flow 42 risky: udp 192.168.1.128:45855 -> 133.242.206.244:4434 +Flow 58 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:41857 -> 2606:4700:10::6816:826:4434 +Flow 2 risky: udp 192.168.1.128:37643 -> 71.202.41.169:443 +Flow 66 risky: udp 192.168.1.128:57926 -> 140.227.52.92:4434 diff --git a/test/results/flow-captured/default/quic_q39.pcap.out b/test/results/flow-captured/default/quic_q39.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q39.pcap.out diff --git a/test/results/flow-captured/default/quic_q43.pcap.out b/test/results/flow-captured/default/quic_q43.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q43.pcap.out diff --git a/test/results/flow-captured/default/quic_q46.pcap.out b/test/results/flow-captured/default/quic_q46.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q46.pcap.out diff --git a/test/results/flow-captured/default/quic_q46_b.pcap.out b/test/results/flow-captured/default/quic_q46_b.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q46_b.pcap.out diff --git a/test/results/flow-captured/default/quic_q50.pcap.out b/test/results/flow-captured/default/quic_q50.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q50.pcap.out diff --git a/test/results/flow-captured/default/quic_t50.pcap.out b/test/results/flow-captured/default/quic_t50.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_t50.pcap.out diff --git a/test/results/flow-captured/default/quic_t51.pcap.out b/test/results/flow-captured/default/quic_t51.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_t51.pcap.out diff --git a/test/results/flow-captured/default/quickplay.pcap.out b/test/results/flow-captured/default/quickplay.pcap.out new file mode 100644 index 000000000..285969368 --- /dev/null +++ b/test/results/flow-captured/default/quickplay.pcap.out @@ -0,0 +1,17 @@ +Flow 11 midstream: tcp 10.54.169.250:52009 -> 120.28.35.40:80 +Flow 13 risky: tcp 10.54.169.250:54885 -> 203.205.151.160:80 +Flow 13 midstream: tcp 10.54.169.250:54885 -> 203.205.151.160:80 +Flow 1 midstream: tcp 10.54.169.250:50668 -> 120.28.35.41:80 +Flow 2 midstream: tcp 10.54.169.250:50669 -> 120.28.35.41:80 +Flow 7 midstream: tcp 10.54.169.250:44793 -> 31.13.68.49:80 +Flow 12 risky: tcp 10.54.169.250:42761 -> 203.205.129.101:80 +Flow 12 midstream: tcp 10.54.169.250:42761 -> 203.205.129.101:80 +Flow 14 risky: tcp 10.54.169.250:42762 -> 203.205.129.101:80 +Flow 14 midstream: tcp 10.54.169.250:42762 -> 203.205.129.101:80 +Flow 6 midstream: tcp 10.54.169.250:33277 -> 120.28.26.231:80 +Flow 16 midstream: tcp 10.54.169.250:56381 -> 54.179.140.65:80 +Flow 19 midstream: tcp 10.54.169.250:52019 -> 120.28.35.40:80 +Flow 4 midstream: tcp 10.54.169.250:52285 -> 173.252.74.22:80 +Flow 5 midstream: tcp 10.54.169.250:52288 -> 173.252.74.22:80 +Flow 15 risky: tcp 10.54.169.250:35670 -> 203.205.147.215:80 +Flow 15 midstream: tcp 10.54.169.250:35670 -> 203.205.147.215:80 diff --git a/test/results/flow-captured/default/radius_false_positive.pcapng.out b/test/results/flow-captured/default/radius_false_positive.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/radius_false_positive.pcapng.out diff --git a/test/results/flow-captured/default/raknet.pcap.out b/test/results/flow-captured/default/raknet.pcap.out new file mode 100644 index 000000000..7479c4c3b --- /dev/null +++ b/test/results/flow-captured/default/raknet.pcap.out @@ -0,0 +1,3 @@ +Flow 5 risky: udp 192.168.2.100:32952 -> 148.153.35.205:60021 +Flow 6 risky: udp 148.153.35.205:60025 -> 192.168.2.100:32951 +Flow 11 risky: udp 192.168.2.100:44501 -> 148.153.35.205:59935 diff --git a/test/results/flow-captured/default/rdp.pcap.out b/test/results/flow-captured/default/rdp.pcap.out new file mode 100644 index 000000000..39b09f22b --- /dev/null +++ b/test/results/flow-captured/default/rdp.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 172.16.2.185:52494 -> 192.168.2.142:3389 diff --git a/test/results/flow-captured/default/rdp2.pcap.out b/test/results/flow-captured/default/rdp2.pcap.out new file mode 100644 index 000000000..5ad8dfd30 --- /dev/null +++ b/test/results/flow-captured/default/rdp2.pcap.out @@ -0,0 +1,3 @@ +Flow 1 risky: udp 192.168.122.181:54759 -> 192.168.122.2:3389 +Flow 2 risky: udp 10.8.37.100:51652 -> 10.100.2.87:3389 +Flow 3 risky: udp 10.50.181.210:60355 -> 10.50.73.36:3389 diff --git a/test/results/flow-captured/default/reasm_crash_anon.pcapng.out b/test/results/flow-captured/default/reasm_crash_anon.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/reasm_crash_anon.pcapng.out diff --git a/test/results/flow-captured/default/reasm_segv_anon.pcapng.out b/test/results/flow-captured/default/reasm_segv_anon.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/reasm_segv_anon.pcapng.out diff --git a/test/results/flow-captured/default/reddit.pcap.out b/test/results/flow-captured/default/reddit.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/reddit.pcap.out diff --git a/test/results/flow-captured/default/riot.pcapng.out b/test/results/flow-captured/default/riot.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/riot.pcapng.out diff --git a/test/results/flow-captured/default/riotgames.pcap.out b/test/results/flow-captured/default/riotgames.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/riotgames.pcap.out diff --git a/test/results/flow-captured/default/rmcp.pcap.out b/test/results/flow-captured/default/rmcp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rmcp.pcap.out diff --git a/test/results/flow-captured/default/roblox.pcapng.out b/test/results/flow-captured/default/roblox.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/roblox.pcapng.out diff --git a/test/results/flow-captured/default/rsh-syslog-false-positive.pcap.out b/test/results/flow-captured/default/rsh-syslog-false-positive.pcap.out new file mode 100644 index 000000000..2d31a37f5 --- /dev/null +++ b/test/results/flow-captured/default/rsh-syslog-false-positive.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 172.31.78.129:9039 -> 172.29.43.201:514 diff --git a/test/results/flow-captured/default/rsh.pcap.out b/test/results/flow-captured/default/rsh.pcap.out new file mode 100644 index 000000000..bf66d2b8e --- /dev/null +++ b/test/results/flow-captured/default/rsh.pcap.out @@ -0,0 +1,2 @@ +Flow 2 risky: tcp 127.0.0.1:1021 -> 127.0.0.1:514 +Flow 1 risky: tcp 127.0.0.1:1023 -> 127.0.0.1:514 diff --git a/test/results/flow-captured/default/rsync.pcap.out b/test/results/flow-captured/default/rsync.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rsync.pcap.out diff --git a/test/results/flow-captured/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/flow-captured/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out diff --git a/test/results/flow-captured/default/rtmp.pcap.out b/test/results/flow-captured/default/rtmp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rtmp.pcap.out diff --git a/test/results/flow-captured/default/rtp.pcapng.out b/test/results/flow-captured/default/rtp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rtp.pcapng.out diff --git a/test/results/flow-captured/default/rtsp.pcap.out b/test/results/flow-captured/default/rtsp.pcap.out new file mode 100644 index 000000000..9d28a9464 --- /dev/null +++ b/test/results/flow-captured/default/rtsp.pcap.out @@ -0,0 +1,8 @@ +Flow 2 risky: tcp 10.1.1.10:52472 -> 10.2.2.2:8554 +Flow 3 risky: tcp 10.1.1.10:52474 -> 10.2.2.2:8554 +Flow 4 risky: tcp 10.1.1.10:52476 -> 10.2.2.2:8554 +Flow 5 risky: tcp 10.1.1.10:52478 -> 10.2.2.2:8554 +Flow 1 risky: tcp 10.1.1.10:52470 -> 10.2.2.2:8554 +Flow 1 midstream: tcp 10.1.1.10:52470 -> 10.2.2.2:8554 +Flow 6 risky: tcp 10.1.1.10:52480 -> 10.2.2.2:8554 +Flow 7 risky: tcp 10.1.1.10:52482 -> 10.2.2.2:8554 diff --git a/test/results/flow-captured/default/rtsp_setup_http.pcapng.out b/test/results/flow-captured/default/rtsp_setup_http.pcapng.out new file mode 100644 index 000000000..bee1eae85 --- /dev/null +++ b/test/results/flow-captured/default/rtsp_setup_http.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 172.28.5.170:63840 -> 172.28.4.26:8554 +Flow 1 midstream: tcp 172.28.5.170:63840 -> 172.28.4.26:8554 diff --git a/test/results/flow-captured/default/rx.pcap.out b/test/results/flow-captured/default/rx.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rx.pcap.out diff --git a/test/results/flow-captured/default/s7comm.pcap.out b/test/results/flow-captured/default/s7comm.pcap.out new file mode 100644 index 000000000..c7c9d0055 --- /dev/null +++ b/test/results/flow-captured/default/s7comm.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.1.10:4185 -> 192.168.1.40:102 diff --git a/test/results/flow-captured/default/safari.pcap.out b/test/results/flow-captured/default/safari.pcap.out new file mode 100644 index 000000000..8b4353ac7 --- /dev/null +++ b/test/results/flow-captured/default/safari.pcap.out @@ -0,0 +1,5 @@ +Flow 4 risky: tcp 192.168.1.178:55267 -> 146.48.58.18:443 +Flow 2 risky: tcp 192.168.1.178:55265 -> 146.48.58.18:443 +Flow 3 risky: tcp 192.168.1.178:55266 -> 146.48.58.18:443 +Flow 5 risky: tcp 192.168.1.178:55268 -> 146.48.58.18:443 +Flow 6 risky: tcp 192.168.1.178:55269 -> 146.48.58.18:443 diff --git a/test/results/flow-captured/default/salesforce.pcap.out b/test/results/flow-captured/default/salesforce.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/salesforce.pcap.out diff --git a/test/results/flow-captured/default/sccp_hw_conf_register.pcapng.out b/test/results/flow-captured/default/sccp_hw_conf_register.