bump libnDPI to ...

* upstream changed regression test interface, needed to adapt * improved libnDPI helper build script * updated JSON schema Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2023-05-23 04:38:07 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2023-05-24 19:30:19 +0200
commit: c9514136b7c4246a57b85474d1a8e376a9009d4a (patch)
tree: eb17d83ea16815000a4f723c240e54f21cf0691b /test/results/flow-info/default/tor.pcap.out
parent: a4e5bab9b2826ae50a48da275b6b441624aab50f (diff)
1 files changed, 159 insertions, 0 deletions
diff --git a/test/results/flow-info/default/tor.pcap.out b/test/results/flow-info/default/tor.pcap.out
new file mode 100644
index 000000000..e695c257a
--- /dev/null
+++ b/test/results/flow-info/default/tor.pcap.out
@@ -0,0 +1,159 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+      ERROR-EVENT: Unknown packet type [1/16]
+      ERROR-EVENT: Unknown packet type [2/16]
+      ERROR-EVENT: Unknown packet type [3/16]
+              new: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] 
+         detected: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe][www.ct7ctrgb6cr7.com]
+                   RISK: Obsolete TLS (v1.1 or older)
+ detection-update: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe][www.ct7ctrgb6cr7.com]
+                   RISK: Obsolete TLS (v1.1 or older), TLS Cert About To Expire
+      ERROR-EVENT: Unknown packet type [4/16]
+              new: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] 
+         detected: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com]
+                   RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
+ detection-update: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com]
+                   RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
+      ERROR-EVENT: Unknown packet type [5/16]
+              new: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] 
+         detected: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.q4cyamnc6mtokjurvdclt.com]
+                   RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
+ detection-update: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.q4cyamnc6mtokjurvdclt.com]
+                   RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
+      ERROR-EVENT: Unknown packet type [6/16]
+      ERROR-EVENT: Unknown packet type [7/16]
+              new: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] 
+         detected: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+      ERROR-EVENT: Unknown packet type [8/16]
+      ERROR-EVENT: Unknown packet type [9/16]
+      ERROR-EVENT: Unknown packet type [10/16]
+      ERROR-EVENT: Unknown packet type [11/16]
+      ERROR-EVENT: Unknown packet type [12/16]
+      ERROR-EVENT: Unknown packet type [13/16]
+      ERROR-EVENT: Unknown packet type [14/16]
+      ERROR-EVENT: Unknown packet type [15/16]
+      ERROR-EVENT: Unknown packet type [16/16]
+              new: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] 
+         detected: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][endian-pc]
+                   RISK: Unsafe Protocol
+          analyse: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|   31.166|    2.329|    7.550|   56997495.964|   1.900]
+                   [PKTLEN......:    40.000| 1500.000|  355.800|  354.900|     125974.500|   4.300]
+                   [BINS(c->s)..: 4,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1]
+                   [IATS(ms)....: 143.8,144.2,0.4,152.7,0.2,159.6,171.7,164.7,190.9,0.1,190.7,0.6,185.1,185.5,145.1,5.7,151.7,184.2,104.7,290.0,146.6,2536.0,2930.5,30770.7,31166.0,0.9,147.0,185.7,696.5,885.2,147.1]
+                   [PKTLENS.....: 52,52,46,264,40,969,238,99,114,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]
+                   [ENTROPIES...: 4.5,4.8,4.4,5.4,4.8,7.6,6.9,5.9,6.1,7.9,6.5,4.3,7.7,4.8,7.7,4.8,7.6,7.7,4.7,7.7,7.6,4.8,7.7,4.3,7.6,4.6,7.6,7.7,4.8,7.6,7.6,4.7]
+          analyse: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|   37.996|    2.549|    9.274|   86002509.021|   1.400]
+                   [PKTLEN......:    40.000| 1500.000|  448.800|  476.200|     226793.400|   4.200]
