diff options
Diffstat (limited to 'test/results/flow-captured')
36 files changed, 79 insertions, 7 deletions
diff --git a/test/results/flow-captured/classification_only/bittorrent.pcap.out b/test/results/flow-captured/classification_only/bittorrent.pcap.out new file mode 100644 index 000000000..6e5155d66 --- /dev/null +++ b/test/results/flow-captured/classification_only/bittorrent.pcap.out @@ -0,0 +1,46 @@ +Flow 17 risky: tcp 192.168.1.3:52915 -> 198.100.146.9:60163 +Flow 17 midstream: tcp 192.168.1.3:52915 -> 198.100.146.9:60163 +Flow 2 risky: tcp 192.168.1.3:52887 -> 82.57.97.83:53137 +Flow 2 midstream: tcp 192.168.1.3:52887 -> 82.57.97.83:53137 +Flow 11 risky: tcp 192.168.1.3:52906 -> 82.57.97.83:53137 +Flow 11 midstream: tcp 192.168.1.3:52906 -> 82.57.97.83:53137 +Flow 20 risky: tcp 192.168.1.3:52921 -> 95.234.159.16:41205 +Flow 20 midstream: tcp 192.168.1.3:52921 -> 95.234.159.16:41205 +Flow 24 risky: tcp 192.168.1.3:52925 -> 93.65.227.100:19116 +Flow 24 midstream: tcp 192.168.1.3:52925 -> 93.65.227.100:19116 +Flow 21 risky: tcp 192.168.1.3:52922 -> 95.237.193.34:11321 +Flow 21 midstream: tcp 192.168.1.3:52922 -> 95.237.193.34:11321 +Flow 9 risky: tcp 192.168.1.3:52902 -> 190.103.195.56:46633 +Flow 9 midstream: tcp 192.168.1.3:52902 -> 190.103.195.56:46633 +Flow 18 risky: tcp 192.168.1.3:52914 -> 190.103.195.56:46633 +Flow 18 midstream: tcp 192.168.1.3:52914 -> 190.103.195.56:46633 +Flow 3 midstream: tcp 192.168.1.3:52895 -> 83.216.184.241:51413 +Flow 22 midstream: tcp 192.168.1.3:52927 -> 83.216.184.241:51413 +Flow 13 risky: tcp 192.168.1.3:52912 -> 151.72.255.163:59928 +Flow 13 midstream: tcp 192.168.1.3:52912 -> 151.72.255.163:59928 +Flow 23 risky: tcp 192.168.1.3:52926 -> 93.65.249.100:31336 +Flow 23 midstream: tcp 192.168.1.3:52926 -> 93.65.249.100:31336 +Flow 19 risky: tcp 192.168.1.3:52917 -> 151.15.48.189:47001 +Flow 19 midstream: tcp 192.168.1.3:52917 -> 151.15.48.189:47001 +Flow 8 risky: tcp 192.168.1.3:52903 -> 198.100.146.9:60163 +Flow 8 midstream: tcp 192.168.1.3:52903 -> 198.100.146.9:60163 +Flow 1 risky: tcp 192.168.1.3:52888 -> 82.58.216.115:38305 +Flow 1 midstream: tcp 192.168.1.3:52888 -> 82.58.216.115:38305 +Flow 10 risky: tcp 192.168.1.3:52907 -> 82.58.216.115:38305 +Flow 10 midstream: tcp 192.168.1.3:52907 -> 82.58.216.115:38305 +Flow 5 risky: tcp 192.168.1.3:52894 -> 120.62.33.241:39332 +Flow 5 midstream: tcp 192.168.1.3:52894 -> 120.62.33.241:39332 +Flow 15 risky: tcp 192.168.1.3:52910 -> 120.62.33.241:39332 +Flow 15 midstream: tcp 192.168.1.3:52910 -> 120.62.33.241:39332 +Flow 7 risky: tcp 192.168.1.3:52893 -> 79.55.129.22:12097 +Flow 7 midstream: tcp 192.168.1.3:52893 -> 79.55.129.22:12097 +Flow 16 risky: tcp 192.168.1.3:52908 -> 79.55.129.22:12097 +Flow 16 midstream: tcp 192.168.1.3:52908 -> 79.55.129.22:12097 +Flow 4 risky: tcp 192.168.1.3:52896 -> 79.53.228.2:14627 +Flow 4 midstream: tcp 192.168.1.3:52896 -> 79.53.228.2:14627 +Flow 14 risky: tcp 192.168.1.3:52909 -> 79.53.228.2:14627 +Flow 14 midstream: tcp 192.168.1.3:52909 -> 79.53.228.2:14627 +Flow 6 risky: tcp 192.168.1.3:52897 -> 151.26.95.30:22673 +Flow 6 midstream: tcp 192.168.1.3:52897 -> 151.26.95.30:22673 +Flow 12 risky: tcp 192.168.1.3:52911 -> 151.26.95.30:22673 +Flow 12 midstream: tcp 192.168.1.3:52911 -> 151.26.95.30:22673 diff --git a/test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out b/test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out new file mode 100644 index 000000000..294e2dd8f --- /dev/null +++ b/test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.122.34:48987 -> 178.71.206.1:6881 diff --git a/test/results/flow-captured/classification_only/forticlient.pcap.out b/test/results/flow-captured/classification_only/forticlient.pcap.out new file mode 100644 index 000000000..5754031a2 --- /dev/null +++ b/test/results/flow-captured/classification_only/forticlient.pcap.out @@ -0,0 +1 @@ +Flow 5 risky: tcp 192.168.1.178:61820 -> 82.81.46.13:10443 diff --git a/test/results/flow-captured/classification_only/http-basic-auth.pcap.out b/test/results/flow-captured/classification_only/http-basic-auth.pcap.out new file mode 100644 index 000000000..d891a90e8 --- /dev/null +++ b/test/results/flow-captured/classification_only/http-basic-auth.pcap.out @@ -0,0 +1,15 @@ +Flow 1 risky: tcp 192.168.0.4:54317 -> 192.254.189.169:80 +Flow 2 risky: tcp 192.168.0.4:54318 -> 192.254.189.169:80 +Flow 7 risky: tcp 192.168.0.4:54337 -> 192.254.189.169:80 +Flow 8 risky: tcp 192.168.0.4:54338 -> 192.254.189.169:80 +Flow 9 risky: tcp 192.168.0.4:54340 -> 192.254.189.169:80 +Flow 14 risky: tcp 192.168.0.4:54487 -> 192.254.189.169:80 +Flow 15 risky: tcp 192.168.0.4:54505 -> 192.254.189.169:80 +Flow 24 risky: tcp 192.168.0.4:54584 -> 192.254.189.169:80 +Flow 10 risky: tcp 192.168.0.4:54341 -> 192.254.189.169:80 +Flow 11 risky: tcp 192.168.0.4:54342 -> 192.254.189.169:80 +Flow 12 risky: tcp 192.168.0.4:54343 -> 192.254.189.169:80 +Flow 20 risky: tcp 192.168.0.4:54580 -> 192.254.189.169:80 +Flow 21 risky: tcp 192.168.0.4:54581 -> 192.254.189.169:80 +Flow 22 risky: tcp 192.168.0.4:54582 -> 192.254.189.169:80 +Flow 23 risky: tcp 192.168.0.4:54583 -> 192.254.189.169:80 diff --git a/test/results/flow-captured/classification_only/http-pwd.pcapng.out b/test/results/flow-captured/classification_only/http-pwd.pcapng.out new file mode 100644 index 000000000..2f04e0388 --- /dev/null +++ b/test/results/flow-captured/classification_only/http-pwd.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 127.0.0.1:56451 -> 127.0.0.1:3000 diff --git a/test/results/flow-captured/classification_only/http_auth.pcap.out b/test/results/flow-captured/classification_only/http_auth.pcap.out new file mode 100644 index 000000000..f64f8755f --- /dev/null +++ b/test/results/flow-captured/classification_only/http_auth.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.4:54337 -> 192.254.189.169:80 diff --git a/test/results/flow-captured/classification_only/ookla.pcap.out b/test/results/flow-captured/classification_only/ookla.pcap.out new file mode 100644 index 000000000..1f5694308 --- /dev/null +++ b/test/results/flow-captured/classification_only/ookla.pcap.out @@ -0,0 +1 @@ +Flow 3 risky: tcp 192.168.1.7:51207 -> 46.44.253.187:80 diff --git a/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out b/test/results/flow-captured/classification_only/sip.pcap.out index 1090142cf..1090142cf 100644 --- a/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out +++ b/test/results/flow-captured/classification_only/sip.pcap.out diff --git a/test/results/flow-captured/stun_all_attributes_disabled/teams.pcap.out b/test/results/flow-captured/classification_only/teams.pcap.out index 88544269b..88544269b 100644 --- a/test/results/flow-captured/stun_all_attributes_disabled/teams.pcap.out +++ b/test/results/flow-captured/classification_only/teams.pcap.out diff --git a/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out b/test/results/flow-captured/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out index e69de29bb..e69de29bb 100644 --- a/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out +++ b/test/results/flow-captured/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out diff --git a/test/results/flow-captured/dns_process_response_disable/dns.pcap.out b/test/results/flow-captured/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out index e69de29bb..e69de29bb 100644 --- a/test/results/flow-captured/dns_process_response_disable/dns.pcap.out +++ b/test/results/flow-captured/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out diff --git a/test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out diff --git a/test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out diff --git a/test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out diff --git a/test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out diff --git a/test/results/flow-captured/classification_only/tls_ech.pcapng.out b/test/results/flow-captured/classification_only/tls_ech.