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sccp_hw_conf_register.pcapng.out diff --git a/test/results/flow-captured/default/sctp.cap.out b/test/results/flow-captured/default/sctp.cap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sctp.cap.out diff --git a/test/results/flow-captured/default/selfsigned.pcap.out b/test/results/flow-captured/default/selfsigned.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/selfsigned.pcap.out diff --git a/test/results/flow-captured/default/sflow.pcap.out b/test/results/flow-captured/default/sflow.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sflow.pcap.out diff --git a/test/results/flow-captured/default/shadowsocks.pcap.out b/test/results/flow-captured/default/shadowsocks.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/shadowsocks.pcap.out diff --git a/test/results/flow-captured/default/signal.pcap.out b/test/results/flow-captured/default/signal.pcap.out new file mode 100644 index 000000000..bc4b0b39d --- /dev/null +++ b/test/results/flow-captured/default/signal.pcap.out @@ -0,0 +1,3 @@ +Flow 8 risky: tcp 192.168.2.17:56996 -> 17.248.146.144:443 +Flow 8 midstream: tcp 192.168.2.17:56996 -> 17.248.146.144:443 +Flow 9 midstream: tcp 192.168.2.17:57017 -> 2.18.232.118:443 diff --git a/test/results/flow-captured/default/simple-dnscrypt.pcap.out b/test/results/flow-captured/default/simple-dnscrypt.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/simple-dnscrypt.pcap.out diff --git a/test/results/flow-captured/default/sip.pcap.out b/test/results/flow-captured/default/sip.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sip.pcap.out diff --git a/test/results/flow-captured/default/sip_hello.pcapng.out b/test/results/flow-captured/default/sip_hello.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sip_hello.pcapng.out diff --git a/test/results/flow-captured/default/sites.pcapng.out b/test/results/flow-captured/default/sites.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sites.pcapng.out diff --git a/test/results/flow-captured/default/skinny.pcap.out b/test/results/flow-captured/default/skinny.pcap.out new file mode 100644 index 000000000..1005c786b --- /dev/null +++ b/test/results/flow-captured/default/skinny.pcap.out @@ -0,0 +1,3 @@ +Flow 1 midstream: tcp 192.168.195.58:49399 -> 192.168.193.12:2000 +Flow 2 midstream: tcp 192.168.193.12:2000 -> 192.168.195.50:51532 +Flow 8 midstream: tcp 192.168.195.58:50917 -> 10.16.2.25:2000 diff --git a/test/results/flow-captured/default/skype-conference-call.pcap.out b/test/results/flow-captured/default/skype-conference-call.pcap.out new file mode 100644 index 000000000..34ff2def6 --- /dev/null +++ b/test/results/flow-captured/default/skype-conference-call.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.2.20:49282 -> 104.46.40.49:60642 diff --git a/test/results/flow-captured/default/skype.pcap.out b/test/results/flow-captured/default/skype.pcap.out new file mode 100644 index 000000000..85988d951 --- /dev/null +++ b/test/results/flow-captured/default/skype.pcap.out @@ -0,0 +1,31 @@ +Flow 15 risky: tcp 192.168.1.34:50028 -> 157.56.126.211:443 +Flow 4 risky: udp 192.168.1.34:52850 -> 192.168.1.1:53 +Flow 6 risky: udp 192.168.1.34:65426 -> 192.168.1.1:53 +Flow 14 risky: udp 192.168.1.34:57288 -> 192.168.1.1:53 +Flow 1 risky: udp 192.168.1.34:49163 -> 192.168.1.1:53 +Flow 2 risky: udp 192.168.1.34:57406 -> 192.168.1.1:53 +Flow 21 risky: udp 192.168.1.34:57726 -> 192.168.1.1:53 +Flow 3 risky: udp 192.168.1.34:55711 -> 192.168.1.1:53 +Flow 10 risky: udp 192.168.1.34:49793 -> 192.168.1.1:53 +Flow 16 risky: udp 192.168.1.34:49903 -> 192.168.1.1:53 +Flow 13 risky: udp 192.168.1.34:49990 -> 192.168.1.1:53 +Flow 20 risky: udp 192.168.1.34:60288 -> 192.168.1.1:53 +Flow 5 risky: udp 192.168.1.34:54396 -> 192.168.1.1:53 +Flow 11 risky: udp 192.168.1.34:65045 -> 192.168.1.1:53 +Flow 260 risky: tcp 192.168.1.34:50128 -> 17.172.100.36:443 +Flow 150 risky: udp 192.168.1.34:63108 -> 192.168.1.1:53 +Flow 149 risky: udp 192.168.1.34:55159 -> 192.168.1.1:53 +Flow 158 risky: udp 192.168.1.34:49360 -> 192.168.1.1:53 +Flow 176 risky: udp 192.168.1.34:58368 -> 192.168.1.1:53 +Flow 175 risky: udp 192.168.1.34:54343 -> 192.168.1.1:53 +Flow 157 risky: udp 192.168.1.34:58458 -> 192.168.1.1:53 +Flow 267 risky: udp 192.168.1.34:63421 -> 192.168.1.1:53 +Flow 265 risky: udp 192.168.1.34:51802 -> 192.168.1.1:53 +Flow 263 risky: udp 192.168.1.34:56387 -> 192.168.1.1:53 +Flow 264 risky: udp 192.168.1.34:52714 -> 192.168.1.1:53 +Flow 262 risky: udp 192.168.1.34:52742 -> 192.168.1.1:53 +Flow 268 risky: udp 192.168.1.34:65037 -> 192.168.1.1:53 +Flow 269 risky: tcp 192.168.1.34:50131 -> 212.161.8.36:13392 +Flow 23 midstream: tcp 108.160.170.46:443 -> 192.168.1.34:49445 +Flow 255 risky: tcp 17.143.160.22:5223 -> 192.168.1.34:49447 +Flow 255 midstream: tcp 17.143.160.22:5223 -> 192.168.1.34:49447 diff --git a/test/results/flow-captured/default/skype_no_unknown.pcap.out b/test/results/flow-captured/default/skype_no_unknown.pcap.out new file mode 100644 index 000000000..b6b1a368f --- /dev/null +++ b/test/results/flow-captured/default/skype_no_unknown.pcap.out @@ -0,0 +1,27 @@ +Flow 13 risky: tcp 192.168.1.34:51230 -> 157.56.126.211:443 +Flow 23 risky: tcp 192.168.1.34:51227 -> 17.172.100.36:443 +Flow 23 midstream: tcp 192.168.1.34:51227 -> 17.172.100.36:443 +Flow 12 risky: udp 192.168.1.34:59113 -> 192.168.1.1:53 +Flow 2 risky: udp 192.168.1.34:55028 -> 192.168.1.1:53 +Flow 16 risky: udp 192.168.1.34:63514 -> 192.168.1.1:53 +Flow 15 risky: udp 192.168.1.34:53372 -> 192.168.1.1:53 +Flow 14 risky: udp 192.168.1.34:57592 -> 192.168.1.1:53 +Flow 21 risky: udp 192.168.1.34:51753 -> 192.168.1.1:53 +Flow 7 risky: udp 192.168.1.34:49864 -> 192.168.1.1:53 +Flow 6 risky: udp 192.168.1.34:64240 -> 192.168.1.1:53 +Flow 20 risky: udp 192.168.1.34:50055 -> 192.168.1.1:53 +Flow 5 risky: udp 192.168.1.34:58631 -> 192.168.1.1:53 +Flow 4 risky: udp 192.168.1.34:60688 -> 192.168.1.1:53 +Flow 11 risky: udp 192.168.1.34:62875 -> 192.168.1.1:53 +Flow 3 risky: udp 192.168.1.34:64971 -> 192.168.1.1:53 +Flow 26 risky: udp 192.168.1.34:138 -> 192.168.1.255:138 +Flow 27 risky: udp 192.168.1.1:138 -> 192.168.1.34:138 +Flow 29 risky: udp 192.168.1.92:138 -> 192.168.1.255:138 +Flow 166 risky: udp 192.168.1.34:61095 -> 192.168.1.1:53 +Flow 155 risky: udp 192.168.1.34:63342 -> 192.168.1.1:53 +Flow 255 risky: tcp 192.168.1.34:51307 -> 149.13.32.15:13392 +Flow 259 risky: tcp 192.168.1.34:51312 -> 149.13.32.15:13392 +Flow 167 risky: udp 192.168.1.34:55866 -> 192.168.1.1:53 +Flow 156 risky: udp 192.168.1.34:64258 -> 192.168.1.1:53 +Flow 199 risky: udp 192.168.1.34:64364 -> 192.168.1.1:53 +Flow 198 risky: udp 192.168.1.34:60413 -> 192.168.1.1:53 diff --git a/test/results/flow-captured/default/skype_udp.pcap.out b/test/results/flow-captured/default/skype_udp.pcap.out new file mode 100644 index 000000000..39b74b0ae --- /dev/null +++ b/test/results/flow-captured/default/skype_udp.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.2:35990 -> 24.224.190.149:39262 diff --git a/test/results/flow-captured/default/smb_deletefile.pcap.out b/test/results/flow-captured/default/smb_deletefile.pcap.out new file mode 100644 index 000000000..235f0b2ac --- /dev/null +++ b/test/results/flow-captured/default/smb_deletefile.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.1.118:56848 -> 192.168.1.187:445 diff --git a/test/results/flow-captured/default/smb_frags.pcap.out b/test/results/flow-captured/default/smb_frags.pcap.out new file mode 100644 index 000000000..6de65cbd8 --- /dev/null +++ b/test/results/flow-captured/default/smb_frags.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.202.211.125:54120 -> 10.202.7.8:445 diff --git a/test/results/flow-captured/default/smbv1.pcap.out b/test/results/flow-captured/default/smbv1.pcap.out new file mode 100644 index 000000000..35466a60e --- /dev/null +++ b/test/results/flow-captured/default/smbv1.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 172.16.156.130:50927 -> 10.128.0.243:445 +Flow 1 midstream: tcp 172.16.156.130:50927 -> 10.128.0.243:445 diff --git a/test/results/flow-captured/default/smpp_in_general.pcap.out b/test/results/flow-captured/default/smpp_in_general.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/smpp_in_general.pcap.out diff --git a/test/results/flow-captured/default/smtp-starttls.pcap.out b/test/results/flow-captured/default/smtp-starttls.pcap.out new file mode 100644 index 000000000..e1a4b74a1 --- /dev/null +++ b/test/results/flow-captured/default/smtp-starttls.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 10.0.0.1:57406 -> 173.194.68.26:25 +Flow 2 risky: tcp 2003:de:2016:125:fc36:8317:4e86:cb72:7562 -> 2003:de:2016:120::a08:53:25 diff --git a/test/results/flow-captured/default/smtp.pcap.out b/test/results/flow-captured/default/smtp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/smtp.pcap.out diff --git a/test/results/flow-captured/default/smtps.pcapng.out b/test/results/flow-captured/default/smtps.pcapng.out new file mode 100644 index 000000000..d38150450 --- /dev/null +++ b/test/results/flow-captured/default/smtps.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 62.43.36.99:37682 -> 21.65.95.132:465 diff --git a/test/results/flow-captured/default/snapchat.pcap.out b/test/results/flow-captured/default/snapchat.pcap.out new file mode 100644 index 000000000..81b9eb29b --- /dev/null +++ b/test/results/flow-captured/default/snapchat.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.8.0.1:33233 -> 74.125.136.141:443 diff --git a/test/results/flow-captured/default/snapchat_call.pcapng.out b/test/results/flow-captured/default/snapchat_call.pcapng.out new file mode 100644 index 000000000..44d0ee1f6 --- /dev/null +++ b/test/results/flow-captured/default/snapchat_call.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.12.169:42083 -> 18.184.138.142:443 diff --git a/test/results/flow-captured/default/snapchat_call_v1.pcapng.out b/test/results/flow-captured/default/snapchat_call_v1.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/snapchat_call_v1.pcapng.out diff --git a/test/results/flow-captured/default/snmp.pcap.out b/test/results/flow-captured/default/snmp.pcap.out new file mode 100644 index 000000000..33dbcd827 --- /dev/null +++ b/test/results/flow-captured/default/snmp.pcap.out @@ -0,0 +1,2 @@ +Flow 17 risky: udp 10.99.8.88:43242 -> 10.100.253.146:161 +Flow 16 risky: udp 10.231.2.134:161 -> 10.72.247.4:61088 diff --git a/test/results/flow-captured/default/soap.pcap.out b/test/results/flow-captured/default/soap.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/soap.pcap.out diff --git a/test/results/flow-captured/default/socks.pcap.out b/test/results/flow-captured/default/socks.pcap.out new file mode 100644 index 000000000..569bf505b --- /dev/null +++ b/test/results/flow-captured/default/socks.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.0.0.1:1637 -> 10.0.0.2:21477 diff --git a/test/results/flow-captured/default/softether.pcap.out b/test/results/flow-captured/default/softether.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/softether.pcap.out diff --git a/test/results/flow-captured/default/someip-tp.pcap.out b/test/results/flow-captured/default/someip-tp.pcap.out new file mode 100644 index 000000000..ebd0fb6d6 --- /dev/null +++ b/test/results/flow-captured/default/someip-tp.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 10.0.1.207:56772 -> 10.0.1.1:18193 diff --git a/test/results/flow-captured/default/someip-udp-method-call.pcapng.out b/test/results/flow-captured/default/someip-udp-method-call.pcapng.out new file mode 100644 index 000000000..d2e47e1c7 --- /dev/null +++ b/test/results/flow-captured/default/someip-udp-method-call.pcapng.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 192.168.0.125:49191 -> 192.168.0.1:49201 +Flow 1 risky: udp 192.168.0.1:49190 -> 224.0.0.1:49190 diff --git a/test/results/flow-captured/default/someip_sd_sample.pcap.out b/test/results/flow-captured/default/someip_sd_sample.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/someip_sd_sample.pcap.out diff --git a/test/results/flow-captured/default/source_engine.pcap.out b/test/results/flow-captured/default/source_engine.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/source_engine.pcap.out diff --git a/test/results/flow-captured/default/sql_injection.pcap.out b/test/results/flow-captured/default/sql_injection.pcap.out new file mode 100644 index 000000000..0b79c73bf --- /dev/null +++ b/test/results/flow-captured/default/sql_injection.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.3.109:53528 -> 192.168.3.107:80 +Flow 1 midstream: tcp 192.168.3.109:53528 -> 192.168.3.107:80 diff --git a/test/results/flow-captured/default/srvloc-v1.pcapng.out b/test/results/flow-captured/default/srvloc-v1.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/srvloc-v1.pcapng.out diff --git a/test/results/flow-captured/default/srvloc.pcap.out b/test/results/flow-captured/default/srvloc.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/srvloc.pcap.out diff --git a/test/results/flow-captured/default/ssdp-m-search-ua.pcap.out b/test/results/flow-captured/default/ssdp-m-search-ua.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ssdp-m-search-ua.pcap.out diff --git a/test/results/flow-captured/default/ssdp-m-search.pcap.out b/test/results/flow-captured/default/ssdp-m-search.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ssdp-m-search.pcap.out diff --git a/test/results/flow-captured/default/ssh.pcap.out b/test/results/flow-captured/default/ssh.pcap.out new file mode 100644 index 000000000..f9dd7de82 --- /dev/null +++ b/test/results/flow-captured/default/ssh.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 172.16.238.1:58395 -> 172.16.238.168:22 diff --git a/test/results/flow-captured/default/ssl-cert-name-mismatch.pcap.out b/test/results/flow-captured/default/ssl-cert-name-mismatch.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ssl-cert-name-mismatch.pcap.out diff --git a/test/results/flow-captured/default/starcraft_battle.pcap.out b/test/results/flow-captured/default/starcraft_battle.pcap.out new file mode 100644 index 000000000..7496cc0bb --- /dev/null +++ b/test/results/flow-captured/default/starcraft_battle.pcap.out @@ -0,0 +1,16 @@ +Flow 15 risky: tcp 192.168.1.100:3508 -> 87.248.221.254:80 +Flow 28 risky: udp 192.168.1.100:53145 -> 192.168.1.254:53 +Flow 44 risky: udp 192.168.1.100:55468 -> 192.168.1.254:53 +Flow 24 midstream: tcp 192.168.1.100:3479 -> 2.228.46.114:443 +Flow 22 midstream: tcp 192.168.1.100:3480 -> 2.228.46.114:443 +Flow 23 midstream: tcp 192.168.1.100:3481 -> 2.228.46.114:443 +Flow 21 midstream: tcp 192.168.1.100:3482 -> 2.228.46.114:443 +Flow 18 midstream: tcp 192.168.1.100:3489 -> 2.228.46.104:443 +Flow 19 midstream: tcp 192.168.1.100:3490 -> 2.228.46.104:443 +Flow 20 midstream: tcp 192.168.1.100:3491 -> 2.228.46.104:443 +Flow 17 midstream: tcp 192.168.1.100:3492 -> 2.228.46.104:443 +Flow 14 risky: udp 192.168.1.100:60026 -> 192.168.1.254:53 +Flow 2 risky: udp 192.168.1.100:58818 -> 192.168.1.254:53 +Flow 4 risky: udp 192.168.1.100:58831 -> 192.168.1.254:53 +Flow 9 risky: udp 192.168.1.100:58851 -> 192.168.1.254:53 +Flow 16 risky: tcp 192.168.1.100:3512 -> 12.129.222.54:80 diff --git a/test/results/flow-captured/default/steam.pcap.out b/test/results/flow-captured/default/steam.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/steam.pcap.out diff --git a/test/results/flow-captured/default/steam_datagram_relay_ping.pcapng.out b/test/results/flow-captured/default/steam_datagram_relay_ping.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/steam_datagram_relay_ping.pcapng.out diff --git a/test/results/flow-captured/default/stun.pcap.out b/test/results/flow-captured/default/stun.pcap.out new file mode 100644 index 000000000..744f2a8bc --- /dev/null +++ b/test/results/flow-captured/default/stun.pcap.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 192.168.12.169:43016 -> 74.125.247.128:3478 +Flow 5 risky: udp 192.168.12.169:38123 -> 31.13.86.54:40003 diff --git a/test/results/flow-captured/default/stun_classic.pcap.out b/test/results/flow-captured/default/stun_classic.pcap.out new file mode 100644 index 000000000..29674b8e3 --- /dev/null +++ b/test/results/flow-captured/default/stun_classic.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 172.16.63.224:55050 -> 172.16.63.21:13958 diff --git a/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out b/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out new file mode 100644 index 000000000..14abb1393 --- /dev/null +++ b/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 26.83.9.81:57567 -> 33.35.223.103:540 diff --git a/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out b/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out new file mode 100644 index 000000000..f72e2de18 --- /dev/null +++ b/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 33.35.223.103:540 -> 26.83.9.81:57567 diff --git a/test/results/flow-captured/default/stun_google_meet.pcapng.out b/test/results/flow-captured/default/stun_google_meet.pcapng.out new file mode 100644 index 000000000..1dd9dd75c --- /dev/null +++ b/test/results/flow-captured/default/stun_google_meet.pcapng.out @@ -0,0 +1,4 @@ +Flow 3 risky: udp 192.168.12.156:38152 -> 142.250.82.76:19305 +Flow 4 risky: udp 192.168.12.156:45400 -> 142.250.82.76:19305 +Flow 2 risky: udp 192.168.12.156:45400 -> 74.125.128.127:19302 +Flow 1 risky: udp 192.168.12.156:38152 -> 74.125.128.127:19302 diff --git a/test/results/flow-captured/default/stun_msteams_unidir.pcapng.out b/test/results/flow-captured/default/stun_msteams_unidir.pcapng.out new file mode 100644 index 000000000..40a647bab --- /dev/null +++ b/test/results/flow-captured/default/stun_msteams_unidir.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 52.115.136.55:3479 -> 10.0.0.1:50006 diff --git a/test/results/flow-captured/default/stun_signal.pcapng.out b/test/results/flow-captured/default/stun_signal.pcapng.out new file mode 100644 index 000000000..dad2b24a0 --- /dev/null +++ b/test/results/flow-captured/default/stun_signal.pcapng.out @@ -0,0 +1,15 @@ +Flow 14 risky: udp 192.168.12.169:43068 -> 18.195.131.143:61156 +Flow 3 risky: udp 192.168.12.169:47204 -> 35.158.183.167:443 +Flow 2 risky: udp 192.168.12.169:47204 -> 172.253.121.127:19302 +Flow 6 risky: udp 192.168.12.169:39518 -> 35.158.183.167:443 +Flow 1 risky: udp 192.168.12.169:39518 -> 172.253.121.127:19302 +Flow 23 risky: udp 192.168.12.169:47767 -> 18.195.131.143:61498 +Flow 9 risky: udp 192.168.12.169:43068 -> 35.158.183.167:443 +Flow 10 risky: udp 192.168.12.169:43068 -> 172.253.121.127:19302 +Flow 12 risky: udp 192.168.12.169:39950 -> 35.158.183.167:443 +Flow 11 risky: udp 192.168.12.169:39950 -> 172.253.121.127:19302 +Flow 22 risky: udp 192.168.12.169:47767 -> 18.195.131.143:54054 +Flow 17 risky: udp 192.168.12.169:47767 -> 35.158.122.211:443 +Flow 15 risky: udp 192.168.12.169:47767 -> 172.253.121.127:19302 +Flow 18 risky: udp 192.168.12.169:37970 -> 35.158.122.211:443 +Flow 16 risky: udp 192.168.12.169:37970 -> 172.253.121.127:19302 diff --git a/test/results/flow-captured/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/flow-captured/default/stun_tcp_multiple_msgs_same_pkt.