Add extra entropy checks and more precise(?) analysis. (#2383)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2026-05-02 00:40:17 +00:00 · 2024-05-09 15:24:11 +02:00 · 2024-05-09 15:24:11 +02:00 · 18e03a26ca
commit 18e03a26ca
parent b65a755e85
88 changed files with 337 additions and 266 deletions
--- a/tests/cfgs/default/result/http-proxy.pcapng.out
+++ b/tests/cfgs/default/result/http-proxy.pcapng.out
@ -24,4 +24,4 @@ HTTP_Proxy	11	1652	1

 Acceptable                      11 1652          1            

-	1	TCP 192.168.1.103:1241 <-> 192.168.1.146:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/654 bytes <-> 5 pkts/998 bytes][Goodput ratio: 45/72][5.24 sec][Hostname/SNI: http.com][bytes ratio: -0.208 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1048/118 4958/234 1958/116][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 109/200 348/770 107/285][URL: http://http.com/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][PLAIN TEXT (GET http)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.103:1241 <-> 192.168.1.146:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/654 bytes <-> 5 pkts/998 bytes][Goodput ratio: 45/72][5.24 sec][Hostname/SNI: http.com][bytes ratio: -0.208 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1048/118 4958/234 1958/116][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 109/200 348/770 107/285][URL: http://http.com/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.285 (Executable?)][PLAIN TEXT (GET http)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]