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/classification_only/tls_ech.pcapng.out diff --git a/test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out b/test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out diff --git a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index e69de29bb..e1e60dba9 100644 --- a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -0,0 +1 @@ +Flow 5 risky: udp 10.35.60.100:15580 -> 10.23.1.52:16756 diff --git a/test/results/flow-captured/default/dns2.pcap.out b/test/results/flow-captured/default/dns2.pcap.out new file mode 100644 index 000000000..5152e60d8 --- /dev/null +++ b/test/results/flow-captured/default/dns2.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.255.251:56550 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/default/dns_fragmented.pcap.out b/test/results/flow-captured/default/dns_fragmented.pcap.out index efa654bb2..efd713c2e 100644 --- a/test/results/flow-captured/default/dns_fragmented.pcap.out +++ b/test/results/flow-captured/default/dns_fragmented.pcap.out @@ -1,8 +1,6 @@ -Flow 7 risky: udp 2a00:1450:4013:c05::10e:34944 -> 2001:470:765b::a25:53:53 Flow 2 risky: udp 2a00:1450:4013:c03::10a:46433 -> 2001:470:765b::a25:53:53 Flow 4 risky: udp 173.194.169.104:59464 -> 193.24.227.238:53 Flow 1 risky: udp 172.217.40.76:56680 -> 193.24.227.238:53 -Flow 5 risky: udp 2a00:1450:400c:c00::106:54430 -> 2001:470:765b::a25:53:53 Flow 3 risky: udp 2a00:1450:4013:c06::105:63369 -> 2001:470:765b::a25:53:53 Flow 6 risky: udp 74.125.47.136:59330 -> 193.24.227.238:53 Flow 17 risky: udp 194.247.5.6:51791 -> 193.24.227.238:53 diff --git a/test/results/flow-captured/default/dns_lots_of_answers.pcapng.out b/test/results/flow-captured/default/dns_lots_of_answers.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns_lots_of_answers.pcapng.out diff --git a/test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out b/test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out diff --git a/test/results/flow-captured/default/dns_response_only.pcap.out b/test/results/flow-captured/default/dns_response_only.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns_response_only.pcap.out diff --git a/test/results/flow-captured/default/dns_retransmissions.pcap.out b/test/results/flow-captured/default/dns_retransmissions.pcap.out new file mode 100644 index 000000000..04da7d3ce --- /dev/null +++ b/test/results/flow-captured/default/dns_retransmissions.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 37.41.101.140:11892 -> 208.67.222.222:53 diff --git a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out index 8267609cc..3ef94599c 100644 --- a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out @@ -13,15 +13,12 @@ Flow 100 risky: udp 192.168.1.2:4901 -> 200.68.120.81:29440 Flow 78 not-detected: udp 192.168.1.2:2730 -> 192.168.1.1:43690 Flow 111 risky: udp 192.168.1.2:2757 -> 192.168.1.1:53 Flow 82 not-detected: udp 192.168.1.170:43690 -> 170.170.170.170:43690 -Flow 122 risky: udp 192.168.1.1:53 -> 192.168.1.2:2763 -Flow 123 risky: udp 192.168.1.2:2764 -> 192.168.1.1:53 Flow 126 risky: udp 192.168.1.1:53 -> 192.168.1.2:2765 Flow 124 not-detected: udp 192.168.1.2:43690 -> 170.170.170.170:43690 Flow 147 risky: udp 192.168.1.2:2775 -> 192.168.1.1:53 Flow 58 not-detected: 120 192.168.1.2 -> 212.242.33.35 Flow 133 not-detected: udp 94.168.1.2:2768 -> 192.168.1.1:4 Flow 135 not-detected: udp 192.168.1.1:117 -> 192.168.1.2:2769 -Flow 177 risky: udp 192.168.1.1:53 -> 240.168.1.2:2792 Flow 162 not-detected: udp 212.242.33.35:9587 -> 192.168.1.2:196 Flow 85 not-detected: 240 192.168.1.2 -> 192.168.1.1 Flow 173 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690 @@ -37,7 +34,6 @@ Flow 214 risky: udp 192.168.1.1:53 -> 192.168.1.2:2807 Flow 195 not-detected: udp 192.168.170.170:43690 -> 170.170.170.170:43690 Flow 149 not-detected: 0 192.168.1.2 -> 192.168.1.255 Flow 203 not-detected: udp 192.168.1.2:2800 -> 192.168.1.1:21 -Flow 230 risky: udp 192.168.1.2:2815 -> 192.168.1.1:53 Flow 157 not-detected: 19 192.168.1.2 -> 192.168.1.1 Flow 117 not-detected: 37 192.168.1.1 -> 192.168.1.2 Flow 211 not-detected: udp 192.168.1.2:2805 -> 192.168.1.1:51 diff --git a/test/results/flow-captured/default/lagofast.pcap.out b/test/results/flow-captured/default/lagofast.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/lagofast.pcap.out diff --git a/test/results/flow-captured/default/nordvpn.pcap.out b/test/results/flow-captured/default/nordvpn.pcap.out new file mode 100644 index 000000000..6f73670f1 --- /dev/null +++ b/test/results/flow-captured/default/nordvpn.pcap.out @@ -0,0 +1,4 @@ +Flow 2 guessed: udp 192.168.1.204:63670 -> 192.145.125.35:1198 +Flow 2 not-detected: udp 192.168.1.204:63670 -> 192.145.125.35:1198 +Flow 3 guessed: tcp 192.168.1.204:49766 -> 212.129.45.224:995 +Flow 3 not-detected: tcp 192.168.1.204:49766 -> 212.129.45.224:995 diff --git a/test/results/flow-captured/default/ssdp.pcapng.out b/test/results/flow-captured/default/ssdp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ssdp.pcapng.out diff --git a/test/results/flow-captured/default/tor-browser.pcap.out b/test/results/flow-captured/default/tor-browser.pcap.out new file mode 100644 index 000000000..72258ef7e --- /dev/null +++ b/test/results/flow-captured/default/tor-browser.pcap.out @@ -0,0 +1,3 @@ +Flow 7 risky: tcp 192.168.0.123:64623 -> 86.3.18.251:443 +Flow 8 risky: tcp 192.168.0.123:64624 -> 178.17.170.254:443 +Flow 5 risky: icmp 192.168.0.16 -> 192.168.0.123 diff --git a/test/results/flow-captured/dns_sub_enable/dns.pcap.out b/test/results/flow-captured/dns_sub_enable/dns.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/dns_sub_enable/dns.pcap.out diff --git a/test/results/flow-captured/dns_sub_enable/dns2.pcap.out b/test/results/flow-captured/dns_sub_enable/dns2.pcap.out new file mode 100644 index 000000000..5152e60d8 --- /dev/null +++ b/test/results/flow-captured/dns_sub_enable/dns2.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.255.251:56550 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out b/test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out diff --git a/test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out b/test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out new file mode 100644 index 000000000..04da7d3ce --- /dev/null +++ b/test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 37.41.101.140:11892 -> 208.67.222.222:53 diff --git a/test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out b/test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out new file mode 100644 index 000000000..6ef4eba5e --- /dev/null +++ b/test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.29:51536 -> 143.204.14.183:80 diff --git a/test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out b/test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out diff --git a/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out deleted file mode 100644 index 7cce13929..000000000 --- a/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out +++ /dev/null @@ -1 +0,0 @@ -Flow 2 risky: udp 10.0.2.15:57701 -> 217.23.3.76:443 |