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/stun_tcp_multiple_msgs_same_pkt.pcap.out diff --git a/test/results/flow-captured/default/stun_wa_call.pcapng.out b/test/results/flow-captured/default/stun_wa_call.pcapng.out new file mode 100644 index 000000000..6060f0b3f --- /dev/null +++ b/test/results/flow-captured/default/stun_wa_call.pcapng.out @@ -0,0 +1,2 @@ +Flow 11 risky: udp 192.168.12.156:49526 -> 10.82.40.241:40436 +Flow 12 risky: udp 192.168.12.156:49526 -> 93.33.118.87:41107 diff --git a/test/results/flow-captured/default/stun_zoom.pcapng.out b/test/results/flow-captured/default/stun_zoom.pcapng.out new file mode 100644 index 000000000..31ad627b4 --- /dev/null +++ b/test/results/flow-captured/default/stun_zoom.pcapng.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 192.168.43.169:53065 -> 134.224.90.111:8801 +Flow 1 risky: udp 192.168.43.169:48854 -> 134.224.90.111:8801 diff --git a/test/results/flow-captured/default/syncthing.pcap.out b/test/results/flow-captured/default/syncthing.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/syncthing.pcap.out diff --git a/test/results/flow-captured/default/synscan.pcap.out b/test/results/flow-captured/default/synscan.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/synscan.pcap.out diff --git a/test/results/flow-captured/default/syslog.pcap.out b/test/results/flow-captured/default/syslog.pcap.out new file mode 100644 index 000000000..ed112f18b --- /dev/null +++ b/test/results/flow-captured/default/syslog.pcap.out @@ -0,0 +1 @@ +Flow 15 risky: tcp 10.186.117.194:49948 -> 169.46.82.162:52173 diff --git a/test/results/flow-captured/default/tailscale.pcap.out b/test/results/flow-captured/default/tailscale.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tailscale.pcap.out diff --git a/test/results/flow-captured/default/targusdataspeed_false_positives.pcap.out b/test/results/flow-captured/default/targusdataspeed_false_positives.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/targusdataspeed_false_positives.pcap.out diff --git a/test/results/flow-captured/default/tcp_scan.pcapng.out b/test/results/flow-captured/default/tcp_scan.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tcp_scan.pcapng.out diff --git a/test/results/flow-captured/default/teams.pcap.out b/test/results/flow-captured/default/teams.pcap.out new file mode 100644 index 000000000..7cab07517 --- /dev/null +++ b/test/results/flow-captured/default/teams.pcap.out @@ -0,0 +1,19 @@ +Flow 7 risky: tcp 192.168.1.6:60535 -> 52.114.77.33:443 +Flow 48 risky: tcp 192.168.1.6:60559 -> 52.114.77.33:443 +Flow 64 risky: tcp 192.168.1.6:50018 -> 52.114.250.123:443 +Flow 78 risky: udp 93.71.110.205:16332 -> 192.168.1.6:50016 +Flow 67 risky: tcp 192.168.1.6:50021 -> 52.114.250.123:443 +Flow 43 risky: tcp 192.168.1.6:60554 -> 52.113.194.132:443 +Flow 76 risky: udp 192.168.1.6:50016 -> 192.168.0.4:50005 +Flow 77 risky: udp 192.168.1.6:50036 -> 192.168.0.4:50020 +Flow 36 risky: udp 192.168.1.6:61245 -> 192.168.1.1:53 +Flow 4 risky: tcp 192.168.1.6:60532 -> 52.114.77.33:443 +Flow 25 risky: tcp 192.168.1.6:60543 -> 52.114.77.33:443 +Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443 +Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443 +Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434 +Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434 +Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036 +Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53 +Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016 +Flow 80 risky: udp 52.114.252.21:3480 -> 192.168.1.6:50036 diff --git a/test/results/flow-captured/default/teamspeak3.pcap.out b/test/results/flow-captured/default/teamspeak3.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/teamspeak3.pcap.out diff --git a/test/results/flow-captured/default/teamviewer.pcap.out b/test/results/flow-captured/default/teamviewer.pcap.out new file mode 100644 index 000000000..a8e20a16e --- /dev/null +++ b/test/results/flow-captured/default/teamviewer.pcap.out @@ -0,0 +1 @@ +Flow 2 risky: udp 10.0.2.15:34417 -> 93.47.224.241:36037 diff --git a/test/results/flow-captured/default/telegram.pcap.out b/test/results/flow-captured/default/telegram.pcap.out new file mode 100644 index 000000000..ce4c4dfbb --- /dev/null +++ b/test/results/flow-captured/default/telegram.pcap.out @@ -0,0 +1,5 @@ +Flow 32 risky: udp 192.168.1.77:5812 -> 192.168.1.1:53 +Flow 27 risky: udp 192.168.1.77:47127 -> 192.168.1.1:53 +Flow 29 risky: udp 192.168.1.43:138 -> 192.168.1.255:138 +Flow 26 risky: udp 192.168.1.77:23174 -> 87.11.205.195:60723 +Flow 33 risky: udp 192.168.1.77:54595 -> 192.168.1.1:53 diff --git a/test/results/flow-captured/default/telegram_videocall.pcapng.out b/test/results/flow-captured/default/telegram_videocall.pcapng.out new file mode 100644 index 000000000..c2ebd899c --- /dev/null +++ b/test/results/flow-captured/default/telegram_videocall.pcapng.out @@ -0,0 +1,8 @@ +Flow 26 risky: udp 192.168.12.169:42405 -> 93.36.13.115:35393 +Flow 18 risky: udp 192.168.12.169:40643 -> 91.108.9.35:1400 +Flow 24 risky: udp 192.168.12.169:42405 -> 10.46.103.200:42554 +Flow 19 risky: udp 192.168.12.169:49667 -> 91.108.13.23:1400 +Flow 25 risky: udp 192.168.12.169:40906 -> 10.46.103.200:42554 +Flow 20 risky: udp 192.168.12.169:49780 -> 91.108.17.2:1400 +Flow 34 midstream: tcp 18.195.162.93:443 -> 192.168.12.169:38956 +Flow 27 risky: udp 192.168.12.169:40906 -> 93.36.13.115:35393 diff --git a/test/results/flow-captured/default/telnet.pcap.out b/test/results/flow-captured/default/telnet.pcap.out new file mode 100644 index 000000000..70d284ec3 --- /dev/null +++ b/test/results/flow-captured/default/telnet.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.2:1550 -> 192.168.0.1:23 diff --git a/test/results/flow-captured/default/teredo.pcap.out b/test/results/flow-captured/default/teredo.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/teredo.pcap.out diff --git a/test/results/flow-captured/default/tftp.pcap.out b/test/results/flow-captured/default/tftp.pcap.out new file mode 100644 index 000000000..557a54b8f --- /dev/null +++ b/test/results/flow-captured/default/tftp.pcap.out @@ -0,0 +1,2 @@ +Flow 4 risky: udp 192.168.0.10:3445 -> 192.168.0.253:50618 +Flow 7 risky: udp 172.28.5.170:62058 -> 172.28.5.91:44618 diff --git a/test/results/flow-captured/default/threema.pcap.out b/test/results/flow-captured/default/threema.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/threema.pcap.out diff --git a/test/results/flow-captured/default/thrift.pcap.out b/test/results/flow-captured/default/thrift.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/thrift.pcap.out diff --git a/test/results/flow-captured/default/tinc.pcap.out b/test/results/flow-captured/default/tinc.pcap.out new file mode 100644 index 000000000..675bcae5f --- /dev/null +++ b/test/results/flow-captured/default/tinc.pcap.out @@ -0,0 +1,4 @@ +Flow 3 risky: udp 131.114.168.27:55655 -> 185.83.218.112:55655 +Flow 4 risky: udp 185.83.218.112:55656 -> 131.114.168.27:55656 +Flow 2 risky: tcp 131.114.168.27:49290 -> 185.83.218.112:55656 +Flow 1 risky: tcp 131.114.168.27:59244 -> 185.83.218.112:55655 diff --git a/test/results/flow-captured/default/tk.pcap.out b/test/results/flow-captured/default/tk.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tk.pcap.out diff --git a/test/results/flow-captured/default/tls-appdata.pcap.out b/test/results/flow-captured/default/tls-appdata.pcap.out new file mode 100644 index 000000000..3d2549923 --- /dev/null +++ b/test/results/flow-captured/default/tls-appdata.pcap.out @@ -0,0 +1,2 @@ +Flow 2 risky: tcp 192.168.2.100:58976 -> 52.223.198.7:443 +Flow 2 midstream: tcp 192.168.2.100:58976 -> 52.223.198.7:443 diff --git a/test/results/flow-captured/default/tls-esni-fuzzed.pcap.out b/test/results/flow-captured/default/tls-esni-fuzzed.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls-esni-fuzzed.pcap.out diff --git a/test/results/flow-captured/default/tls-rdn-extract.pcap.out b/test/results/flow-captured/default/tls-rdn-extract.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls-rdn-extract.pcap.out diff --git a/test/results/flow-captured/default/tls_2_reasms.pcapng.out b/test/results/flow-captured/default/tls_2_reasms.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_2_reasms.pcapng.out diff --git a/test/results/flow-captured/default/tls_2_reasms_b.pcapng.out b/test/results/flow-captured/default/tls_2_reasms_b.