nDPI/tests/cfgs/default/result/false_positives.pcapng.out

DPI Packets (TCP):	16	(5.33 pkts/flow)
DPI Packets (UDP):	66	(7.33 pkts/flow)
Confidence Unknown          : 4 (flows)
Confidence DPI              : 8 (flows)
Num dissector calls: 1750 (145.83 diss/flow)
LRU cache ookla:      0/0/0 (insert/search/found)
LRU cache bittorrent: 0/12/0 (insert/search/found)
LRU cache stun:       0/0/0 (insert/search/found)
LRU cache tls_cert:   0/0/0 (insert/search/found)
LRU cache mining:     0/4/0 (insert/search/found)
LRU cache msteams:    0/0/0 (insert/search/found)
LRU cache fpc_dns:    0/12/0 (insert/search/found)
Automa host:          4/0 (search/found)
Automa domain:        2/0 (search/found)
Automa tls cert:      0/0 (search/found)
Automa risk mask:     1/0 (search/found)
Automa common alpns:  0/0 (search/found)
Patricia risk mask:   6/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk:        1/0 (search/found)
Patricia risk IPv6:   1/0 (search/found)
Patricia protocols:   20/2 (search/found)
Patricia protocols IPv6: 2/0 (search/found)
Hash malicious ja4:        1/0 (search/found)
Hash malicious sha1:       0/0 (search/found)
Hash TCP fingerprints:     3/0 (search/found)
Hash public domain suffix: 0/0 (search/found)
Hash ja4 custom protos:    1/0 (search/found)
Hash fp custom protos:     1/0 (search/found)
Hash url custom protos:    1/0 (search/found)

Unknown	15	1539	4
SMTP	33	20130	1
RTP	110	19309	4
RDP	5	1571	1
IMO	21	1512	1
WebSocket	4	973	1

Unrated                         15 1539          4            
Acceptable                     173 43495         8            

Unspecified                     15 1539          4            
Media                          110 19309         4            
Email                           33 20130         1            
Web                              4 973           1            
VoIP                            21 1512          1            
RemoteAccess                     5 1571          1            

JA Host Stats: 
		 IP Address                  	 # JA4C     
	1	 91.238.181.21            	 1      