+                   [BINS(c->s)..: 5,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,0,1,0,1,1,1,0,1,1]
+                   [IATS(ms)....: 71.0,71.3,6.7,104.3,10.8,112.6,88.6,84.6,73.7,0.1,73.7,0.8,108.4,107.7,67.8,2.3,74.6,103.6,101.8,113.4,368.7,686.5,37720.4,37995.8,68.2,67.5,104.0,189.0,360.8,68.7,0.2]
+                   [PKTLENS.....: 52,52,46,255,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,626,626,40,626,46,626,40,626,40,626,1500,46,1500,1500]
+                   [ENTROPIES...: 4.5,4.9,4.5,5.4,4.9,7.4,6.6,6.0,6.1,7.9,6.5,4.5,7.7,4.9,7.6,4.9,7.6,7.6,7.7,7.7,4.8,7.7,4.4,7.7,4.9,7.7,4.9,7.7,7.9,4.5,7.9,7.9]
+           update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+              new: [.....6] [ip4][..tcp] [..192.168.1.252][51104] -> [...157.56.30.46][..443] [MIDSTREAM] 
+           update: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous]
+                   RISK: Unsafe Protocol
+          analyse: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|   71.328|    4.658|   14.789|  218716025.389|   1.800]
+                   [PKTLEN......:    40.000| 1500.000|  330.600|  347.100|     120444.200|   4.200]
+                   [BINS(c->s)..: 6,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0,0]
+                   [IATS(ms)....: 73.4,74.4,0.4,74.1,3.2,80.2,86.1,83.2,77.3,0.1,76.2,0.8,117.2,116.3,75.2,24.0,101.9,114.5,465.6,429.3,3.5,80.8,117.0,388.8,507.3,75.9,393.9,666.2,34353.1,34399.0,71328.4]
+                   [PKTLENS.....: 52,52,46,262,40,789,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,40,626,626,40,626,626,40,626,46,626,46,46]
+                   [ENTROPIES...: 4.5,4.9,4.4,5.5,4.7,7.3,6.7,5.9,6.2,7.9,6.5,4.4,7.6,4.8,7.6,4.8,7.7,7.7,4.8,7.7,4.8,7.6,7.7,4.8,7.7,7.7,4.8,7.6,4.5,7.6,4.3,4.5]
+      ERROR-EVENT: Unknown packet type [1/16]
+      ERROR-EVENT: Unknown packet type [2/16]
+      ERROR-EVENT: Unknown packet type [3/16]
+              new: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] 
+              new: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] 
+         detected: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe][www.t3i3ru.com]
+                   RISK: Obsolete TLS (v1.1 or older)
+         detected: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.gfu7hbxpfp.com]
+                   RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
+ detection-update: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe][www.t3i3ru.com]
+                   RISK: Obsolete TLS (v1.1 or older), TLS Cert About To Expire
+ detection-update: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.gfu7hbxpfp.com]
+                   RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol, TLS Cert About To Expire
+      ERROR-EVENT: Unknown packet type [4/16]
+              new: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] 
+         detected: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe][www.jmts2id.com]
+                   RISK: Obsolete TLS (v1.1 or older)
+ detection-update: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe][www.jmts2id.com]
+                   RISK: Obsolete TLS (v1.1 or older)
+          analyse: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|    0.991|    0.147|    0.220|      48576.569|   3.900]
+                   [PKTLEN......:    40.000| 1500.000|  348.200|  347.100|     120448.800|   4.300]
+                   [BINS(c->s)..: 4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1]
+                   [IATS(ms)....: 64.4,65.8,9.5,82.1,4.2,79.8,91.0,88.4,79.6,0.1,78.2,0.9,110.0,109.4,69.1,1.5,80.2,113.6,35.7,145.8,70.8,343.7,637.5,693.9,990.9,1.6,72.0,109.0,69.0,180.1,69.9]
+                   [PKTLENS.....: 52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]
+                   [ENTROPIES...: 4.5,4.9,4.4,5.4,4.8,7.4,6.7,5.9,6.1,7.8,6.6,4.4,7.7,4.8,7.7,4.7,7.7,7.6,4.7,7.6,7.6,4.7,7.7,4.4,7.7,4.8,7.6,7.7,4.8,7.7,7.7,4.7]
+      ERROR-EVENT: Unknown packet type [5/16]
+              end: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe]
+                   RISK: Obsolete TLS (v1.1 or older), TLS Cert About To Expire