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_2_reasms_b.pcapng.out diff --git a/test/results/flow-captured/default/tls_alert.pcap.out b/test/results/flow-captured/default/tls_alert.pcap.out new file mode 100644 index 000000000..ec7db2bcf --- /dev/null +++ b/test/results/flow-captured/default/tls_alert.pcap.out @@ -0,0 +1 @@ +Flow 2 midstream: tcp 192.168.2.100:37780 -> 160.44.202.202:443 diff --git a/test/results/flow-captured/default/tls_certificate_too_long.pcap.out b/test/results/flow-captured/default/tls_certificate_too_long.pcap.out new file mode 100644 index 000000000..63bef1023 --- /dev/null +++ b/test/results/flow-captured/default/tls_certificate_too_long.pcap.out @@ -0,0 +1,9 @@ +Flow 24 risky: tcp 192.168.1.121:53429 -> 52.98.163.18:443 +Flow 24 midstream: tcp 192.168.1.121:53429 -> 52.98.163.18:443 +Flow 25 risky: tcp 192.168.1.121:53428 -> 52.98.163.18:443 +Flow 25 midstream: tcp 192.168.1.121:53428 -> 52.98.163.18:443 +Flow 18 risky: tcp 192.168.1.121:53912 -> 2.22.33.235:80 +Flow 19 risky: tcp 192.168.1.121:53913 -> 2.22.33.235:80 +Flow 23 risky: udp 192.168.1.121:51998 -> 8.8.8.8:53 +Flow 3 risky: udp 192.168.1.121:52251 -> 8.8.8.8:53 +Flow 20 midstream: tcp 192.168.1.121:53905 -> 140.82.113.26:443 diff --git a/test/results/flow-captured/default/tls_cipher_lens.pcap.out b/test/results/flow-captured/default/tls_cipher_lens.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_cipher_lens.pcap.out diff --git a/test/results/flow-captured/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/flow-captured/default/tls_client_certificate_with_missing_server_one.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_client_certificate_with_missing_server_one.pcapng.out diff --git a/test/results/flow-captured/default/tls_ech.pcapng.out b/test/results/flow-captured/default/tls_ech.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_ech.pcapng.out diff --git a/test/results/flow-captured/default/tls_esni_sni_both.pcap.out b/test/results/flow-captured/default/tls_esni_sni_both.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_esni_sni_both.pcap.out diff --git a/test/results/flow-captured/default/tls_false_positives.pcapng.out b/test/results/flow-captured/default/tls_false_positives.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_false_positives.pcapng.out diff --git a/test/results/flow-captured/default/tls_invalid_reads.pcap.out b/test/results/flow-captured/default/tls_invalid_reads.pcap.out new file mode 100644 index 000000000..8d943a2e2 --- /dev/null +++ b/test/results/flow-captured/default/tls_invalid_reads.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.10.101:3967 -> 206.33.61.113:443 diff --git a/test/results/flow-captured/default/tls_long_cert.pcap.out b/test/results/flow-captured/default/tls_long_cert.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_long_cert.pcap.out diff --git a/test/results/flow-captured/default/tls_missing_ch_frag.pcap.out b/test/results/flow-captured/default/tls_missing_ch_frag.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_missing_ch_frag.pcap.out diff --git a/test/results/flow-captured/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/flow-captured/default/tls_multiple_synack_different_seq.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_multiple_synack_different_seq.pcapng.out diff --git a/test/results/flow-captured/default/tls_port_80.pcapng.out b/test/results/flow-captured/default/tls_port_80.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_port_80.pcapng.out diff --git a/test/results/flow-captured/default/tls_torrent.pcapng.out b/test/results/flow-captured/default/tls_torrent.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_torrent.pcapng.out diff --git a/test/results/flow-captured/default/tls_unidirectional.pcap.out b/test/results/flow-captured/default/tls_unidirectional.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_unidirectional.pcap.out diff --git a/test/results/flow-captured/default/tls_verylong_certificate.pcap.out b/test/results/flow-captured/default/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_verylong_certificate.pcap.out diff --git a/test/results/flow-captured/default/toca-boca.pcap.out b/test/results/flow-captured/default/toca-boca.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/toca-boca.pcap.out diff --git a/test/results/flow-captured/default/tor.pcap.out b/test/results/flow-captured/default/tor.pcap.out new file mode 100644 index 000000000..e379ec029 --- /dev/null +++ b/test/results/flow-captured/default/tor.pcap.out @@ -0,0 +1,8 @@ +Flow 3 risky: tcp 192.168.1.252:51112 -> 38.229.70.53:443 +Flow 1 risky: tcp 192.168.1.252:51110 -> 91.143.93.242:443 +Flow 5 risky: udp 192.168.1.252:138 -> 192.168.1.255:138 +Flow 2 risky: tcp 192.168.1.252:51111 -> 46.59.52.31:443 +Flow 8 risky: tcp 192.168.1.252:51175 -> 91.143.93.242:443 +Flow 7 risky: tcp 192.168.1.252:51174 -> 212.83.155.250:443 +Flow 10 risky: tcp 192.168.1.252:51185 -> 62.210.137.230:443 +Flow 9 risky: tcp 192.168.1.252:51176 -> 38.229.70.53:443 diff --git a/test/results/flow-captured/default/tplink_shp.pcap.out b/test/results/flow-captured/default/tplink_shp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tplink_shp.pcap.out diff --git a/test/results/flow-captured/default/trickbot.pcap.out b/test/results/flow-captured/default/trickbot.pcap.out new file mode 100644 index 000000000..3a19f1e1b --- /dev/null +++ b/test/results/flow-captured/default/trickbot.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.12.29.101:61318 -> 82.118.225.196:7080 diff --git a/test/results/flow-captured/default/tumblr.pcap.out b/test/results/flow-captured/default/tumblr.pcap.out new file mode 100644 index 000000000..29291a1a6 --- /dev/null +++ b/test/results/flow-captured/default/tumblr.pcap.out @@ -0,0 +1,10 @@ +Flow 6 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:42908 -> 64:ff9b::98c7:1593:443 +Flow 6 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:42908 -> 64:ff9b::98c7:1593:443 +Flow 2 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:48240 -> 64:ff9b::9765:789d:443 +Flow 2 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:48240 -> 64:ff9b::9765:789d:443 +Flow 14 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:56794 -> 64:ff9b::c000:4d03:443 +Flow 14 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:56794 -> 64:ff9b::c000:4d03:443 +Flow 9 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43434 -> 64:ff9b::c000:4d28:443 +Flow 9 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43434 -> 64:ff9b::c000:4d28:443 +Flow 15 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:51874 -> 64:ff9b::c000:4c03:443 +Flow 15 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:51874 -> 64:ff9b::c000:4c03:443 diff --git a/test/results/flow-captured/default/tunnelbear.pcap.out b/test/results/flow-captured/default/tunnelbear.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tunnelbear.pcap.out diff --git a/test/results/flow-captured/default/tuya_lp.pcap.out b/test/results/flow-captured/default/tuya_lp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tuya_lp.pcap.out diff --git a/test/results/flow-captured/default/ubntac2.pcap.out b/test/results/flow-captured/default/ubntac2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ubntac2.pcap.out diff --git a/test/results/flow-captured/default/ultrasurf.pcap.out b/test/results/flow-captured/default/ultrasurf.pcap.out new file mode 100644 index 000000000..4076ef85d --- /dev/null +++ b/test/results/flow-captured/default/ultrasurf.pcap.out @@ -0,0 +1,3 @@ +Flow 1 midstream: tcp 65.49.68.25:50053 -> 10.132.0.23:37898 +Flow 2 risky: tcp 10.132.0.23:38120 -> 65.49.68.25:50053 +Flow 3 risky: tcp 10.132.0.23:38152 -> 65.49.68.25:50053 diff --git a/test/results/flow-captured/default/upnp.pcap.out b/test/results/flow-captured/default/upnp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/upnp.pcap.out diff --git a/test/results/flow-captured/default/viber.pcap.out b/test/results/flow-captured/default/viber.pcap.out new file mode 100644 index 000000000..ac2797c0c --- /dev/null +++ b/test/results/flow-captured/default/viber.pcap.out @@ -0,0 +1 @@ +Flow 29 midstream: tcp 192.168.2.100:42900 -> 44.192.202.74:4244 diff --git a/test/results/flow-captured/default/vk.pcapng.out b/test/results/flow-captured/default/vk.pcapng.out new file mode 100644 index 000000000..ce73be080 --- /dev/null +++ b/test/results/flow-captured/default/vk.pcapng.out @@ -0,0 +1,4 @@ +Flow 2 risky: tcp 192.168.1.249:40344 -> 87.240.129.140:443 +Flow 2 midstream: tcp 192.168.1.249:40344 -> 87.240.129.140:443 +Flow 3 risky: tcp 192.168.1.249:60436 -> 87.240.132.78:443 +Flow 3 midstream: tcp 192.168.1.249:60436 -> 87.240.132.78:443 diff --git a/test/results/flow-captured/default/vnc.pcap.out b/test/results/flow-captured/default/vnc.pcap.out new file mode 100644 index 000000000..74ea1cd16 --- /dev/null +++ b/test/results/flow-captured/default/vnc.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 95.237.48.208:59791 -> 192.168.2.110:6900 +Flow 2 risky: tcp 95.237.48.208:51559 -> 192.168.2.110:6900 diff --git a/test/results/flow-captured/default/vrrp3.pcapng.out b/test/results/flow-captured/default/vrrp3.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/vrrp3.pcapng.out diff --git a/test/results/flow-captured/default/vxlan.pcap.out b/test/results/flow-captured/default/vxlan.