vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-29 23:49:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Improved TCP fingepring calculation

Browse source 
Adde basidc OS detection based on TCP fingerprint
This commit is contained in:
Luca Deri 2024-10-18 23:47:34 +02:00
parent 819291b7e4
commit 0cc84e4fdd
345 changed files with 4834 additions and 4772 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tests/cfgs/default/result/chrome.pcap.out
View file

@ -29,9 +29,9 @@ JA3 Host Stats:
1 192.168.1.178 2
1 TCP 192.168.1.178:64410 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][13 pkts/2173 bytes <-> 16 pkts/15336 bytes][Goodput ratio: 60/93][0.10 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.752 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/3 38/29 14/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 167/958 772/1506 222/642][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,0,13,0,0,0,0,0,0,6,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0]
2 TCP 192.168.1.178:64409 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/2159 bytes <-> 15 pkts/14521 bytes][Goodput ratio: 66/93][0.09 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.741 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/5 30/29 13/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/968 772/1506 256/664][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA4: t13d1516h2_8daaf6152771_9b887d9acb53][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,0,0]
3 TCP 192.168.1.178:64394 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/2104 bytes <-> 14 pkts/13015 bytes][Goodput ratio: 68/93][0.56 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.722 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/5 441/28 150/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 210/930 783/1506 267/671][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA4: t13d1516h2_8daaf6152771_9b887d9acb53][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0]
4 TCP 192.168.1.178:64393 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1953 bytes <-> 11 pkts/7806 bytes][Goodput ratio: 69/91][0.74 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/74 36/627 15/196][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217/710 816/1506 265/634][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,10,0,0,0,0,0,0,20,0,0,0,0,0,0,10,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
5 TCP 192.168.1.178:64411 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/1843 bytes <-> 8 pkts/4425 bytes][Goodput ratio: 71/88][0.09 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 34/28 14/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 230/553 772/1506 264/596][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0]
6 TCP 192.168.1.178:64408 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1829 bytes <-> 6 pkts/967 bytes][Goodput ratio: 78/58][0.09 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.308 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/16 31/32 15/15][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/161 772/369 307/132][TCP Fingerprint: 64_65535_63970bc57fac][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA4: t13d1516h2_8daaf6152771_9b887d9acb53][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,20,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 192.168.1.178:64410 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][13 pkts/2173 bytes <-> 16 pkts/15336 bytes][Goodput ratio: 60/93][0.10 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.752 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/3 38/29 14/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 167/958 772/1506 222/642][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,0,13,0,0,0,0,0,0,6,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0]
2 TCP 192.168.1.178:64409 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/2159 bytes <-> 15 pkts/14521 bytes][Goodput ratio: 66/93][0.09 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.741 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/5 30/29 13/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/968 772/1506 256/664][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA4: t13d1516h2_8daaf6152771_9b887d9acb53][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,0,0]
3 TCP 192.168.1.178:64394 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/2104 bytes <-> 14 pkts/13015 bytes][Goodput ratio: 68/93][0.56 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.722 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/5 441/28 150/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 210/930 783/1506 267/671][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA4: t13d1516h2_8daaf6152771_9b887d9acb53][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0]
4 TCP 192.168.1.178:64393 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1953 bytes <-> 11 pkts/7806 bytes][Goodput ratio: 69/91][0.74 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/74 36/627 15/196][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217/710 816/1506 265/634][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,10,0,0,0,0,0,0,20,0,0,0,0,0,0,10,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
5 TCP 192.168.1.178:64411 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/1843 bytes <-> 8 pkts/4425 bytes][Goodput ratio: 71/88][0.09 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 34/28 14/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 230/553 772/1506 264/596][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0]
6 TCP 192.168.1.178:64408 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1829 bytes <-> 6 pkts/967 bytes][Goodput ratio: 78/58][0.09 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.308 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/16 31/32 15/15][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/161 772/369 307/132][TCP Fingerprint: 45058_64_65535_63970bc57fac/Unknown][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA4: t13d1516h2_8daaf6152771_9b887d9acb53][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,20,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]