vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 16:30:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

nDPI Fingerprint Changes (#2946)

Browse source 
* Modified boundary check
nDPI fingeprint now defaults on client only (it can be changed via runtime configuration)

* Undated testcases

* Added lenght check

* Typo
This commit is contained in:
Luca Deri 2025-08-21 14:58:20 +02:00 committed by GitHub
parent 7c53fcde85
commit d403d900de
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
159 changed files with 989 additions and 990 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/cfgs/default/result/simple-dnscrypt.pcap.out
View file

@ -32,7 +32,7 @@ JA Host Stats:
1 192.168.43.167 2
1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][Stack: TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Network/14][Breed: Acceptable][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][Goodput ratio: 45/92][0.71 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/20 114/119 43/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/694 272/1364 68/594][nDPI Fingerprint: 7e45b011956f99ecb5fa706382d1c50c][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,8,0,4,4,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,0,0]
2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][Stack: TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][Breed: Acceptable][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][Goodput ratio: 50/89][0.52 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/25 105/106 34/35][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110/516 334/1364 76/542][nDPI Fingerprint: 8d1e50bc7801a9f566834d5d8ba85ca1][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,28,13,4,0,0,4,0,9,4,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0]
3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][Stack: TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][Breed: Acceptable][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.44 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/32 188/124 74/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][nDPI Fingerprint: 8d1e50bc7801a9f566834d5d8ba85ca1][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0]
4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][Stack: TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][Breed: Acceptable][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.36 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/32 136/140 59/53][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][nDPI Fingerprint: 8d1e50bc7801a9f566834d5d8ba85ca1][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0]
1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][Stack: TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Network/14][Breed: Acceptable][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][Goodput ratio: 45/92][0.71 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/20 114/119 43/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/694 272/1364 68/594][nDPI Fingerprint: b5e959bebfe33eab143c6c5beadfe5ba][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,8,0,4,4,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,0,0]
2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][Stack: TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][Breed: Acceptable][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][Goodput ratio: 50/89][0.52 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/25 105/106 34/35][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110/516 334/1364 76/542][nDPI Fingerprint: d829c5a113a0719268a1a4a035be2844][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,28,13,4,0,0,4,0,9,4,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0]
3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][Stack: TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][Breed: Acceptable][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.44 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/32 188/124 74/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][nDPI Fingerprint: d829c5a113a0719268a1a4a035be2844][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0]
4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][Stack: TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][Breed: Acceptable][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.36 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/32 136/140 59/53][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][nDPI Fingerprint: d829c5a113a0719268a1a4a035be2844][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0]