+             idle: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous]
+                   RISK: Unsafe Protocol
+          guessed: [.....6] [ip4][..tcp] [..192.168.1.252][51104] -> [...157.56.30.46][..443] [TLS][Azure][Web][Safe]
+                   RISK: Unidirectional Traffic
+              end: [.....6] [ip4][..tcp] [..192.168.1.252][51104] -> [...157.56.30.46][..443] 
+              end: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+                   RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
+           update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+      ERROR-EVENT: Unknown packet type [6/16]
+      ERROR-EVENT: Unknown packet type [7/16]
+      ERROR-EVENT: Unknown packet type [8/16]
+      ERROR-EVENT: Unknown packet type [9/16]
+      ERROR-EVENT: Unknown packet type [10/16]
+      ERROR-EVENT: Unknown packet type [11/16]
+      ERROR-EVENT: Unknown packet type [12/16]
+      ERROR-EVENT: Unknown packet type [13/16]
+      ERROR-EVENT: Unknown packet type [14/16]
+      ERROR-EVENT: Unknown packet type [15/16]
+      ERROR-EVENT: Unknown packet type [16/16]
+           update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+              new: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] 
+         detected: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Unknown][Web][Safe][www.6gyip7tqim7sieb.com]
+                   RISK: Obsolete TLS (v1.1 or older)
+ detection-update: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Unknown][Web][Safe][www.6gyip7tqim7sieb.com]
+                   RISK: Obsolete TLS (v1.1 or older)
+              new: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] 
+         detected: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
+           update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+     DAEMON-EVENT: [Processed: 337 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 7 / 11|skipped: 0|!detected: 0|guessed: 1|detection-updates: 7|updates: 5]
+          analyse: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|   72.890|    8.727|   22.569|  509351076.823|   2.100]
+                   [PKTLEN......:    40.000| 1500.000|  312.000|  345.900|     119666.800|   4.200]
+                   [BINS(c->s)..: 9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0]
+                   [IATS(ms)....: 59.4,61.6,13.8,72.1,2.1,62.9,63.5,60.0,79.4,0.3,78.8,1.7,98.3,96.6,56.5,4.5,61.8,64.9,64.0,73.7,275.7,252.8,50.8,9.7,261.4,61538.3,61491.4,72591.4,72890.0,4.0,98.0]
+                   [PKTLENS.....: 52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]
+                   [ENTROPIES...: 4.5,4.9,4.4,5.3,4.8,7.4,6.7,6.0,6.2,7.9,6.5,4.4,7.7,4.8,7.6,4.9,7.7,7.7,7.6,7.7,7.6,4.5,7.7,4.9,7.6,4.5,7.7,4.5,4.5,4.7,4.7,4.5]
+           update: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
+              end: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+                   RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol, TLS Cert About To Expire
+             idle: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+             idle: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
+              end: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Unknown][Web][Safe]
+                   RISK: Obsolete TLS (v1.1 or older)
+              end: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe]
+                   RISK: Obsolete TLS (v1.1 or older), TLS Cert About To Expire
+             idle: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+                   RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
+             idle: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe]
+                   RISK: Obsolete TLS (v1.1 or older)
+     DAEMON-EVENT: shutdown
author	Toni Uhlig <matzeton@googlemail.com>	2023-05-23 04:38:07 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2023-05-24 19:30:19 +0200
commit	c9514136b7c4246a57b85474d1a8e376a9009d4a (patch)
tree	eb17d83ea16815000a4f723c240e54f21cf0691b /test/results/flow-info/default/tor.pcap.out
parent	a4e5bab9b2826ae50a48da275b6b441624aab50f (diff)