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/vxlan.pcap.out diff --git a/test/results/flow-captured/default/wa_video.pcap.out b/test/results/flow-captured/default/wa_video.pcap.out new file mode 100644 index 000000000..d0eab6a06 --- /dev/null +++ b/test/results/flow-captured/default/wa_video.pcap.out @@ -0,0 +1,2 @@ +Flow 11 risky: udp 192.168.2.12:53688 -> 91.252.56.51:32641 +Flow 10 risky: udp 192.168.2.12:53688 -> 1.60.78.64:59491 diff --git a/test/results/flow-captured/default/wa_voice.pcap.out b/test/results/flow-captured/default/wa_voice.pcap.out new file mode 100644 index 000000000..d2c04c6b4 --- /dev/null +++ b/test/results/flow-captured/default/wa_voice.pcap.out @@ -0,0 +1,4 @@ +Flow 23 risky: udp 91.252.56.51:32704 -> 192.168.2.12:56328 +Flow 3 midstream: tcp 192.168.2.12:49354 -> 17.242.60.84:5223 +Flow 9 midstream: tcp 17.171.47.85:443 -> 192.168.2.12:50502 +Flow 24 risky: udp 192.168.2.12:56328 -> 1.60.78.64:64282 diff --git a/test/results/flow-captured/default/waze.pcap.out b/test/results/flow-captured/default/waze.pcap.out new file mode 100644 index 000000000..c812b7446 --- /dev/null +++ b/test/results/flow-captured/default/waze.pcap.out @@ -0,0 +1,6 @@ +Flow 3 risky: tcp 10.8.0.1:54915 -> 65.39.128.135:80 +Flow 18 risky: tcp 10.8.0.1:39021 -> 52.17.114.219:443 +Flow 6 risky: tcp 10.8.0.1:36102 -> 46.51.173.182:443 +Flow 5 risky: tcp 10.8.0.1:36100 -> 46.51.173.182:443 +Flow 19 risky: tcp 10.8.0.1:36312 -> 176.34.186.180:443 +Flow 7 risky: tcp 10.8.0.1:36585 -> 173.194.118.48:443 diff --git a/test/results/flow-captured/default/webex.pcap.out b/test/results/flow-captured/default/webex.pcap.out new file mode 100644 index 000000000..1e895a83d --- /dev/null +++ b/test/results/flow-captured/default/webex.pcap.out @@ -0,0 +1,18 @@ +Flow 2 risky: tcp 10.8.0.1:41348 -> 64.68.105.103:443 +Flow 9 risky: tcp 10.8.0.1:41358 -> 64.68.105.103:443 +Flow 37 risky: tcp 10.8.0.1:51155 -> 62.109.224.120:443 +Flow 36 risky: tcp 10.8.0.1:51154 -> 62.109.224.120:443 +Flow 52 risky: tcp 10.8.0.1:51857 -> 62.109.229.158:443 +Flow 45 risky: tcp 10.8.0.1:59756 -> 78.46.237.91:80 +Flow 46 risky: tcp 10.8.0.1:59757 -> 78.46.237.91:80 +Flow 33 midstream: tcp 10.133.206.47:33459 -> 80.74.110.68:443 +Flow 56 risky: tcp 10.8.0.1:51194 -> 62.109.224.120:443 +Flow 35 risky: tcp 10.8.0.1:33512 -> 80.74.110.68:443 +Flow 47 risky: tcp 10.8.0.1:33551 -> 80.74.110.68:443 +Flow 48 risky: tcp 10.8.0.1:33553 -> 80.74.110.68:443 +Flow 49 risky: tcp 10.8.0.1:33554 -> 80.74.110.68:443 +Flow 51 risky: tcp 10.8.0.1:33559 -> 80.74.110.68:443 +Flow 1 risky: tcp 10.8.0.1:41346 -> 64.68.105.103:443 +Flow 3 risky: tcp 10.8.0.1:41350 -> 64.68.105.103:443 +Flow 4 risky: tcp 10.8.0.1:41351 -> 64.68.105.103:443 +Flow 7 risky: tcp 10.8.0.1:41354 -> 64.68.105.103:443 diff --git a/test/results/flow-captured/default/websocket.pcap.out b/test/results/flow-captured/default/websocket.pcap.out new file mode 100644 index 000000000..e4bad8c09 --- /dev/null +++ b/test/results/flow-captured/default/websocket.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.43.135:12345 -> 192.168.43.1:50999 diff --git a/test/results/flow-captured/default/wechat.pcap.out b/test/results/flow-captured/default/wechat.pcap.out new file mode 100644 index 000000000..5206eefbc --- /dev/null +++ b/test/results/flow-captured/default/wechat.pcap.out @@ -0,0 +1,4 @@ +Flow 13 midstream: tcp 203.205.151.162:443 -> 192.168.1.103:54058 +Flow 25 midstream: tcp 192.168.1.103:40740 -> 203.205.151.211:443 +Flow 49 risky: udp 192.168.1.100:138 -> 192.168.1.255:138 +Flow 104 risky: udp 192.168.1.100:138 -> 192.168.1.255:138 diff --git a/test/results/flow-captured/default/weibo.pcap.out b/test/results/flow-captured/default/weibo.pcap.out new file mode 100644 index 000000000..1c8e8c934 --- /dev/null +++ b/test/results/flow-captured/default/weibo.pcap.out @@ -0,0 +1,2 @@ +Flow 15 risky: udp 192.168.1.105:53543 -> 192.168.1.1:53 +Flow 21 risky: udp 192.168.1.105:50640 -> 192.168.1.1:53 diff --git a/test/results/flow-captured/default/whatsapp.pcap.out b/test/results/flow-captured/default/whatsapp.pcap.out new file mode 100644 index 000000000..104d17010 --- /dev/null +++ b/test/results/flow-captured/default/whatsapp.pcap.out @@ -0,0 +1,86 @@ +Flow 1 risky: tcp 192.168.2.100:44804 -> 179.60.195.49:5222 +Flow 6 risky: tcp 192.168.2.100:42646 -> 179.60.195.49:5222 +Flow 2 risky: tcp 192.168.2.100:40084 -> 179.60.195.49:5222 +Flow 5 risky: tcp 192.168.2.100:40178 -> 179.60.195.49:5222 +Flow 7 risky: tcp 192.168.2.100:40204 -> 179.60.195.49:5222 +Flow 3 risky: tcp 192.168.2.100:42272 -> 179.60.195.49:5222 +Flow 4 risky: tcp 192.168.2.100:42436 -> 179.60.195.49:5222 +Flow 8 risky: tcp 192.168.2.100:45932 -> 179.60.195.49:5222 +Flow 9 risky: tcp 192.168.2.100:40954 -> 179.60.195.49:5222 +Flow 11 risky: tcp 192.168.2.100:49026 -> 179.60.195.33:5222 +Flow 10 risky: tcp 192.168.2.100:41214 -> 179.60.195.49:5222 +Flow 12 risky: tcp 192.168.2.100:41288 -> 179.60.195.49:5222 +Flow 13 risky: tcp 192.168.2.100:41610 -> 179.60.195.49:5222 +Flow 14 risky: tcp 192.168.2.100:41808 -> 179.60.195.49:5222 +Flow 15 risky: tcp 192.168.2.100:37482 -> 179.60.195.33:5222 +Flow 16 risky: tcp 192.168.2.100:37582 -> 179.60.195.33:5222 +Flow 17 risky: tcp 192.168.2.100:45754 -> 179.60.195.49:5222 +Flow 18 risky: tcp 192.168.2.100:45824 -> 179.60.195.49:5222 +Flow 22 risky: tcp 192.168.2.100:43084 -> 179.60.195.49:5222 +Flow 21 risky: tcp 192.168.2.100:45470 -> 179.60.195.33:5222 +Flow 23 risky: tcp 192.168.2.100:45602 -> 179.60.195.33:5222 +Flow 19 risky: tcp 192.168.2.100:46406 -> 179.60.195.49:5222 +Flow 20 risky: tcp 192.168.2.100:40224 -> 31.13.83.49:5222 +Flow 24 risky: tcp 192.168.2.100:43152 -> 179.60.195.49:5222 +Flow 26 risky: tcp 192.168.2.100:43206 -> 179.60.195.49:5222 +Flow 25 risky: tcp 192.168.2.100:46042 -> 179.60.195.33:5222 +Flow 27 risky: tcp 192.168.2.100:43230 -> 179.60.195.49:5222 +Flow 28 risky: tcp 192.168.2.100:46468 -> 179.60.195.33:5222 +Flow 29 risky: tcp 192.168.2.100:47360 -> 179.60.195.33:5222 +Flow 30 risky: tcp 192.168.2.100:39828 -> 179.60.195.33:5222 +Flow 31 risky: tcp 192.168.2.100:40108 -> 179.60.195.33:5222 +Flow 33 risky: tcp 192.168.2.100:49096 -> 31.13.93.54:5222 +Flow 32 risky: tcp 192.168.2.100:43954 -> 179.60.195.49:5222 +Flow 35 risky: tcp 192.168.2.100:40990 -> 179.60.195.33:5222 +Flow 34 risky: tcp 192.168.2.100:43978 -> 179.60.195.49:5222 +Flow 36 risky: tcp 192.168.2.100:45290 -> 179.60.195.49:5222 +Flow 37 risky: tcp 192.168.2.100:51544 -> 179.60.195.49:5222 +Flow 39 risky: tcp 192.168.2.100:51724 -> 179.60.195.49:5222 +Flow 38 risky: tcp 192.168.2.100:47948 -> 179.60.195.49:5222 +Flow 40 risky: tcp 192.168.2.100:45334 -> 179.60.195.49:5222 +Flow 42 risky: tcp 192.168.2.100:41664 -> 179.60.195.33:5222 +Flow 41 risky: tcp 192.168.2.100:52152 -> 179.60.195.49:5222 +Flow 44 risky: tcp 192.168.2.100:41722 -> 179.60.195.33:5222 +Flow 43 risky: tcp 192.168.2.100:52294 -> 179.60.195.49:5222 +Flow 46 risky: tcp 192.168.2.100:55038 -> 179.60.195.49:5222 +Flow 47 risky: tcp 192.168.2.100:55476 -> 31.13.70.50:5222 +Flow 45 risky: tcp 192.168.2.100:48234 -> 179.60.195.49:5222 +Flow 50 risky: tcp 192.168.2.100:42622 -> 179.60.195.33:5222 +Flow 52 risky: tcp 192.168.2.100:42796 -> 179.60.195.33:5222 +Flow 53 risky: tcp 192.168.2.100:43152 -> 179.60.195.33:5222 +Flow 49 risky: tcp 192.168.2.100:45850 -> 179.60.195.49:5222 +Flow 51 risky: tcp 192.168.2.100:58198 -> 179.60.195.49:5222 +Flow 48 risky: tcp 192.168.2.100:48538 -> 179.60.195.49:5222 +Flow 54 risky: tcp 192.168.2.100:46732 -> 179.60.195.49:5222 +Flow 57 risky: tcp 192.168.2.100:46768 -> 179.60.195.49:5222 +Flow 58 risky: tcp 192.168.2.100:45130 -> 179.60.195.33:5222 +Flow 55 risky: tcp 192.168.2.100:58882 -> 179.60.195.49:5222 +Flow 56 risky: tcp 192.168.2.100:46598 -> 179.60.195.49:5222 +Flow 59 risky: tcp 192.168.2.100:60328 -> 179.60.195.49:5222 +Flow 61 risky: tcp 192.168.2.100:47086 -> 179.60.195.49:5222 +Flow 60 risky: tcp 192.168.2.100:32798 -> 179.60.195.49:5222 +Flow 62 risky: tcp 192.168.2.100:49182 -> 179.60.195.49:5222 +Flow 63 risky: tcp 192.168.2.100:49232 -> 179.60.195.49:5222 +Flow 64 risky: tcp 192.168.2.100:47350 -> 179.60.195.49:5222 +Flow 65 risky: tcp 192.168.2.100:49238 -> 179.60.195.49:5222 +Flow 66 risky: tcp 192.168.2.100:49250 -> 179.60.195.49:5222 +Flow 67 risky: tcp 192.168.2.100:47296 -> 179.60.195.49:5222 +Flow 68 risky: tcp 192.168.2.100:47900 -> 179.60.195.49:5222 +Flow 69 risky: tcp 192.168.2.100:47590 -> 179.60.195.49:5222 +Flow 70 risky: tcp 192.168.2.100:49428 -> 179.60.195.49:5222 +Flow 71 risky: tcp 192.168.2.100:47634 -> 179.60.195.49:5222 +Flow 72 risky: tcp 192.168.2.100:49610 -> 179.60.195.49:5222 +Flow 73 risky: tcp 192.168.2.100:37378 -> 179.60.195.49:5222 +Flow 74 risky: tcp 192.168.2.100:47738 -> 179.60.195.49:5222 +Flow 84 risky: tcp 192.168.2.100:47284 -> 179.60.195.33:5222 +Flow 85 risky: tcp 192.168.2.100:39334 -> 179.60.195.49:5222 +Flow 75 risky: tcp 192.168.2.100:37404 -> 179.60.195.49:5222 +Flow 76 risky: tcp 192.168.2.100:47776 -> 179.60.195.49:5222 +Flow 79 risky: tcp 192.168.2.100:47810 -> 179.60.195.49:5222 +Flow 78 risky: tcp 192.168.2.100:37674 -> 179.60.195.49:5222 +Flow 77 risky: tcp 192.168.2.100:37766 -> 179.60.195.49:5222 +Flow 81 risky: tcp 192.168.2.100:37822 -> 179.60.195.49:5222 +Flow 86 risky: tcp 192.168.2.100:40006 -> 179.60.195.49:5222 +Flow 80 risky: tcp 192.168.2.100:46394 -> 179.60.195.33:5222 +Flow 83 risky: tcp 192.168.2.100:38234 -> 179.60.195.49:5222 +Flow 82 risky: tcp 192.168.2.100:46576 -> 179.60.195.33:5222 diff --git a/test/results/flow-captured/default/whatsapp_login_call.pcap.out b/test/results/flow-captured/default/whatsapp_login_call.pcap.out new file mode 100644 index 000000000..e3424d2df --- /dev/null +++ b/test/results/flow-captured/default/whatsapp_login_call.pcap.out @@ -0,0 +1,11 @@ +Flow 17 risky: tcp 192.168.2.4:49204 -> 17.173.66.102:443 +Flow 39 risky: udp 192.168.2.4:51518 -> 91.253.176.65:9344 +Flow 55 risky: udp 192.168.2.4:52794 -> 91.253.176.65:9665 +Flow 38 risky: udp 192.168.2.4:51518 -> 1.194.90.191:60312 +Flow 57 risky: tcp 192.168.2.4:49205 -> 17.173.66.102:443 +Flow 6 midstream: tcp 192.168.2.4:49172 -> 23.50.148.228:443 +Flow 54 risky: udp 192.168.2.4:52794 -> 1.194.90.191:51727 +Flow 1 risky: tcp 192.168.2.4:49199 -> 17.172.100.70:993 +Flow 1 midstream: tcp 192.168.2.4:49199 -> 17.172.100.70:993 +Flow 16 midstream: tcp 192.168.2.4:49193 -> 17.110.229.14:5223 +Flow 13 risky: tcp 192.168.2.4:49201 -> 17.178.104.12:443 diff --git a/test/results/flow-captured/default/whatsapp_login_chat.pcap.out b/test/results/flow-captured/default/whatsapp_login_chat.pcap.out new file mode 100644 index 000000000..185febc11 --- /dev/null +++ b/test/results/flow-captured/default/whatsapp_login_chat.pcap.out @@ -0,0 +1,4 @@ +Flow 4 risky: tcp 192.168.2.4:49205 -> 17.173.66.102:443 +Flow 4 midstream: tcp 192.168.2.4:49205 -> 17.173.66.102:443 +Flow 9 risky: tcp 17.110.229.14:5223 -> 192.168.2.4:49193 +Flow 9 midstream: tcp 17.110.229.14:5223 -> 192.168.2.4:49193 diff --git a/test/results/flow-captured/default/whatsapp_voice_and_message.pcap.out b/test/results/flow-captured/default/whatsapp_voice_and_message.