vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-17 03:56:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/tests/result/ssh.pcap.out
Ivan Nardi 3a087e951d
Add a "confidence" field about the reliability of the classification. (#1395) 
As a general rule, the higher the confidence value, the higher the
"reliability/precision" of the classification.

In other words, this new field provides an hint about "how" the flow
classification has been obtained.
For example, the application may want to ignore classification "by-port"
(they are not real DPI classifications, after all) or give a second
glance at flows classified via LRU caches (because of false positives).

Setting only one value for the confidence field is a bit tricky: more
work is probably needed in the next future to tweak/fix/improve the logic.
2022-01-11 15:23:39 +01:00

8 lines
849 B
Text
Raw Permalink Blame History

Guessed flow protos: 0
DPI Packets (TCP): 10 (10.00 pkts/flow)
Confidence DPI : 1 (flows)
SSH 258 35546 1
1 TCP 172.16.238.1:58395 <-> 172.16.238.168:22 [proto: 92/SSH][Encrypted][Confidence: DPI][cat: RemoteAccess/12][159 pkts/15615 bytes <-> 99 pkts/19931 bytes][Goodput ratio: 33/67][248.48 sec][Hostname/SNI: SSH-2.0-OpenSSH_5.3][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1846/2934 166223/166224 14794/19692][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/201 970/1346 83/283][Risk: ** SSH Obsolete Client Version/Cipher **** SSH Obsolete Server Version/Cipher **][Risk Score: 150][HASSH-C: 21B457A327CE7A2D4FCE5EF2C42400BD][Server: SSH-2.0-OpenSSH_5.6][HASSH-S: B1C6C0D56317555B85C7005A3DE29325][Plen Bins: 2,76,12,2,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0]
Reference in a new issue View git blame Copy permalink