vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 17:00:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/tests/result/no_sni.pcap.out
Ivan Nardi ca5ffc4988
TLS: improve handling of ALPN(s) (#1784) 
Tell "Advertised" ALPN list from "Negotiated" ALPN; the former is
extracted from the CH, the latter from the SH.

Add some entries to the known ALPN list.

Fix printing of "TLS Supported Versions" field.
2022-10-25 17:06:29 +02:00

37 lines
8.7 KiB
Text
Raw Blame History

Guessed flow protos: 1
DPI Packets (TCP): 51 (6.38 pkts/flow)
Confidence DPI : 8 (flows)
Num dissector calls: 8 (1.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/12/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
Automa host: 3/1 (search/found)
Automa domain: 3/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 14/14 (search/found)
Patricia risk mask: 16/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia protocols: 8/8 (search/found)
TLS 917 562254 7
DoH_DoT 268 31882 1
JA3 Host Stats:
IP Address # JA3C
1 192.168.1.119 4
1 TCP 192.168.1.119:51612 <-> 104.16.124.96:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][393 pkts/33775 bytes <-> 392 pkts/495548 bytes][Goodput ratio: 19/96][3.69 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.872 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 256/389 33/36][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/1264 1001/1514 72/503][TLSv1.3][JA3C: 76ec527d45e3a2a9093484446d7d3264][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][ESNI: 154F773223D0CF0FEF0A7775B0D958B67741380EE78600E440917D6766C09DF766B1C11F9A9FA708ECDE5D1E5DD45A2941D5D6233C0FC26FE91DA3FAED9C82F6BAFBAED593BCE2682784BE9A6867B21A06EBBCD3DB037837FA99CD0D3E117AB0E37E87BAFEA8E988492DFC2C5E824F330947430FBC6ED197B78052CF341C3E34CA15564EBD6B82760F41CDE5DC21FE0F0E65BF622F16105980BA244469375960B46EFCC4B55CBD5EE08279D532CE6E2301849DF8948C5E611F9E79DAB46BDDA36AC9B8B49F54447B5DA34DCD026899D2023B2CA2538610817B11ACF470248DC52231356612F9588CF5DFA616A946E009E8C4E4B79007616F4A375F381F1E6A8E5D3FD08A0DAD1439DFE3C5499520CC1DF322CE89EE48226D6DE2F68298A0D64153994A52][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 4,0,14,5,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,2,0,6,0,59,0,0]
2 TCP 192.168.1.119:51606 <-> 104.16.249.249:443 [proto: 91.196/TLS.DoH_DoT][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Network/14][154 pkts/15322 bytes <-> 114 pkts/16560 bytes][Goodput ratio: 45/61][4.04 sec][Hostname/SNI: mozilla.cloudflare-dns.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.039 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/9 918/180 109/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99/145 670/736 65/115][TLSv1.3][JA3C: f14ec85ee5580a29f6523e24e5d3d527][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 26,25,10,8,6,6,2,9,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.1.119:51637 <-> 104.22.72.170:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][19 pkts/2515 bytes <-> 16 pkts/6813 bytes][Goodput ratio: 58/87][0.58 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.461 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/29 126/129 39/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 132/426 766/1514 169/513][TLSv1.3][JA3C: 62a4a00de930bd0a5bee0309cc8362ed][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ESNI: BADE19F2B027949FC140E94EEB7DD59A2241568D071E94D82B0A30FD4AE0338795D6A38CC2278CB2B352A8CD65E9BC2D8033A555A10F0B41919F868242D5355CFD97E057107040600744D061FAFE56A4C7F69C7F851BD029BCAD13D2F7E153F64D47A71B517C885D217B2C1BE5948935196B1C2C08C68D50D5C1578129ADF9BC6A15DAF6C64DCA09970610B5F826C1C5D71B718A9908F61536792AA76BF455FFA3998ECFB4C43A1B90BEDD1FE0B8C7C212FBA65B53D75C7691752A754B4AC040C029F881D9A3CAA39C264166C83F4CCC947B2A8C77D5ABBFD5C72754F6202564C11C87FDE8A2679857A5BC46B74EAB76E69512BB91177C9AA424CE04E4C3E9865361B97B6EB5241AB4455F92D8300A526D7A0456F372F86B07B3178A2071FE9FDACEF78F][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 28,0,16,0,0,5,0,0,0,11,5,0,0,0,0,0,11,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,5,0,0]
