vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 16:30:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fixed probing attempt risk that was creating false positives

Browse source
This commit is contained in:
Luca Deri 2024-08-07 11:35:17 +02:00
parent 653175e724
commit fc4fb4d409
211 changed files with 3841 additions and 3850 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/cfgs/default/result/monero.pcap.out
View file

@ -24,7 +24,7 @@ Monero 60 61276 4
Acceptable 60 61276 4
1 TCP 192.168.2.100:48882 <-> 159.69.36.66:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][10 pkts/907 bytes <-> 5 pkts/14808 bytes][Goodput ratio: 32/98][0.05 sec][bytes ratio: -0.885 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/6 25/19 10/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91/2962 349/7314 86/2751][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75]
2 TCP 192.168.2.100:39378 <-> 78.56.22.89:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][7 pkts/709 bytes <-> 8 pkts/14970 bytes][Goodput ratio: 42/97][0.11 sec][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/9 54/50 26/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1871 349/2958 101/1201][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,57]
3 TCP 192.168.2.100:38004 <-> 100.42.27.58:18085 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][5 pkts/577 bytes <-> 10 pkts/15078 bytes][Goodput ratio: 51/96][0.23 sec][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/14 115/110 53/36][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/1508 349/2958 117/915][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,22]
4 TCP 192.168.2.100:42810 <-> 62.210.127.86:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][7 pkts/709 bytes <-> 8 pkts/13518 bytes][Goodput ratio: 42/97][< 1 sec][bytes ratio: -0.900 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/4 25/24 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1690 349/2958 101/1130][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,42]
1 TCP 192.168.2.100:48882 <-> 159.69.36.66:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][10 pkts/907 bytes <-> 5 pkts/14808 bytes][Goodput ratio: 32/98][0.05 sec][bytes ratio: -0.885 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/6 25/19 10/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91/2962 349/7314 86/2751][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75]
2 TCP 192.168.2.100:39378 <-> 78.56.22.89:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][7 pkts/709 bytes <-> 8 pkts/14970 bytes][Goodput ratio: 42/97][0.11 sec][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/9 54/50 26/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1871 349/2958 101/1201][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,57]
3 TCP 192.168.2.100:38004 <-> 100.42.27.58:18085 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][5 pkts/577 bytes <-> 10 pkts/15078 bytes][Goodput ratio: 51/96][0.23 sec][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/14 115/110 53/36][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/1508 349/2958 117/915][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,22]
4 TCP 192.168.2.100:42810 <-> 62.210.127.86:18080 [proto: 369/Monero][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][7 pkts/709 bytes <-> 8 pkts/13518 bytes][Goodput ratio: 42/97][< 1 sec][bytes ratio: -0.900 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/4 25/24 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1690 349/2958 101/1130][PLAIN TEXT (network)][Plen Bins: 0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,42]