vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 00:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Improved TCP fingepring calculation

Browse source 
Adde basidc OS detection based on TCP fingerprint
This commit is contained in:
Luca Deri 2024-10-18 23:47:34 +02:00
parent 819291b7e4
commit 0cc84e4fdd
345 changed files with 4834 additions and 4772 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/cfgs/default/result/elasticsearch.pcap.out
View file

@ -24,10 +24,10 @@ Elasticsearch 47 12739 7
Acceptable 47 12739 7
1 TCP 172.16.16.107:33288 <-> 172.16.17.102:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][13 pkts/3821 bytes <-> 2 pkts/140 bytes][Goodput ratio: 77/0][16.06 sec][bytes ratio: 0.929 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/16030 1460/16030 16003/16030 4599/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/70 335/74 95/4][TCP Fingerprint: 64_62720_ac6c0b5dcfcf][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 172.16.17.102:48038 <-> 172.16.16.106:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][8 pkts/2596 bytes <-> 7 pkts/1323 bytes][Goodput ratio: 79/64][760.45 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 26/1 126431/145462 725343/725412 268113/289976][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/189 930/441 348/155][TCP Fingerprint: 64_62720_ac6c0b5dcfcf][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,16,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 172.16.16.107:33288 <-> 172.16.17.102:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][13 pkts/3821 bytes <-> 2 pkts/140 bytes][Goodput ratio: 77/0][16.06 sec][bytes ratio: 0.929 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/16030 1460/16030 16003/16030 4599/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/70 335/74 95/4][TCP Fingerprint: 40962_64_62720_ac6c0b5dcfcf/Unknown][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 172.16.17.102:48038 <-> 172.16.16.106:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][8 pkts/2596 bytes <-> 7 pkts/1323 bytes][Goodput ratio: 79/64][760.45 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 26/1 126431/145462 725343/725412 268113/289976][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/189 930/441 348/155][TCP Fingerprint: 40962_64_62720_ac6c0b5dcfcf/Unknown][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,16,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 172.16.16.107:9300 -> 172.16.17.102:40342 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 330/Elasticsearch, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/1824 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100]
4 TCP 172.16.17.102:40282 <-> 172.16.16.107:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][8 pkts/769 bytes <-> 5 pkts/752 bytes][Goodput ratio: 30/55][0.22 sec][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/1 36/54 67/96 14/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 96/150 241/455 58/153][TCP Fingerprint: 64_62720_ac6c0b5dcfcf][PLAIN TEXT (internal)][Plen Bins: 25,25,0,0,0,25,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 172.16.17.102:40282 <-> 172.16.16.107:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][8 pkts/769 bytes <-> 5 pkts/752 bytes][Goodput ratio: 30/55][0.22 sec][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/1 36/54 67/96 14/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 96/150 241/455 58/153][TCP Fingerprint: 40962_64_62720_ac6c0b5dcfcf/Unknown][PLAIN TEXT (internal)][Plen Bins: 25,25,0,0,0,25,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 172.16.17.102:47980 -> 172.16.16.106:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 330/Elasticsearch, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/823 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (indices)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 172.16.17.102:48028 -> 172.16.16.106:9300 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 330/Elasticsearch, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/488 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (indices)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 172.16.16.107:9300 -> 172.16.17.102:40298 [proto: 330/Elasticsearch][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 330/Elasticsearch, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (security)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]