vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 23:49:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Improved TCP fingepring calculation

Browse source 
Adde basidc OS detection based on TCP fingerprint
This commit is contained in:
Luca Deri 2024-10-18 23:47:34 +02:00
parent 819291b7e4
commit 0cc84e4fdd
345 changed files with 4834 additions and 4772 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/cfgs/default/result/capwap_data.pcapng.out
View file

@ -29,6 +29,6 @@ JA3 Host Stats:
1 10.1.3.68 1
1 TCP 10.1.3.68:47025 <-> 74.125.130.188:443 [VLAN: 4][proto: CAPWAP:91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][3 pkts/630 bytes <-> 3 pkts/434 bytes][Goodput ratio: 27/0][0.11 sec][Hostname/SNI: alt2-mtalk.google.com][bytes ratio: 0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/103 51/103 101/103 50/0][Pkt Len c2s/s2c min/avg/max/stddev: 150/142 210/145 322/150 79/4][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 64_65535_41a9d5af7dd3][TLSv1.2][JA3C: ee65329706afb750866495410fce080d][JA4: t12d140800_c866b44c5a26_b39be8c56a14][Safari][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 10.1.3.68:47025 <-> 74.125.130.188:443 [VLAN: 3][proto: CAPWAP:91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][3 pkts/630 bytes <-> 1 pkts/150 bytes][Goodput ratio: 27/0][0.10 sec][Hostname/SNI: alt2-mtalk.google.com][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 64_65535_41a9d5af7dd3][TLSv1.2][JA3C: ee65329706afb750866495410fce080d][JA4: t12d140800_c866b44c5a26_b39be8c56a14][Safari][PLAIN TEXT (mtalk.google.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 10.1.3.68:47025 <-> 74.125.130.188:443 [VLAN: 395][proto: CAPWAP:91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][3 pkts/630 bytes <-> 1 pkts/150 bytes][Goodput ratio: 27/0][0.10 sec][Hostname/SNI: alt2-mtalk.google.com][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 64_65535_41a9d5af7dd3][TLSv1.2][JA3C: ee65329706afb750866495410fce080d][JA4: t12d140800_c866b44c5a26_b39be8c56a14][Safari][PLAIN TEXT (mtalk.google.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 10.1.3.68:47025 <-> 74.125.130.188:443 [VLAN: 4][proto: CAPWAP:91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][3 pkts/630 bytes <-> 3 pkts/434 bytes][Goodput ratio: 27/0][0.11 sec][Hostname/SNI: alt2-mtalk.google.com][bytes ratio: 0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/103 51/103 101/103 50/0][Pkt Len c2s/s2c min/avg/max/stddev: 150/142 210/145 322/150 79/4][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1.2][JA3C: ee65329706afb750866495410fce080d][JA4: t12d140800_c866b44c5a26_b39be8c56a14][Safari][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 10.1.3.68:47025 <-> 74.125.130.188:443 [VLAN: 3][proto: CAPWAP:91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][3 pkts/630 bytes <-> 1 pkts/150 bytes][Goodput ratio: 27/0][0.10 sec][Hostname/SNI: alt2-mtalk.google.com][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1.2][JA3C: ee65329706afb750866495410fce080d][JA4: t12d140800_c866b44c5a26_b39be8c56a14][Safari][PLAIN TEXT (mtalk.google.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 10.1.3.68:47025 <-> 74.125.130.188:443 [VLAN: 395][proto: CAPWAP:91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][3 pkts/630 bytes <-> 1 pkts/150 bytes][Goodput ratio: 27/0][0.10 sec][Hostname/SNI: alt2-mtalk.google.com][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1.2][JA3C: ee65329706afb750866495410fce080d][JA4: t12d140800_c866b44c5a26_b39be8c56a14][Safari][PLAIN TEXT (mtalk.google.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]