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/whatsapp_voice_and_message.pcap.out diff --git a/test/results/flow-captured/default/whatsappfiles.pcap.out b/test/results/flow-captured/default/whatsappfiles.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/whatsappfiles.pcap.out diff --git a/test/results/flow-captured/default/whois.pcapng.out b/test/results/flow-captured/default/whois.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/whois.pcapng.out diff --git a/test/results/flow-captured/default/windowsupdate_over_http.pcap.out b/test/results/flow-captured/default/windowsupdate_over_http.pcap.out new file mode 100644 index 000000000..239e43df9 --- /dev/null +++ b/test/results/flow-captured/default/windowsupdate_over_http.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.0.2.15:49815 -> 151.99.72.125:80 diff --git a/test/results/flow-captured/default/wireguard.pcap.out b/test/results/flow-captured/default/wireguard.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/wireguard.pcap.out diff --git a/test/results/flow-captured/default/wow.pcap.out b/test/results/flow-captured/default/wow.pcap.out new file mode 100644 index 000000000..d54622fae --- /dev/null +++ b/test/results/flow-captured/default/wow.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.178.20:39309 -> 12.129.222.53:80 +Flow 2 risky: tcp 192.168.178.20:39312 -> 24.105.29.21:80 diff --git a/test/results/flow-captured/default/xdmcp.pcap.out b/test/results/flow-captured/default/xdmcp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/xdmcp.pcap.out diff --git a/test/results/flow-captured/default/xiaomi.pcap.out b/test/results/flow-captured/default/xiaomi.pcap.out new file mode 100644 index 000000000..46ef54207 --- /dev/null +++ b/test/results/flow-captured/default/xiaomi.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 47.241.7.88:5222 -> 10.52.151.160:39180 diff --git a/test/results/flow-captured/default/xss.pcap.out b/test/results/flow-captured/default/xss.pcap.out new file mode 100644 index 000000000..2a93a6ecf --- /dev/null +++ b/test/results/flow-captured/default/xss.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.3.109:53514 -> 192.168.3.107:80 diff --git a/test/results/flow-captured/default/yandex.pcapng.out b/test/results/flow-captured/default/yandex.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/yandex.pcapng.out diff --git a/test/results/flow-captured/default/youtube_quic.pcap.out b/test/results/flow-captured/default/youtube_quic.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/youtube_quic.pcap.out diff --git a/test/results/flow-captured/default/youtubeupload.pcap.out b/test/results/flow-captured/default/youtubeupload.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/youtubeupload.pcap.out diff --git a/test/results/flow-captured/default/z3950.pcapng.out b/test/results/flow-captured/default/z3950.pcapng.out new file mode 100644 index 000000000..5ca2a64b8 --- /dev/null +++ b/test/results/flow-captured/default/z3950.pcapng.out @@ -0,0 +1 @@ +Flow 2 risky: tcp 192.168.0.20:46524 -> 129.187.139.43:9991 diff --git a/test/results/flow-captured/default/zabbix.pcap.out b/test/results/flow-captured/default/zabbix.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/zabbix.pcap.out diff --git a/test/results/flow-captured/default/zattoo.pcap.out b/test/results/flow-captured/default/zattoo.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/zattoo.pcap.out diff --git a/test/results/flow-captured/default/zcash.pcap.out b/test/results/flow-captured/default/zcash.pcap.out new file mode 100644 index 000000000..16aac9d3a --- /dev/null +++ b/test/results/flow-captured/default/zcash.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.2.92:55190 -> 178.32.196.217:9050 diff --git a/test/results/flow-captured/default/zoom.pcap.out b/test/results/flow-captured/default/zoom.pcap.out new file mode 100644 index 000000000..40e91288c --- /dev/null +++ b/test/results/flow-captured/default/zoom.pcap.out @@ -0,0 +1,6 @@ +Flow 30 risky: tcp 192.168.1.117:54871 -> 109.94.160.99:443 +Flow 9 risky: udp 192.168.1.117:65394 -> 192.168.1.1:53 +Flow 14 risky: udp 192.168.1.117:23903 -> 162.255.38.14:3479 +Flow 3 risky: tcp 192.168.1.117:54863 -> 167.99.215.164:4434 +Flow 16 risky: tcp 192.168.1.117:53872 -> 35.186.224.53:443 +Flow 16 midstream: tcp 192.168.1.117:53872 -> 35.186.224.53:443 diff --git a/test/results/flow-captured/default/zoom2.pcap.out b/test/results/flow-captured/default/zoom2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/zoom2.pcap.out diff --git a/test/results/flow-captured/default/zoom_p2p.pcapng.out b/test/results/flow-captured/default/zoom_p2p.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/zoom_p2p.pcapng.out diff --git a/test/results/flow-captured/disable_aggressiveness/ookla.pcap.out b/test/results/flow-captured/disable_aggressiveness/ookla.pcap.out new file mode 100644 index 000000000..76a45ed58 --- /dev/null +++ b/test/results/flow-captured/disable_aggressiveness/ookla.pcap.out @@ -0,0 +1,2 @@ +Flow 3 risky: tcp 192.168.1.7:51207 -> 46.44.253.187:80 +Flow 6 risky: tcp 192.168.1.128:35830 -> 89.96.108.170:8080 diff --git a/test/results/flow-captured/disable_protocols/dns_long_domainname.pcap.out b/test/results/flow-captured/disable_protocols/dns_long_domainname.pcap.out new file mode 100644 index 000000000..310b46b56 --- /dev/null +++ b/test/results/flow-captured/disable_protocols/dns_long_domainname.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.168:65311 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/disable_protocols/pluralsight.pcap.out b/test/results/flow-captured/disable_protocols/pluralsight.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/disable_protocols/pluralsight.pcap.out diff --git a/test/results/flow-captured/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/flow-captured/disable_protocols/quic-mvfst-27.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/disable_protocols/quic-mvfst-27.pcapng.out diff --git a/test/results/flow-captured/disable_protocols/soap.pcap.out b/test/results/flow-captured/disable_protocols/soap.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/disable_protocols/soap.pcap.out diff --git a/test/results/flow-captured/disable_stun_monitoring/lru_ipv6_caches.pcapng.out b/test/results/flow-captured/disable_stun_monitoring/lru_ipv6_caches.pcapng.out new file mode 100644 index 000000000..79c0e80d8 --- /dev/null +++ b/test/results/flow-captured/disable_stun_monitoring/lru_ipv6_caches.pcapng.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881 -> 3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27:60506 +Flow 3 risky: udp 2a2f:8509:1cb2:466d:ecbf:69d6:109c:608:62229 -> 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881 diff --git a/test/results/flow-captured/enable_doh_heuristic/doh.pcapng.out b/test/results/flow-captured/enable_doh_heuristic/doh.pcapng.out new file mode 100644 index 000000000..385d1d5db --- /dev/null +++ b/test/results/flow-captured/enable_doh_heuristic/doh.