	1	TCP 10.17.24.50:4343 <-> 20.1.35.76:25 [proto: 3/SMTP][Stack: SMTP][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Email/3][Breed: Acceptable][21 pkts/18740 bytes <-> 12 pkts/1390 bytes][Goodput ratio: 93/43][< 1 sec][Hostname/SNI: server-1402abab.example.int][bytes ratio: 0.862 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 892/116 1514/353 705/76][TCP Fingerprint: 2_32_5792_13ad4065e152/Unknown][PLAIN TEXT (220 server)][Plen Bins: 8,33,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,45,0,0]
	2	UDP 10.192.92.81:52070 <-> 10.136.43.69:21048 [VLAN: 20][proto: 87/RTP][Stack: RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8.0) / ITU-T G.711 PCMA (8.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Media/1][Breed: Acceptable][15 pkts/3330 bytes <-> 15 pkts/3330 bytes][Goodput ratio: 77/77][0.30 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/19 19/19 20/20 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 222/222 222/222 222/222 0/0][PLAIN TEXT (UUUUUUUUUUUUU)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	3	UDP 10.126.70.67:23784 <-> 10.236.7.225:50160 [VLAN: 107][proto: 87/RTP][Stack: RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8.0) / ITU-T G.711 PCMA (8.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Media/1][Breed: Acceptable][18 pkts/3924 bytes <-> 12 pkts/2616 bytes][Goodput ratio: 79/79][0.34 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/19 20/20 20/20 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 218/218 218/218 218/218 0/0][PLAIN TEXT (UUUUUUUUU)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	4	UDP 10.102.45.249:31046 <-> 10.133.48.100:21176 [VLAN: 10][proto: GTP:87/RTP][Stack: RTP][IP: 0/Unknown][Payload Type: Unknown (102.0) / Unknown (102.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 17][cat: Media/1][Breed: Acceptable][22 pkts/2860 bytes <-> 8 pkts/989 bytes][Goodput ratio: 34/30][0.44 sec][bytes ratio: 0.486 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/19 22/19 44/20 15/0][Pkt Len c2s/s2c min/avg/max/stddev: 130/113 130/124 130/130 0/8][Plen Bins: 10,90,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	5	UDP 10.133.32.101:36408 -> 10.110.31.25:1272 [VLAN: 10][proto: GTP:87/RTP][Stack: RTP][IP: 0/Unknown][Payload Type: AMR (118.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 20][cat: Media/1][Breed: Acceptable][20 pkts/2260 bytes -> 0 pkts/0 bytes][Goodput ratio: 24/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 21/0 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 113/0 113/0 113/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	6	TCP 91.238.181.21:35888 <-> 89.31.79.12:3389 [VLAN: 77][proto: 91.88/TLS.RDP][Stack: RDP.TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RemoteAccess/12][Breed: Acceptable][3 pkts/239 bytes <-> 2 pkts/1332 bytes][Goodput ratio: 20/91][0.07 sec][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **** TLS Susp Extn **** Non-Printable/Invalid Chars Detected **** Possible Exploit Attempt **][Risk Score: 420][Risk Info: Invalid chars found in SNI: exploit or misconfiguration? / xsen??????????????????tsp:8/w-speedtest.:find_????tsp:32766/w-speed][nDPI Fingerprint: 0730f697da254240142402f488cb15bb][TCP Fingerprint: 194_128_8192_6bb88f5575fd/Unknown][TLS (0589)][JA4: t00i001700_000000000000_6d0650a004ef][PLAIN TEXT (Cookie)][Plen Bins: 33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0]
	7	UDP 192.168.12.67:48612 <-> 93.38.195.192:42034 [proto: 216/IMO][Stack: IMO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: VoIP/10][Breed: Acceptable][10 pkts/728 bytes <-> 11 pkts/784 bytes][Goodput ratio: 42/41][0.77 sec][bytes ratio: -0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/26 340/101 102/37][Pkt Len c2s/s2c min/avg/max/stddev: 43/43 73/71 278/167 68/45][Plen Bins: 86,0,0,9,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	8	TCP 10.140.231.26:61202 <-> 159.65.12.169:443 [VLAN: 113][proto: GTP:7.251/HTTP.WebSocket][Stack: HTTP.WebSocket][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Web/5][Breed: Acceptable][2 pkts/557 bytes <-> 2 pkts/416 bytes][Goodput ratio: 58/45][0.20 sec][Hostname/SNI: wludo.superkinglabs.com][URL: wludo.superkinglabs.com:443/ws][StatusCode: 101][Server: nginx/1.12.2][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 200][Risk Info: Obsolete nginx server 1.12.2 / Empty or missing User-Agent / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /ws HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]


Undetected flows:
	1	UDP 192.168.1.204:28707 <-> 178.184.92.158:17534 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][Breed: Unrated][3 pkts/283 bytes <-> 3 pkts/453 bytes][Goodput ratio: 55/72][8.84 sec][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 364/348 4348/4168 8333/7989 3984/3820][Pkt Len c2s/s2c min/avg/max/stddev: 87/90 94/151 109/273 10/86][Plen Bins: 0,66,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	2	UDP 192.168.12.156:37649 <-> 57.128.172.97:9981 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][Breed: Unrated][3 pkts/230 bytes <-> 3 pkts/230 bytes][Goodput ratio: 45/45][1.03 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 498/498 505/504 512/511 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 72/72 77/77 82/82 4/4][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 4.970 (Executable?)][Plen Bins: 33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	3	UDP 192.168.1.204:28707 <-> 77.35.229.111:21324 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][Breed: Unrated][1 pkts/109 bytes <-> 1 pkts/111 bytes][Goodput ratio: 61/62][0.18 sec][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
	4	UDP [2001:b07:a3d:c112:d881:db12:ed03:a477]:28707 -> [2a04:4a43:843f:fdf5:a1f2:e9fe:bd28:d36b]:29695 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Unrated][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]