From b667f9e1daa913acddb0bf2117651481d788fdf8 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Wed, 8 Nov 2023 17:07:20 +0100 Subject: Forcefully reset `NDPI_UNIDIRECTIONAL_TRAFFIC` if classification was done after the first packet. Nonsense. Signed-off-by: Toni Uhlig --- test/results/flow-info/default/stun_wa_call.pcapng.out | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) (limited to 'test/results/flow-info/default/stun_wa_call.pcapng.out') diff --git a/test/results/flow-info/default/stun_wa_call.pcapng.out b/test/results/flow-info/default/stun_wa_call.pcapng.out index f4cde44f1..c7bbf6b48 100644 --- a/test/results/flow-info/default/stun_wa_call.pcapng.out +++ b/test/results/flow-info/default/stun_wa_call.pcapng.out @@ -3,19 +3,14 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] detected: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] - RISK: Unidirectional Traffic new: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] detected: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - RISK: Unidirectional Traffic new: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] detected: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - RISK: Unidirectional Traffic new: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] detected: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - RISK: Unidirectional Traffic new: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] detected: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - RISK: Unidirectional Traffic analyse: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.505| 0.249| 0.601| 361608.839| 2.900] @@ -28,19 +23,14 @@ [ENTROPIES...: 7.0,7.0,5.8,5.8,5.8,7.0,7.0,7.0,7.0,5.7,5.8,5.7,5.7,5.7,5.2,5.2,5.8,7.0,7.0,5.7,5.8,5.8,4.9,6.0,6.1,5.0,5.5,5.7,6.6,5.5,6.9,7.2] new: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] detected: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - RISK: Unidirectional Traffic new: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] detected: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - RISK: Unidirectional Traffic new: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] detected: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - RISK: Unidirectional Traffic new: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] detected: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - RISK: Unidirectional Traffic new: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] detected: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - RISK: Unidirectional Traffic analyse: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.025| 0.011| 0.005| 24.788| 4.800] @@ -53,13 +43,12 @@ [ENTROPIES...: 7.0,7.0,5.8,5.7,5.7,1.5,5.8,1.5,5.6,1.5,5.6,1.5,5.7,1.5,5.6,1.5,5.2,5.7,5.1,1.5,5.7,1.5,5.7,1.5,5.6,1.5,5.7,1.5,5.8,1.5,5.7,1.5] new: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] detected: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic + RISK: Known Proto on Non Std Port new: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] detected: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic + RISK: Known Proto on Non Std Port new: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156] detected: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156] [ICMP][Unknown][Network][Acceptable] - RISK: Unidirectional Traffic update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] update: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] update: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] -- cgit v1.2.3