From ae95c95617d3716abcfbcc93742f6652e44d151c Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Wed, 5 Mar 2025 19:00:23 +0100 Subject: bump libnDPI to c49d126d3642d5b1f5168d049e3ebf0ee3451edc * fix API issue with a changed function signature Signed-off-by: Toni Uhlig --- .../classification_only/bittorrent.pcap.out | 46 ++++++++++++++++++++++ .../bittorrent_tcp_miss.pcapng.out | 1 + .../classification_only/forticlient.pcap.out | 1 + .../classification_only/http-basic-auth.pcap.out | 15 +++++++ .../classification_only/http-pwd.pcapng.out | 1 + .../classification_only/http_auth.pcap.out | 1 + .../classification_only/ookla.pcap.out | 1 + .../flow-captured/classification_only/sip.pcap.out | 1 + .../classification_only/teams.pcap.out | 17 ++++++++ .../tls_1.2_unidir_client_no_cert.pcapng.out | 0 .../tls_1.2_unidir_server_no_cert.pcapng.out | 0 .../tls_1.2_unidirectional_client.pcapng.out | 0 .../tls_1.2_unidirectional_server.pcapng.out | 0 .../tls_1.3_unidirectional_client.pcapng.out | 0 .../tls_1.3_unidirectional_server.pcapng.out | 0 .../classification_only/tls_ech.pcapng.out | 0 .../tls_verylong_certificate.pcap.out | 0 .../default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out | 1 + test/results/flow-captured/default/dns2.pcap.out | 1 + .../flow-captured/default/dns_fragmented.pcap.out | 2 - .../default/dns_lots_of_answers.pcapng.out | 0 .../dns_multiple_transactions_same_flow.pcap.out | 0 .../default/dns_response_only.pcap.out | 0 .../default/dns_retransmissions.pcap.out | 1 + .../default/fuzz-2006-06-26-2594.pcap.out | 4 -- .../flow-captured/default/lagofast.pcap.out | 0 .../results/flow-captured/default/nordvpn.pcap.out | 4 ++ test/results/flow-captured/default/ssdp.pcapng.out | 0 .../flow-captured/default/tor-browser.pcap.out | 3 ++ .../disable_metadata_and_flowrisks/sip.pcap.out | 1 - .../tls_verylong_certificate.pcap.out | 0 .../dns_process_response_disable/dns.pcap.out | 0 .../flow-captured/dns_sub_enable/dns.pcap.out | 0 .../flow-captured/dns_sub_enable/dns2.pcap.out | 1 + .../dns_multiple_transactions_same_flow.pcap.out | 0 .../dns_sub_enable/dns_retransmissions.pcap.out | 1 + .../http_invalid_server.pcap.out | 1 + .../tls_malicious_sha1.pcapng.out | 0 .../flow_risk_lists_disable/protonvpn.pcap.out | 1 - .../stun_all_attributes_disabled/teams.pcap.out | 17 -------- 40 files changed, 97 insertions(+), 25 deletions(-) create mode 100644 test/results/flow-captured/classification_only/bittorrent.pcap.out create mode 100644 test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out create mode 100644 test/results/flow-captured/classification_only/forticlient.pcap.out create mode 100644 test/results/flow-captured/classification_only/http-basic-auth.pcap.out create mode 100644 test/results/flow-captured/classification_only/http-pwd.pcapng.out create mode 100644 test/results/flow-captured/classification_only/http_auth.pcap.out create mode 100644 test/results/flow-captured/classification_only/ookla.pcap.out create mode 100644 test/results/flow-captured/classification_only/sip.pcap.out create mode 100644 test/results/flow-captured/classification_only/teams.pcap.out create mode 100644 test/results/flow-captured/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out create mode 100644 test/results/flow-captured/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out create mode 100644 test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out create mode 100644 test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out create mode 100644 test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out create mode 100644 test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out