vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 00:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Add additional msgpack protocol validations (Fix #3060, false-positives) (#3061)

Browse source 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni 2025-12-11 14:18:00 +01:00 committed by GitHub
parent ce04aea085
commit 246462592e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 129 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

46
tests/cfgs/default/result/msgpack.pcap.out
View file

@ -1,52 +1,54 @@
DPI Packets (TCP): 12 (4.00 pkts/flow)
DPI Packets (UDP): 11 (1.57 pkts/flow)
DPI Packets (TCP): 19 (4.75 pkts/flow)
DPI Packets (UDP): 12 (1.71 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence DPI : 9 (flows)
Num dissector calls: 1632 (163.20 diss/flow)
Confidence DPI : 10 (flows)
Num dissector calls: 1660 (150.91 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/1/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/4/0 (insert/search/found)
Automa host: 0/0 (search/found)
Automa domain: 0/0 (search/found)
LRU cache fpc_dns: 0/6/0 (insert/search/found)
Automa host: 2/0 (search/found)
Automa domain: 1/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa risk mask: 1/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk mask: 2/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 20/0 (search/found)
Patricia protocols: 22/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
Hash malicious ja4: 0/0 (search/found)
Hash malicious sha1: 0/0 (search/found)
Hash TCP fingerprints: 1/0 (search/found)
Hash TCP fingerprints: 2/0 (search/found)
Hash public domain suffix: 0/0 (search/found)
Hash ja4 custom protos: 0/0 (search/found)
Hash fp custom protos: 0/0 (search/found)
Hash url custom protos: 0/0 (search/found)
Hash url custom protos: 1/0 (search/found)
Unknown 8 573 1
MessagePack 33 3174 9
MessagePack 40 3955 10
Unrated 8 573 1
Acceptable 33 3174 9
Acceptable 40 3955 10
Unspecified 8 573 1
Web 7 781 1
Network 33 3174 9
1 UDP 127.0.0.1:47907 -> 127.0.0.1:5056 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1069 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 127.0.0.1:41948 <-> 127.0.0.1:1337 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/295 bytes <-> 3 pkts/198 bytes][Goodput ratio: 10/0][70.18 sec][bytes ratio: 0.197 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/48728 23393/48728 48728/48728 19940/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/66 86/66 8/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 127.0.0.1:31337 -> 127.0.0.1:1339 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Network/14][Breed: Acceptable][8 pkts/442 bytes -> 0 pkts/0 bytes][Goodput ratio: 24/0][230.35 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 9924/0 32906/0 100215/0 29632/0][Pkt Len c2s/s2c min/avg/max/stddev: 43/0 55/0 75/0 12/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 87,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 127.0.0.1:37856 <-> 127.0.0.1:1337 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Network/14][Breed: Acceptable][3 pkts/242 bytes <-> 2 pkts/132 bytes][Goodput ratio: 18/0][106.61 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 127.0.0.1:31337 -> 127.0.0.1:1337 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][5 pkts/267 bytes -> 0 pkts/0 bytes][Goodput ratio: 21/0][104.86 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 127.0.0.1:31337 -> 127.0.0.1:1338 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 7/0][40.79 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 127.0.0.1:15913 -> 127.0.0.1:16549 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 127.0.0.1:33861 -> 127.0.0.1:55471 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/88 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Hello World)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 127.0.0.1:58940 -> 127.0.0.1:19044 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/88 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Hello World)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 127.0.0.1:38250 <-> 127.0.0.1:1337 [proto: 7.469/HTTP.MessagePack][Stack: HTTP.MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Web/5][Breed: Acceptable][4 pkts/575 bytes <-> 3 pkts/206 bytes][Goodput ratio: 53/0][< 1 sec][Hostname/SNI: 127.0.0.1][bytes ratio: 0.472 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 144/69 266/74 81/4][URL: 127.0.0.1:1337/][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Wget/1.25.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 127.0.0.1 / Expected on port 80][TCP Fingerprint: 2_192_65495_db1b9381215d/Unknown][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 127.0.0.1:41948 <-> 127.0.0.1:1337 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/295 bytes <-> 3 pkts/198 bytes][Goodput ratio: 10/0][70.18 sec][bytes ratio: 0.197 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/48728 23393/48728 48728/48728 19940/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/66 86/66 8/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 127.0.0.1:31337 -> 127.0.0.1:1339 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Network/14][Breed: Acceptable][8 pkts/442 bytes -> 0 pkts/0 bytes][Goodput ratio: 24/0][230.35 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 9924/0 32906/0 100215/0 29632/0][Pkt Len c2s/s2c min/avg/max/stddev: 43/0 55/0 75/0 12/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 87,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 127.0.0.1:37856 <-> 127.0.0.1:1337 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Network/14][Breed: Acceptable][3 pkts/242 bytes <-> 2 pkts/132 bytes][Goodput ratio: 18/0][106.61 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 127.0.0.1:31337 -> 127.0.0.1:1337 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][5 pkts/267 bytes -> 0 pkts/0 bytes][Goodput ratio: 21/0][104.86 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 127.0.0.1:31337 -> 127.0.0.1:1338 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][4 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 7/0][40.79 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 127.0.0.1:15913 -> 127.0.0.1:16549 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 127.0.0.1:33861 -> 127.0.0.1:55471 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/88 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Hello World)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP 127.0.0.1:58940 -> 127.0.0.1:19044 [proto: 469/MessagePack][Stack: MessagePack][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 469/MessagePack, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/88 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Hello World)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Undetected flows: