Sync unit tests results

ntop · Nov 26, 2024 · d93fd27 · d93fd27
1 parent d8ead34
commit d93fd27
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 40 deletions.
diff --git a/tests/cfgs/default/result/http-basic-auth.pcap.out b/tests/cfgs/default/result/http-basic-auth.pcap.out
diff --git a/tests/cfgs/default/result/http_auth.pcap.out b/tests/cfgs/default/result/http_auth.pcap.out
@@ -24,4 +24,4 @@ HTTP	33	20574	1
 
 Acceptable                      33 20574         1            
 
-	1	TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Username: test][Password: fail2][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
+	1	TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Username: test][Password: fail2][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
diff --git a/tests/cfgs/default/result/imap-starttls.pcap.out b/tests/cfgs/default/result/imap-starttls.pcap.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
 	1	 192.168.17.53            	 1      
 
 
-	1	TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN / SNI should always be present][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
+	1	TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN / SNI should always be present][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
diff --git a/tests/cfgs/default/result/jabber.pcap.out b/tests/cfgs/default/result/jabber.pcap.out
@@ -24,11 +24,11 @@ Jabber	358	61304	12
 
 Acceptable                     358 61304         12           
 
-	1	TCP 172.16.0.62:57094 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13807 bytes][Goodput ratio: 49/80][2.17 sec][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 611/611 109/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 559/1514 104/415][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,24,9,13,4,6,9,0,2,2,2,0,0,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
-	2	TCP 172.16.0.62:57122 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13806 bytes][Goodput ratio: 49/80][2.16 sec][bytes ratio: -0.415 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 521/520 99/101][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 677/1514 116/415][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,22,9,15,4,7,9,0,2,2,2,0,0,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
+	1	TCP 172.16.0.62:57094 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13807 bytes][Goodput ratio: 49/80][2.17 sec][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 611/611 109/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 559/1514 104/415][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,24,9,13,4,6,9,0,2,2,2,0,0,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
+	2	TCP 172.16.0.62:57122 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13806 bytes][Goodput ratio: 49/80][2.16 sec][bytes ratio: -0.415 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 521/520 99/101][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 677/1514 116/415][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,22,9,15,4,7,9,0,2,2,2,0,0,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
 	3	TCP 172.16.0.62:57149 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 67/Jabber, Confidence: DPI][DPI packets: 1][cat: Web/5][21 pkts/2752 bytes <-> 17 pkts/3414 bytes][Goodput ratio: 50/67][656.22 sec][bytes ratio: -0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35858/700 600484/4996 141164/1575][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/201 305/529 77/137][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 5.068 (Executable?)][PLAIN TEXT (presence to)][Plen Bins: 0,18,0,22,18,9,18,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	TCP 172.16.0.62:57129 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 67/Jabber, Confidence: DPI][DPI packets: 1][cat: Web/5][16 pkts/2866 bytes <-> 9 pkts/2273 bytes][Goodput ratio: 63/74][423.43 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 23604/41249 136091/136094 40743/50152][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 179/253 769/481 173/115][PLAIN TEXT (iq type)][Plen Bins: 0,0,6,18,18,6,12,18,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	TCP 172.16.0.62:57147 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/1698 bytes <-> 12 pkts/1584 bytes][Goodput ratio: 38/49][0.42 sec][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/52 333/333 89/108][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/132 404/351 90/93][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (xml version)][Plen Bins: 30,0,0,10,10,30,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	TCP 172.16.0.62:57147 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/1698 bytes <-> 12 pkts/1584 bytes][Goodput ratio: 38/49][0.42 sec][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/52 333/333 89/108][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/132 404/351 90/93][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (xml version)][Plen Bins: 30,0,0,10,10,30,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	TCP 192.168.2.100:58388 <-> 160.44.201.102:5223 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][9 pkts/809 bytes <-> 6 pkts/455 bytes][Goodput ratio: 37/26][300.65 sec][bytes ratio: 0.280 (Upload)][IAT c2s/s2c min/avg/max/stddev: 13/1 30058/52574 209840/209871 73396/90816][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/76 221/91 51/13][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 12,63,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	7	TCP 192.168.2.100:34070 <-> 160.44.201.102:5223 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][9 pkts/808 bytes <-> 6 pkts/455 bytes][Goodput ratio: 37/26][279.71 sec][bytes ratio: 0.279 (Upload)][IAT c2s/s2c min/avg/max/stddev: 26/0 39051/68333 273088/273176 95545/118266][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/76 221/91 51/12][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 12,63,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	8	TCP 192.168.2.100:41420 <-> 160.44.201.102:5223 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Web/5][8 pkts/791 bytes <-> 7 pkts/471 bytes][Goodput ratio: 43/15][35.65 sec][bytes ratio: 0.254 (Upload)][IAT c2s/s2c min/avg/max/stddev: 31/0 5924/67 35140/231 13066/91][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99/67 221/91 53/11][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 28,28,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