create mode 100644 test/results/flow-captured/classification_only/tls_ech.pcapng.out create mode 100644 test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-captured/default/dns2.pcap.out create mode 100644 test/results/flow-captured/default/dns_lots_of_answers.pcapng.out create mode 100644 test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out create mode 100644 test/results/flow-captured/default/dns_response_only.pcap.out create mode 100644 test/results/flow-captured/default/dns_retransmissions.pcap.out create mode 100644 test/results/flow-captured/default/lagofast.pcap.out create mode 100644 test/results/flow-captured/default/nordvpn.pcap.out create mode 100644 test/results/flow-captured/default/ssdp.pcapng.out create mode 100644 test/results/flow-captured/default/tor-browser.pcap.out delete mode 100644 test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out delete mode 100644 test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out delete mode 100644 test/results/flow-captured/dns_process_response_disable/dns.pcap.out create mode 100644 test/results/flow-captured/dns_sub_enable/dns.pcap.out create mode 100644 test/results/flow-captured/dns_sub_enable/dns2.pcap.out create mode 100644 test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out create mode 100644 test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out create mode 100644 test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out create mode 100644 test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out delete mode 100644 test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out delete mode 100644 test/results/flow-captured/stun_all_attributes_disabled/teams.pcap.out (limited to 'test/results/flow-captured') diff --git a/test/results/flow-captured/classification_only/bittorrent.pcap.out b/test/results/flow-captured/classification_only/bittorrent.pcap.out new file mode 100644 index 000000000..6e5155d66 --- /dev/null +++ b/test/results/flow-captured/classification_only/bittorrent.pcap.out @@ -0,0 +1,46 @@ +Flow 17 risky: tcp 192.168.1.3:52915 -> 198.100.146.9:60163 +Flow 17 midstream: tcp 192.168.1.3:52915 -> 198.100.146.9:60163 +Flow 2 risky: tcp 192.168.1.3:52887 -> 82.57.97.83:53137 +Flow 2 midstream: tcp 192.168.1.3:52887 -> 82.57.97.83:53137 +Flow 11 risky: tcp 192.168.1.3:52906 -> 82.57.97.83:53137 +Flow 11 midstream: tcp 192.168.1.3:52906 -> 82.57.97.83:53137 +Flow 20 risky: tcp 192.168.1.3:52921 -> 95.234.159.16:41205 +Flow 20 midstream: tcp 192.168.1.3:52921 -> 95.234.159.16:41205 +Flow 24 risky: tcp 192.168.1.3:52925 -> 93.65.227.100:19116 +Flow 24 midstream: tcp 192.168.1.3:52925 -> 93.65.227.100:19116 +Flow 21 risky: tcp 192.168.1.3:52922 -> 95.237.193.34:11321 +Flow 21 midstream: tcp 192.168.1.3:52922 -> 95.237.193.34:11321 +Flow 9 risky: tcp 192.168.1.3:52902 -> 190.103.195.56:46633 +Flow 9 midstream: tcp 192.168.1.3:52902 -> 190.103.195.56:46633 +Flow 18 risky: tcp 192.168.1.3:52914 -> 190.103.195.56:46633 +Flow 18 midstream: tcp 192.168.1.3:52914 -> 190.103.195.56:46633 +Flow 3 midstream: tcp 192.168.1.3:52895 -> 83.216.184.241:51413 +Flow 22 midstream: tcp 192.168.1.3:52927 -> 83.216.184.241:51413 +Flow 13 risky: tcp 192.168.1.3:52912 -> 151.72.255.163:59928 +Flow 13 midstream: tcp 192.168.1.3:52912 -> 151.72.255.163:59928 +Flow 23 risky: tcp 192.168.1.3:52926 -> 93.65.249.100:31336 +Flow 23 midstream: tcp 192.168.1.3:52926 -> 93.65.249.100:31336 +Flow 19 risky: tcp 192.168.1.3:52917 -> 151.15.48.189:47001 +Flow 19 midstream: tcp 192.168.1.3:52917 -> 151.15.48.189:47001 +Flow 8 risky: tcp 192.168.1.3:52903 -> 198.100.146.9:60163 +Flow 8 midstream: tcp 