vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-28 15:09:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
nDPI/tests/cfgs/default/result/soap.pcap.out
Toni Uhlig 285496d0b9 Add (generic) MsgPack protocol dissector. 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-12-08 17:50:20 +01:00

39 lines
3.2 KiB
Text
Raw Blame History

DPI Packets (TCP): 11 (3.67 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 409 (136.33 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/2/0 (insert/search/found)
Automa host: 1/1 (search/found)
Automa domain: 1/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 2/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 1/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 4/2 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
Hash malicious ja4: 0/0 (search/found)
Hash malicious sha1: 0/0 (search/found)
Hash TCP fingerprints: 1/1 (search/found)
Hash public domain suffix: 0/0 (search/found)
Hash ja4 custom protos: 0/0 (search/found)
Hash fp custom protos: 0/0 (search/found)
Hash url custom protos: 1/0 (search/found)
SOAP 20 10948 3
Acceptable 20 10948 3
Collaborative 1 1506 1
RPC 19 9442 2
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 253/SOAP][Stack: SOAP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 5][cat: RPC/16][Breed: Acceptable][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 253/SOAP][Stack: SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RPC/16][Breed: Acceptable][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.253/HTTP.SOAP][Stack: HTTP.Microsoft365.SOAP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 7.253/HTTP.SOAP, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][Breed: Acceptable][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
Reference in a new issue View git blame Copy permalink