vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 16:30:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix configuration of ip lists of flow risks (#2859)

Browse source 
Add some new tests about these configuration parameters.

Close #2858
This commit is contained in:
Ivan Nardi 2025-05-28 20:19:19 +02:00 committed by GitHub
parent 9e5a67f369
commit 651daeb01a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 68 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
tests/cfgs/default/pcap/flow_risk_lists.pcapng Normal file
View file

Binary file not shown.

32
tests/cfgs/default/result/flow_risk_lists.pcapng.out Normal file
View file

@ -0,0 +1,32 @@
Guessed flow protos: 2
DPI Packets (TCP): 2 (1.00 pkts/flow)
Confidence Match by port : 2 (flows)
Num dissector calls: 0 (0.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/6/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/2/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/2/0 (insert/search/found)
Automa host: 0/0 (search/found)
Automa domain: 0/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 2/0 (search/found)
Patricia risk mask IPv6: 2/0 (search/found)
Patricia risk: 1/1 (search/found)
Patricia risk IPv6: 1/1 (search/found)
Patricia protocols: 1/1 (search/found)
Patricia protocols IPv6: 2/0 (search/found)
HTTP 1 74 1
TLS 1 94 1
Safe 1 94 1
Acceptable 1 74 1
1 TCP [2a02:26f7:d198:400::1]:44878 -> [2001:db8:200::1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Anonymous Subscriber **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 23.98.142.176:53684 -> 8.8.8.8:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Crawler/Bot **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]