192.168.1.3:52903 -> 198.100.146.9:60163 +Flow 1 risky: tcp 192.168.1.3:52888 -> 82.58.216.115:38305 +Flow 1 midstream: tcp 192.168.1.3:52888 -> 82.58.216.115:38305 +Flow 10 risky: tcp 192.168.1.3:52907 -> 82.58.216.115:38305 +Flow 10 midstream: tcp 192.168.1.3:52907 -> 82.58.216.115:38305 +Flow 5 risky: tcp 192.168.1.3:52894 -> 120.62.33.241:39332 +Flow 5 midstream: tcp 192.168.1.3:52894 -> 120.62.33.241:39332 +Flow 15 risky: tcp 192.168.1.3:52910 -> 120.62.33.241:39332 +Flow 15 midstream: tcp 192.168.1.3:52910 -> 120.62.33.241:39332 +Flow 7 risky: tcp 192.168.1.3:52893 -> 79.55.129.22:12097 +Flow 7 midstream: tcp 192.168.1.3:52893 -> 79.55.129.22:12097 +Flow 16 risky: tcp 192.168.1.3:52908 -> 79.55.129.22:12097 +Flow 16 midstream: tcp 192.168.1.3:52908 -> 79.55.129.22:12097 +Flow 4 risky: tcp 192.168.1.3:52896 -> 79.53.228.2:14627 +Flow 4 midstream: tcp 192.168.1.3:52896 -> 79.53.228.2:14627 +Flow 14 risky: tcp 192.168.1.3:52909 -> 79.53.228.2:14627 +Flow 14 midstream: tcp 192.168.1.3:52909 -> 79.53.228.2:14627 +Flow 6 risky: tcp 192.168.1.3:52897 -> 151.26.95.30:22673 +Flow 6 midstream: tcp 192.168.1.3:52897 -> 151.26.95.30:22673 +Flow 12 risky: tcp 192.168.1.3:52911 -> 151.26.95.30:22673 +Flow 12 midstream: tcp 192.168.1.3:52911 -> 151.26.95.30:22673 diff --git a/test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out b/test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out new file mode 100644 index 000000000..294e2dd8f --- /dev/null +++ b/test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.122.34:48987 -> 178.71.206.1:6881 diff --git a/test/results/flow-captured/classification_only/forticlient.pcap.out b/test/results/flow-captured/classification_only/forticlient.pcap.out new file mode 100644 index 000000000..5754031a2 --- /dev/null +++ b/test/results/flow-captured/classification_only/forticlient.pcap.out @@ -0,0 +1 @@ +Flow 5 risky: tcp 192.168.1.178:61820 -> 82.81.46.13:10443 diff --git a/test/results/flow-captured/classification_only/http-basic-auth.pcap.out b/test/results/flow-captured/classification_only/http-basic-auth.pcap.out new file mode 100644 index 000000000..d891a90e8 --- /dev/null +++ b/test/results/flow-captured/classification_only/http-basic-auth.pcap.out @@ -0,0 +1,15 @@ +Flow 1 risky: tcp 192.168.0.4:54317 -> 192.254.189.169:80 +Flow 2 risky: tcp 192.168.0.4:54318 -> 192.254.189.169:80 +Flow 7 risky: tcp 192.168.0.4:54337 -> 192.254.189.169:80 +Flow 8 risky: tcp 192.168.0.4:54338 -> 192.254.189.169:80 +Flow 9 risky: tcp 192.168.0.4:54340 -> 192.254.189.169:80 +Flow 14 risky: tcp 192.168.0.4:54487 -> 192.254.189.169:80 +Flow 15 risky: tcp 192.168.0.4:54505 -> 192.254.189.169:80 +Flow 24 risky: tcp 192.168.0.4:54584 -> 192.254.189.169:80 +Flow 10 risky: tcp 192.168.0.4:54341 -> 192.254.189.169:80 +Flow 11 risky: tcp 192.168.0.4:54342 -> 192.254.189.169:80 +Flow 12 risky: tcp 192.168.0.4:54343 -> 192.254.189.169:80 +Flow 20 risky: tcp 192.168.0.4:54580 -> 192.254.189.169:80 +Flow 21 risky: tcp 192.168.0.4:54581 -> 192.254.189.169:80 +Flow 22 risky: tcp 192.168.0.4:54582 -> 192.254.189.169:80 +Flow 23 risky: tcp 192.168.0.4:54583 -> 192.254.189.169:80 diff --git a/test/results/flow-captured/classification_only/http-pwd.pcapng.out b/test/results/flow-captured/classification_only/http-pwd.pcapng.out new file mode 100644 index 000000000..2f04e0388 --- /dev/null +++ b/test/results/flow-captured/classification_only/http-pwd.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 127.0.0.1:56451 -> 127.0.0.1:3000 diff --git a/test/results/flow-captured/classification_only/http_auth.pcap.out b/test/results/flow-captured/classification_only/http_auth.pcap.out new file mode 100644 index 000000000..f64f8755f --- /dev/null +++ b/test/results/flow-captured/classification_only/http_auth.