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.253:35996 -> 1.1.1.1:443 diff --git a/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out b/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out new file mode 100644 index 000000000..e951b4706 --- /dev/null +++ b/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out @@ -0,0 +1,98 @@ +Flow 37 risky: tcp 192.168.115.8:49606 -> 106.185.35.110:80 +Flow 41 risky: tcp 192.168.115.8:49609 -> 42.120.51.152:8080 +Flow 14 risky: udp 192.168.115.8:51024 -> 8.8.8.8:53 +Flow 20 risky: udp 192.168.3.95:58779 -> 224.0.0.252:5355 +Flow 19 risky: udp fe80::e98f:bae2:19f7:6b0f:58779 -> ff02::1:3:5355 +Flow 24 risky: udp 192.168.115.8:52723 -> 168.95.1.1:53 +Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53 +Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138 +Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355 +Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53 +Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53 +Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355 +Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355 +Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138 +Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099 +Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80 +Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80 +Flow 45 risky: tcp 192.168.5.16:53623 -> 192.168.115.75:443 +Flow 87 risky: tcp 192.168.5.16:53625 -> 192.168.115.75:443 +Flow 107 risky: tcp 192.168.5.16:53626 -> 192.168.115.75:443 +Flow 117 risky: tcp 192.168.5.16:53629 -> 192.168.115.75:443 +Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80 +Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80 +Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355 +Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80 +Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80 +Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80 +Flow 158 midstream: tcp 192.168.2.126:49372 -> 14.136.136.108:80 +Flow 150 midstream: tcp 192.168.2.126:45416 -> 161.117.13.29:80 +Flow 147 midstream: tcp 192.168.2.126:45388 -> 161.117.13.29:80 +Flow 148 midstream: tcp 192.168.2.126:45398 -> 161.117.13.29:80 +Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80 +Flow 178 risky: tcp 192.168.2.126:56826 -> 8.209.97.107:80 +Flow 178 midstream: tcp 192.168.2.126:56826 -> 8.209.97.107:80 +Flow 149 midstream: tcp 192.168.2.126:45414 -> 161.117.13.29:80 +Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80 +Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80 +Flow 192 midstream: tcp 192.168.2.126:54810 -> 18.233.123.55:80 +Flow 184 midstream: tcp 192.168.2.126:36636 -> 18.64.103.30:80 +Flow 185 midstream: tcp 192.168.2.126:36640 -> 18.64.103.30:80 +Flow 186 midstream: tcp 192.168.2.126:36654 -> 18.64.103.30:80 +Flow 180 midstream: tcp 192.168.2.126:58758 -> 202.153.196.53:80 +Flow 181 midstream: tcp 192.168.2.126:58760 -> 202.153.196.53:80 +Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80 +Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80 +Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80 +Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80 +Flow 155 midstream: tcp 192.168.2.126:38354 -> 142.250.186.34:80 +Flow 157 midstream: tcp 192.168.2.126:49354 -> 14.136.136.108:80 +Flow 159 midstream: tcp 192.168.2.126:49370 -> 14.136.136.108:80 +Flow 162 midstream: tcp 192.168.2.126:49396 -> 14.136.136.108:80 +Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80 +Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80 +Flow 161 midstream: tcp 192.168.2.126:49412 -> 14.136.136.108:80 +Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80 +Flow 164 midstream: tcp 192.168.2.126:50140 -> 161.117.13.29:80 +Flow 165 midstream: tcp 192.168.2.126:50148 -> 161.117.13.29:80 +Flow 166 midstream: tcp 192.168.2.126:50164 -> 161.117.13.29:80 +Flow 167 midstream: tcp 192.168.2.126:50166 -> 161.117.13.29:80 +Flow 168 midstream: tcp 192.168.2.126:50176 -> 161.117.13.29:80 +Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80 +Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80 +Flow 156 midstream: tcp 192.168.2.126:36732 -> 142.250.186.174:80 +Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80 +Flow 189 midstream: tcp 192.168.2.126:42554 -> 35.156.44.13:80 +Flow 190 risky: tcp 192.168.2.126:42566 -> 35.156.44.13:80 +Flow 190 midstream: tcp 192.168.2.126:42566 -> 35.156.44.13:80 +Flow 195 midstream: tcp 192.168.2.126:33042 -> 3.122.190.70:80 +Flow 173 midstream: tcp 192.168.2.126:56094 -> 3.72.69.158:80 +Flow 175 midstream: tcp 192.168.2.126:56096 -> 3.72.69.158:80 +Flow 174 midstream: tcp 192.168.2.126:56098 -> 3.72.69.158:80 +Flow 176 midstream: tcp 192.168.2.126:56104 -> 3.72.69.158:80 +Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80 +Flow 130 risky: tcp 192.168.2.126:60962 -> 172.104.93.92:1234 +Flow 130 midstream: tcp 192.168.2.126:60962 -> 172.104.93.92:1234 +Flow 131 risky: tcp 192.168.2.126:60972 -> 172.104.93.92:1234 +Flow 131 midstream: tcp 192.168.2.126:60972 -> 172.104.93.92:1234 +Flow 132 risky: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 +Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 +Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80 +Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80 +Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80 +Flow 139 midstream: tcp 192.168.2.126:60148 -> 172.105.121.82:80 +Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80 +Flow 138 risky: tcp 192.168.2.126:38834 -> 119.45.78.184:80 +Flow 138 midstream: tcp 192.168.2.126:38834 -> 119.45.78.184:80 +Flow 182 midstream: tcp 192.168.2.126:35664 -> 18.66.2.90:80 +Flow 141 midstream: tcp 192.168.2.126:46184 -> 172.105.121.82:80 +Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80 +Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80 +Flow 188 risky: tcp 192.168.2.126:37100 -> 52.29.177.177:80 +Flow 188 midstream: tcp 192.168.2.126:37100 -> 52.29.177.177:80 +Flow 143 midstream: tcp 192.168.2.126:46200 -> 172.105.121.82:80 +Flow 135 midstream: tcp 192.168.2.126:47246 -> 161.117.13.29:80 +Flow 144 midstream: tcp 192.168.2.126:46212 -> 172.105.121.82:80 +Flow 136 midstream: tcp 192.168.2.126:47262 -> 161.117.13.29:80 +Flow 137 midstream: tcp 192.168.2.126:47272 -> 161.117.13.29:80 +Flow 145 midstream: tcp 192.168.2.126:35200 -> 103.29.71.30:80 diff --git a/test/results/flow-captured/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/flow-captured/enable_stun_monitoring_with_subproto/wa_voice.pcap.out new file mode 100644 index 000000000..d2c04c6b4 --- /dev/null +++ b/test/results/flow-captured/enable_stun_monitoring_with_subproto/wa_voice.pcap.out @@ -0,0 +1,4 @@ +Flow 23 risky: udp 91.252.56.51:32704 -> 192.168.2.12:56328 +Flow 3 midstream: tcp 192.168.2.12:49354 -> 17.242.60.84:5223 +Flow 9 midstream: tcp 17.171.47.85:443 -> 192.168.2.12:50502 +Flow 24 risky: udp 192.168.2.12:56328 -> 1.60.78.64:64282 diff --git a/test/run_tests.sh b/test/run_tests.sh index 61bcfca00..0e749fc04 100755 --- a/test/run_tests.sh +++ b/test/run_tests.sh @@ -12,6 +12,7 @@ JSON_VALIDATOR="$(realpath "${3:-"${MYDIR}/../examples/py-schema-validation/py-s SEMN_VALIDATOR="$(realpath "${4:-"${MYDIR}/../examples/py-semantic-validation/py-semantic-validation.py"}")" FLOW_INFO="$(realpath "${5:-"${MYDIR}/../examples/py-flow-info/flow-info.py"}")" NDPISRVD_ANALYSED="$(realpath "${6:-"$(dirname ${nDPId_test_EXEC})/nDPIsrvd-analysed"}")" +NDPISRVD_CAPTURED="$(realpath "${6:-"$(dirname ${nDPId_test_EXEC})/nDPIsrvd-captured"}")" NDPISRVD_COLLECTD="$(realpath "${6:-"$(dirname ${nDPId_test_EXEC})/nDPIsrvd-collectd"}")" IS_GIT=$(test -d "${MYDIR}/../.git" -o -f "${MYDIR}/../.git" && printf '1' || printf '0') @@ -26,6 +27,7 @@ usage: ${0} [path-to-nDPI-source-root] \\ path-to-nDPId-SEMANTIC-validator default to ${SEMN_VALIDATOR} path-to-nDPId-flow-info defaults to ${FLOW_INFO} path-to-nDPIsrvd-analysed defaults to ${NDPISRVD_ANALYSED} + path-to-nDPIsrvd-captured defaults to ${NDPISRVD_CAPTURED} path-to-nDPIsrvd-collectd defaults to ${NDPISRVD_COLLECTD} EOF return 0 @@ -343,6 +345,71 @@ fi cat <<EOF +------------------------ +-- Flow Captured DIFF -- +------------------------ + +EOF + +mkdir -p "${MYDIR}/results/flow-captured" +if [ -x "${NDPISRVD_CAPTURED}" ]; then + cd "${MYDIR}" + for out_file in results/*/*.out; do + if [ ! -r "${out_file}" ]; then + printf '%s: %s\n' "${0}" "${out_file} does not exist!" + TESTS_FAILED=$((TESTS_FAILED + 1)) + continue + fi + out_name="$(basename ${out_file})" + pcap_cfg="$(basename $(dirname ${out_file%.out}))" + stdout_file="/tmp/nDPId-test-stdout/${pcap_cfg}_${out_name}.flow-captured.csv.new" + stderr_file="/tmp/nDPId-test-stderr/${out_name}" + result_file="${MYDIR}/results/flow-captured/${pcap_cfg}/${out_name}" + mkdir -p "$(dirname ${result_file})" + printf "%-${LINE_SPACES}s\t" "${out_name}" + cat "${out_file}" | grep -vE '^~~.*$' | ${NETCAT_EXEC} & + nc_pid=$! + while ! ss -x -t -n -l | grep -q "${NETCAT_SOCK}"; do sleep 0.1; printf '%s\n' "Waiting until socket ${NETCAT_SOCK} is available.." >>"${stderr_file}"; done + ${NDPISRVD_CAPTURED} -s "${NETCAT_SOCK}" -c -l -G -U -R0 -M -E 2>>"${stderr_file}" 1>"${stdout_file}" + kill -SIGTERM ${nc_pid} 2>/dev/null + wait ${nc_pid} 2>/dev/null + while ss -x -t -n -l | grep -q "${NETCAT_SOCK}"; do sleep 0.1; printf '%s\n' "Waiting until socket ${NETCAT_SOCK} is not available anymore.." >>"${stderr_file}"; done + if [ ! -r "${result_file}" ]; then + printf '%s\n' '[NEW]' + test ${IS_GIT} -eq 1 && \ + mv "${stdout_file}" "${result_file}" + TESTS_FAILED=$((TESTS_FAILED + 1)) + elif diff -u0 "${result_file}" "${stdout_file}" >/dev/null; then + printf '%s\n' '[OK]' + rm -f "${stdout_file}" + else + printf '%s\n' '[DIFF]' + diff -u0 "${result_file}" "${stdout_file}" + test ${IS_GIT} -eq 1 && \ + mv "${stdout_file}" "${result_file}" + TESTS_FAILED=$((TESTS_FAILED + 1)) + fi + done + + for out_file in ${MYDIR}/results/flow-captured/*/*.out; do + if [ ! -r "${out_file}" ]; then + printf '%s: %s\n' "${0}" "${out_file} does not exist!" + TESTS_FAILED=$((TESTS_FAILED + 1)) + continue + fi + result_file="$(basename ${out_file})" + pcap_cfg="$(basename $(dirname ${out_file%.out}))" + if [ ! -r "${MYDIR}/results/${pcap_cfg}/${result_file}" ]; then + printf "%-${LINE_SPACES}s\t%s\n" "${result_file}" "[MISSING]" + TESTS_FAILED=$((TESTS_FAILED + 1)) + fi + done +else + printf '%s\n' "Not found or not executable: ${NDPISRVD_CAPTURED}" +fi + +cat <<EOF + ------------------------------ -- Collectd Statistics DIFF -- ------------------------------ |