aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/ndpireader_conf_file
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/ndpireader_conf_file')
-rw-r--r--test/results/flow-info/ndpireader_conf_file/openvpn_obfuscated.pcapng.out4
-rw-r--r--test/results/flow-info/ndpireader_conf_file/shadowsocks.pcap.out10
-rw-r--r--test/results/flow-info/ndpireader_conf_file/signal_videocall.pcapng.out5
-rw-r--r--test/results/flow-info/ndpireader_conf_file/stun_signal_tcp.pcapng.out3
4 files changed, 15 insertions, 7 deletions
diff --git a/test/results/flow-info/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/flow-info/ndpireader_conf_file/openvpn_obfuscated.pcapng.out
index d7b5b1307..2f5536349 100644
--- a/test/results/flow-info/ndpireader_conf_file/openvpn_obfuscated.pcapng.out
+++ b/test/results/flow-info/ndpireader_conf_file/openvpn_obfuscated.pcapng.out
@@ -13,7 +13,7 @@
[PKTLENS.....: 60,60,52,140,52,152,52,429,148,1500,1500,1500,52,52,152,164,52,52,376,873,52,52,801,52,310,172,395,176,52,199,52,148]
[ENTROPIES...: 4.7,5.2,5.1,6.5,5.1,6.6,5.1,7.3,6.6,7.9,7.9,7.9,5.0,5.1,6.5,6.7,5.1,5.1,7.3,7.8,5.1,5.1,7.7,5.2,7.3,6.7,7.5,6.5,5.1,6.9,5.1,6.5]
guessed: [.....1] [ip4][..tcp] [.192.168.12.156][37976] -> [..185.128.25.99][..465] [SMTPS][NordVPN][Email][Safe]
- RISK: Fully Encrypted Flow
+ RISK: Susp Entropy
new: [.....2] [ip4][..udp] [.192.168.12.156][47128] -> [149.102.238.108][.1214]
DAEMON-EVENT: [Processed: 90 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0]
@@ -31,7 +31,7 @@
guessed: [.....3] [ip4][..tcp] [.107.161.86.131][..443] -> [.192.168.12.156][48072] [TLS][Unknown][Web][Safe]
idle: [.....3] [ip4][..tcp] [.107.161.86.131][..443] -> [.192.168.12.156][48072] [TLS][Unknown][Web][Safe]
idle: [.....1] [ip4][..tcp] [.192.168.12.156][37976] -> [..185.128.25.99][..465] [SMTPS][NordVPN][Email][Safe]
- RISK: Fully Encrypted Flow
+ RISK: Susp Entropy
guessed: [.....2] [ip4][..udp] [.192.168.12.156][47128] -> [149.102.238.108][.1214] [NordVPN][NordVPN][VPN][Acceptable]
RISK: Susp Entropy
idle: [.....2] [ip4][..udp] [.192.168.12.156][47128] -> [149.102.238.108][.1214]
diff --git a/test/results/flow-info/ndpireader_conf_file/shadowsocks.pcap.out b/test/results/flow-info/ndpireader_conf_file/shadowsocks.pcap.out
new file mode 100644
index 000000000..6bfd135f5
--- /dev/null
+++ b/test/results/flow-info/ndpireader_conf_file/shadowsocks.pcap.out
@@ -0,0 +1,10 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..tcp] [......127.0.0.1][37904] -> [......127.0.0.1][.1080]
+ detected: [.....1] [ip4][..tcp] [......127.0.0.1][37904] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
+ new: [.....2] [ip4][..tcp] [......127.0.0.1][44276] -> [......127.0.0.1][.8388]
+ end: [.....1] [ip4][..tcp] [......127.0.0.1][37904] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
+ not-detected: [.....2] [ip4][..tcp] [......127.0.0.1][44276] -> [......127.0.0.1][.8388] [Unknown][Unknown][Unspecified][Unrated]
+ end: [.....2] [ip4][..tcp] [......127.0.0.1][44276] -> [......127.0.0.1][.8388]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/flow-info/ndpireader_conf_file/signal_videocall.pcapng.out
index 626c8440d..964b3c0e5 100644
--- a/test/results/flow-info/ndpireader_conf_file/signal_videocall.pcapng.out
+++ b/test/results/flow-info/ndpireader_conf_file/signal_videocall.pcapng.out
@@ -5,13 +5,8 @@
detected: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][]
new: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478]
detected: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
new: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377]
detected: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
diff --git a/test/results/flow-info/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/flow-info/ndpireader_conf_file/stun_signal_tcp.pcapng.out
index 1f6d126c4..54b78ec2f 100644
--- a/test/results/flow-info/ndpireader_conf_file/stun_signal_tcp.pcapng.out
+++ b/test/results/flow-info/ndpireader_conf_file/stun_signal_tcp.pcapng.out
@@ -3,7 +3,9 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80]
detected: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN][GoogleCloud][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
detection-update: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
+ RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.287| 0.030| 0.068| 4621.743| 3.100]
@@ -15,4 +17,5 @@
[PKTLENS.....: 52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140]
[ENTROPIES...: 4.7,4.9,4.8,5.2,4.4,5.8,5.9,5.8,4.6,5.7,5.8,5.9,5.9,5.7,5.8,6.1,4.8,6.1,4.8,6.1,4.7,6.4,5.9,4.8,6.0,4.8,6.1,5.9,4.8,5.9,4.8,5.9]
idle: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
+ RISK: Known Proto on Non Std Port
DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.