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.4:54337 -> 192.254.189.169:80 diff --git a/test/results/flow-captured/classification_only/ookla.pcap.out b/test/results/flow-captured/classification_only/ookla.pcap.out new file mode 100644 index 000000000..1f5694308 --- /dev/null +++ b/test/results/flow-captured/classification_only/ookla.pcap.out @@ -0,0 +1 @@ +Flow 3 risky: tcp 192.168.1.7:51207 -> 46.44.253.187:80 diff --git a/test/results/flow-captured/classification_only/sip.pcap.out b/test/results/flow-captured/classification_only/sip.pcap.out new file mode 100644 index 000000000..1090142cf --- /dev/null +++ b/test/results/flow-captured/classification_only/sip.pcap.out @@ -0,0 +1 @@ +Flow 4 not-detected: udp 192.168.1.2:30001 -> 212.242.33.36:40393 diff --git a/test/results/flow-captured/classification_only/teams.pcap.out b/test/results/flow-captured/classification_only/teams.pcap.out new file mode 100644 index 000000000..88544269b --- /dev/null +++ b/test/results/flow-captured/classification_only/teams.pcap.out @@ -0,0 +1,17 @@ +Flow 48 risky: tcp 192.168.1.6:60559 -> 52.114.77.33:443 +Flow 64 risky: tcp 192.168.1.6:50018 -> 52.114.250.123:443 +Flow 78 risky: udp 93.71.110.205:16332 -> 192.168.1.6:50016 +Flow 43 risky: tcp 192.168.1.6:60554 -> 52.113.194.132:443 +Flow 4 risky: tcp 192.168.1.6:60532 -> 52.114.77.33:443 +Flow 7 risky: tcp 192.168.1.6:60535 -> 52.114.77.33:443 +Flow 25 risky: tcp 192.168.1.6:60543 -> 52.114.77.33:443 +Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443 +Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443 +Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750 +Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750 +Flow 36 risky: udp 192.168.1.6:61245 -> 192.168.1.1:53 +Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53 +Flow 67 risky: tcp 192.168.1.6:50021 -> 52.114.250.123:443 +Flow 68 risky: udp 192.168.1.6:50016 -> 52.114.250.141:3478 +Flow 70 risky: udp 192.168.1.6:50036 -> 52.114.250.137:3478 +Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036 diff --git a/test/results/flow-captured/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out b/test/results/flow-captured/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out b/test/results/flow-captured/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/classification_only/tls_ech.pcapng.out b/test/results/flow-captured/classification_only/tls_ech.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out b/test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index e69de29bb..e1e60dba9 100644 --- a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -0,0 +1 @@ +Flow 5 risky: udp 10.35.60.100:15580 -> 10.23.1.52:16756 diff --git a/test/results/flow-captured/default/dns2.pcap.out b/test/results/flow-captured/default/dns2.pcap.out new file mode 100644 index 000000000..5152e60d8 --- /dev/null +++ b/test/results/flow-captured/default/dns2.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.255.251:56550 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/default/dns_fragmented.pcap.out b/test/results/flow-captured/default/dns_fragmented.pcap.out index efa654bb2..efd713c2e 100644 --- a/test/results/flow-captured/default/dns_fragmented.pcap.out +++ b/test/results/flow-captured/default/dns_fragmented.pcap.out @@ -1,8 +1,6 @@ -Flow 7 risky: udp 2a00:1450:4013:c05::10e:34944 -> 2001:470:765b::a25:53:53 Flow 2 risky: udp 2a00:1450:4013:c03::10a:46433 -> 2001:470:765b::a25:53:53 Flow 4 risky: udp 173.194.169.104:59464 -> 193.24.227.238:53 Flow 1 risky: udp 172.217.40.76:56680 -> 193.24.227.238:53 -Flow 5 risky: udp 2a00:1450:400c:c00::106:54430 -> 2001:470:765b::a25:53:53 Flow 3 risky: udp 2a00:1450:4013:c06::105:63369 -> 2001:470:765b::a25:53:53 Flow 6 risky: udp 74.125.47.136:59330 -> 193.24.227.238:53 Flow 17 risky: udp 194.247.5.6:51791 -> 193.24.227.238:53 diff --git a/test/results/flow-captured/default/dns_lots_of_answers.pcapng.out b/test/results/flow-captured/default/dns_lots_of_answers.