4 TCP 192.168.1.119:51635 <-> 104.17.198.37:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1785 bytes <-> 11 pkts/4213 bytes][Goodput ratio: 62/85][0.56 sec][Hostname/SNI: 951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.405 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/14 107/98 41/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149/383 571/1514 159/503][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 27,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0]
5 TCP 192.168.1.119:51636 <-> 104.17.198.37:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1786 bytes <-> 11 pkts/4212 bytes][Goodput ratio: 62/85][0.56 sec][Hostname/SNI: 951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.404 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/44 117/211 47/72][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149/383 571/1514 159/503][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 27,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0]
6 TCP 192.168.1.119:51638 <-> 104.22.72.170:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1659 bytes <-> 10 pkts/3915 bytes][Goodput ratio: 59/85][0.56 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.405 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 43/30 129/142 42/52][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 138/392 766/1514 196/550][TLSv1.3][JA3C: 62a4a00de930bd0a5bee0309cc8362ed][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ESNI: 4BC224582D83D9B999D5A6A5C8CA5F7044ECCCB75B644BE507AF762431A6292DA0EFBEED632A2BC868756FF720C5BD83C345E60B3529B7BF7DA4DB25E657E0B126FFCD62BB1544D84A8D81FF78CE3E14BB03DC429F25D34982D42B00F7DCFCD6C0A6D91EAFA2B6A3338187DEB367AA29ED731C52FD0561923C1FF20AE22DA56551A91FEF05347C46D01C51DEEFD63A35801F1D9A11BB271EB163912E7E3C65E877D9637FA0ECBF83787F8D2AF237AAA43E3BC82BD98140C9A227A7EE1D8EB5DB3EC55D9C635A8A525D8ADC7E7C2261A235120A5BB10EC883C9D1956D1C4CB7D3B22B606E085082EE035C09B154074E031EA961651127B1E4F41A36851D026A40C6CDD36712E84A3AACDEDC40319883A9C1C13870A8CC10E79E6A84352D0681134CC97941][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0]
7 TCP 192.168.1.119:51639 <-> 104.22.72.170:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1659 bytes <-> 10 pkts/3915 bytes][Goodput ratio: 59/85][0.55 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.405 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/27 126/129 43/47][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 138/392 766/1514 196/550][TLSv1.3][JA3C: 62a4a00de930bd0a5bee0309cc8362ed][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ESNI: 1A5D1DCC8C47DD46E21570FFB62F999CD85F69983DF08FC0E944E15E9520556C5462F5110EE1FC34F93862ADD6B2DE6FD479263028F82157273B3A728443CE0A259E50F657019E02DD9BB408C7297C541B756A55769B88C04FBF268F677EEBC074CEB1D905770D67E6663B392CF09E80086661BD59F640035FEF65DEF6B93654AD359D9514C4236BBF9F565D299224475DEA5D1813F7AF1CF9A4402AB0ADB1DD2D3075ECE78A216DE6E88A82E89F72BDB3EC3B26604D6433FF5EF71C15FC7E3E624ECC15C1644AC4CF839119636965184DAF8FC115C6C09260306FCE2024D360636EFB39AACB9DCE54226E847B6356F1A2FCA88222266CC21D575EFFBF9FE0F553D99B1AE564AA7A001DA3C775FFE19DCFF96A1814AAF8554B871926B6582467FDA05224][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0]
8 TCP 192.168.1.119:51331 <-> 104.16.249.249:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/279 bytes <-> 3 pkts/180 bytes][Goodput ratio: 22/0][0.12 sec][bytes ratio: 0.216 (Upload)][IAT c2s/s2c min/avg/max/stddev: 119/0 40/0 119/0 56/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 70/60 93/60 17/0][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Reference in a new issue View git blame Copy permalink