vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-28 15:09:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
nDPI/tests/cfgs/default/result/openvpn_obfuscated.pcapng.out
Toni Uhlig 285496d0b9 Add (generic) MsgPack protocol dissector. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-12-08 17:50:20 +01:00

47 lines
3.6 KiB
Text
Raw Blame History

Guessed flow protos: 3
DPI Packets (TCP): 34 (17.00 pkts/flow)
DPI Packets (UDP): 9 (9.00 pkts/flow)
Confidence Match by port : 2 (flows)
Confidence Match by IP : 1 (flows)
Num dissector calls: 687 (229.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/3/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/3/0 (insert/search/found)
Automa host: 0/0 (search/found)
Automa domain: 0/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 4/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 4/2 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
Hash malicious ja4: 0/0 (search/found)
Hash malicious sha1: 0/0 (search/found)
Hash TCP fingerprints: 1/1 (search/found)
Hash public domain suffix: 0/0 (search/found)
Hash ja4 custom protos: 0/0 (search/found)
Hash fp custom protos: 0/0 (search/found)
Hash url custom protos: 0/0 (search/found)
SMTPS 60 17222 1
TLS 87 25469 1
NordVPN 30 10598 1
Safe 147 42691 2
Acceptable 30 10598 1
VPN 30 10598 1
Email 60 17222 1
Web 87 25469 1
1 TCP 107.161.86.131:443 <-> 192.168.12.156:48072 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Web/5][Breed: Safe][40 pkts/9272 bytes <-> 47 pkts/16197 bytes][Goodput ratio: 70/81][3.15 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 212/303 66/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/345 1514/1090 370/406][Plen Bins: 35,3,3,15,1,1,0,0,1,3,5,1,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,18,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
2 TCP 192.168.12.156:37976 <-> 185.128.25.99:465 [proto: 29/SMTPS][Stack: SMTPS][IP: 426/NordVPN][Encrypted][Confidence: Match by port][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 20][cat: Email/3][Breed: Safe][29 pkts/7410 bytes <-> 31 pkts/9812 bytes][Goodput ratio: 74/79][1.73 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/26 1019/153 204/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/317 1090/1514 256/424][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.132 (Compressed Executable?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (HrFTzP)][Plen Bins: 0,0,14,30,14,2,0,2,5,0,5,5,2,0,0,2,0,0,0,0,0,2,0,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
3 UDP 192.168.12.156:47128 <-> 149.102.238.108:1214 [proto: 426/NordVPN][Stack: NordVPN][IP: 426/NordVPN][Encrypted][Confidence: Match by IP][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 9][cat: VPN/2][Breed: Acceptable][19 pkts/3629 bytes <-> 11 pkts/6969 bytes][Goodput ratio: 78/93][1.26 sec][bytes ratio: -0.315 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/132 1156/1023 278/337][Pkt Len c2s/s2c min/avg/max/stddev: 115/136 191/634 782/1158 153/438][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.051 (Executable?)][PLAIN TEXT (SFhAFI)][Plen Bins: 0,0,23,41,3,0,0,0,3,0,3,6,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
Reference in a new issue View git blame Copy permalink