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out b/test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/dns_response_only.pcap.out b/test/results/flow-captured/default/dns_response_only.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/dns_retransmissions.pcap.out b/test/results/flow-captured/default/dns_retransmissions.pcap.out new file mode 100644 index 000000000..04da7d3ce --- /dev/null +++ b/test/results/flow-captured/default/dns_retransmissions.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 37.41.101.140:11892 -> 208.67.222.222:53 diff --git a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out index 8267609cc..3ef94599c 100644 --- a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out @@ -13,15 +13,12 @@ Flow 100 risky: udp 192.168.1.2:4901 -> 200.68.120.81:29440 Flow 78 not-detected: udp 192.168.1.2:2730 -> 192.168.1.1:43690 Flow 111 risky: udp 192.168.1.2:2757 -> 192.168.1.1:53 Flow 82 not-detected: udp 192.168.1.170:43690 -> 170.170.170.170:43690 -Flow 122 risky: udp 192.168.1.1:53 -> 192.168.1.2:2763 -Flow 123 risky: udp 192.168.1.2:2764 -> 192.168.1.1:53 Flow 126 risky: udp 192.168.1.1:53 -> 192.168.1.2:2765 Flow 124 not-detected: udp 192.168.1.2:43690 -> 170.170.170.170:43690 Flow 147 risky: udp 192.168.1.2:2775 -> 192.168.1.1:53 Flow 58 not-detected: 120 192.168.1.2 -> 212.242.33.35 Flow 133 not-detected: udp 94.168.1.2:2768 -> 192.168.1.1:4 Flow 135 not-detected: udp 192.168.1.1:117 -> 192.168.1.2:2769 -Flow 177 risky: udp 192.168.1.1:53 -> 240.168.1.2:2792 Flow 162 not-detected: udp 212.242.33.35:9587 -> 192.168.1.2:196 Flow 85 not-detected: 240 192.168.1.2 -> 192.168.1.1 Flow 173 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690 @@ -37,7 +34,6 @@ Flow 214 risky: udp 192.168.1.1:53 -> 192.168.1.2:2807 Flow 195 not-detected: udp 192.168.170.170:43690 -> 170.170.170.170:43690 Flow 149 not-detected: 0 192.168.1.2 -> 192.168.1.255 Flow 203 not-detected: udp 192.168.1.2:2800 -> 192.168.1.1:21 -Flow 230 risky: udp 192.168.1.2:2815 -> 192.168.1.1:53 Flow 157 not-detected: 19 192.168.1.2 -> 192.168.1.1 Flow 117 not-detected: 37 192.168.1.1 -> 192.168.1.2 Flow 211 not-detected: udp 192.168.1.2:2805 -> 192.168.1.1:51 diff --git a/test/results/flow-captured/default/lagofast.pcap.out b/test/results/flow-captured/default/lagofast.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/nordvpn.pcap.out b/test/results/flow-captured/default/nordvpn.pcap.out new file mode 100644 index 000000000..6f73670f1 --- /dev/null +++ b/test/results/flow-captured/default/nordvpn.pcap.out @@ -0,0 +1,4 @@ +Flow 2 guessed: udp 192.168.1.204:63670 -> 192.145.125.35:1198 +Flow 2 not-detected: udp 192.168.1.204:63670 -> 192.145.125.35:1198 +Flow 3 guessed: tcp 192.168.1.204:49766 -> 212.129.45.224:995 +Flow 3 not-detected: tcp 192.168.1.204:49766 -> 212.129.45.224:995 diff --git a/test/results/flow-captured/default/ssdp.pcapng.out b/test/results/flow-captured/default/ssdp.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/tor-browser.pcap.out b/test/results/flow-captured/default/tor-browser.pcap.out new file mode 100644 index 000000000..72258ef7e --- /dev/null +++ b/test/results/flow-captured/default/tor-browser.pcap.out @@ -0,0 +1,3 @@ +Flow 7 risky: tcp 192.168.0.123:64623 -> 86.3.18.251:443 +Flow 8 risky: tcp 192.168.0.123:64624 -> 178.17.170.254:443 +Flow 5 risky: icmp 192.168.0.16 -> 192.168.0.123 diff --git a/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out b/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out deleted file mode 100644 index 1090142cf..000000000 --- a/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out +++ /dev/null @@ -1 +0,0 @@ -Flow 4 not-detected: udp 192.168.1.2:30001 -> 212.242.33.36:40393 diff --git a/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out b/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out deleted file mode 100644 index e69de29bb..000000000 diff --git a/test/results/flow-captured/dns_process_response_disable/dns.pcap.out b/test/results/flow-captured/dns_process_response_disable/dns.pcap.out deleted file mode 100644 index e69de29bb..000000000 diff --git a/test/results/flow-captured/dns_sub_enable/dns.pcap.out b/test/results/flow-captured/dns_sub_enable/dns.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/dns_sub_enable/dns2.pcap.out b/test/results/flow-captured/dns_sub_enable/dns2.pcap.out new file mode 100644 index 000000000..5152e60d8 --- /dev/null +++ b/test/results/flow-captured/dns_sub_enable/dns2.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.255.251:56550 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out b/test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out b/test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out new file mode 100644 index 000000000..04da7d3ce --- /dev/null +++ b/test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 37.41.101.140:11892 -> 208.67.222.222:53 diff --git a/test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out b/test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out new file mode 100644 index 000000000..6ef4eba5e --- /dev/null +++ b/test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.29:51536 -> 143.204.14.183:80 diff --git a/test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out b/test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out deleted file mode 100644 index 7cce13929..000000000 --- a/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out +++ /dev/null @@ -1 +0,0 @@ -Flow 2 risky: udp 10.0.2.15:57701 -> 217.23.3.76:443 diff --git a/test/results/flow-captured/stun_all_attributes_disabled/teams.pcap.out b/test/results/flow-captured/stun_all_attributes_disabled/teams.pcap.out deleted file mode 100644 index 88544269b..000000000 --- a/test/results/flow-captured/stun_all_attributes_disabled/teams.pcap.out +++ /dev/null @@ -1,17 +0,0 @@ -Flow 48 risky: tcp 192.168.1.6:60559 -> 52.114.77.33:443 -Flow 64 risky: tcp 192.168.1.6:50018 -> 52.114.250.123:443 -Flow 78 risky: udp 93.71.110.205:16332 -> 192.168.1.6:50016 -Flow 43 risky: tcp 192.168.1.6:60554 -> 52.113.194.132:443 -Flow 4 risky: tcp 192.168.1.6:60532 -> 52.114.77.33:443 -Flow 7 risky: tcp 192.168.1.6:60535 -> 52.114.77.33:443 -Flow 25 risky: tcp 192.168.1.6:60543 -> 52.114.77.33:443 -Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443 -Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443 -Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750 -Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750 -Flow 36 risky: udp 192.168.1.6:61245 -> 192.168.1.1:53 -Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53 -Flow 67 risky: tcp 192.168.1.6:50021 -> 52.114.250.123:443 -Flow 68 risky: udp 192.168.1.6:50016 -> 52.114.250.141:3478 -Flow 70 risky: udp 192.168.1.6:50036 -> 52.114.250.137:3478 -Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036 -- cgit v1.2.3