More NDPI_PROBING_ATTEMPT changes

2026-05-01 00:19:42 +00:00 · 2024-05-22 18:04:33 +02:00 · 2024-05-22 18:04:33 +02:00 · 44a290286b
commit 44a290286b
parent 74d3843ebe
205 changed files with 3941 additions and 3873 deletions
--- a/tests/cfgs/default/result/tor.pcap.out
+++ b/tests/cfgs/default/result/tor.pcap.out
@ -50,4 +50,4 @@ JA3 Host Stats:
 	8	UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][600.89 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30033/0 66765/0 360548/0 103868/0][Pkt Len c2s/s2c min/avg/max/stddev: 186/0 186/0 186/0 0/0][PLAIN TEXT ( 676879976)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	9	UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][31.41 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 6282/0 16006/0 5400/0][Pkt Len c2s/s2c min/avg/max/stddev: 151/0 151/0 151/0 0/0][PLAIN TEXT (Endian)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	10	UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: endian-pc][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EFEOEEEJEBEOCNFAEDCACACACACACA)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	11	TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	11	TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]