diff --git a/tests/cfgs/default/result/jsonrpc.pcap.out b/tests/cfgs/default/result/jsonrpc.pcap.out
@@ -24,5 +24,5 @@ JSON-RPC	16	2815	2
 
 Acceptable                      16 2815          2            
 
-	1	TCP 192.168.8.251:51084 <-> 179.99.210.200:80 [proto: 7.375/HTTP.JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: RPC/16][4 pkts/1322 bytes <-> 4 pkts/843 bytes][Goodput ratio: 81/73][< 1 sec][Hostname/SNI: mdotti.dyndns.org][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 34/34 102/101 48/48][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 330/211 1124/566 458/209][URL: mdotti.dyndns.org/zabbix/jsrpc.php?output=json-rpc][StatusCode: 200][Req Content-Type: application/json-rpc][Content-Type: application/json-rpc][Server: Apache/2.2.16 (Debian)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete Apache server 2.2.16][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (POST /zabbix/jsrpc.php)][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.8.251:51084 <-> 179.99.210.200:80 [proto: 7.375/HTTP.JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: RPC/16][4 pkts/1322 bytes <-> 4 pkts/843 bytes][Goodput ratio: 81/73][< 1 sec][Hostname/SNI: mdotti.dyndns.org][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 34/34 102/101 48/48][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 330/211 1124/566 458/209][URL: mdotti.dyndns.org/zabbix/jsrpc.php?output=json-rpc][StatusCode: 200][Req Content-Type: application/json-rpc][Content-Type: application/json-rpc][Server: Apache/2.2.16 (Debian)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete Apache server 2.2.16][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (POST /zabbix/jsrpc.php)][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	TCP 127.0.0.1:36646 <-> 127.0.0.1:8080 [proto: 375/JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RPC/16][4 pkts/378 bytes <-> 4 pkts/272 bytes][Goodput ratio: 28/0][0.01 sec][bytes ratio: 0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 3/0 10/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/68 172/74 45/3][TCP Fingerprint: 2_64_33280_db1b9381215d/Unknown][PLAIN TEXT (sonrpc)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/socks.pcap.out b/tests/cfgs/default/result/socks.pcap.out
@@ -24,7 +24,7 @@ SOCKS	60	10559	4
 
 Acceptable                      60 10559         4            
 
-	1	TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
-	2	TCP 10.180.156.185:53534 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/711 bytes <-> 7 pkts/2069 bytes][Goodput ratio: 24/77][0.05 sec][bytes ratio: -0.488 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/12 47/46 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/296 212/1514 47/500][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
-	3	TCP 10.180.156.185:53533 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/695 bytes <-> 6 pkts/2003 bytes][Goodput ratio: 22/80][0.01 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 3/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/334 212/1514 48/530][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+	1	TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
+	2	TCP 10.180.156.185:53534 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/711 bytes <-> 7 pkts/2069 bytes][Goodput ratio: 24/77][0.05 sec][bytes ratio: -0.488 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/12 47/46 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/296 212/1514 47/500][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+	3	TCP 10.180.156.185:53533 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/695 bytes <-> 6 pkts/2003 bytes][Goodput ratio: 22/80][0.01 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 3/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/334 212/1514 48/530][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
 	4	TCP 10.0.0.1:1637 <-> 10.0.0.2:21477 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][8 pkts/886 bytes <-> 6 pkts/1290 bytes][Goodput ratio: 47/73][117.94 sec][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/356 370/415 644/479 191/50][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 111/215 449/984 128/344][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1080][TCP Fingerprint: 2_128_16384_2564f2bea184/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 67,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -24,4 +24,4 @@ HTTP 33 20574 1

		Acceptable 33 20574 1

		1 TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Username: test][Password: fail2][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: Clear-Text Credentials Error Code ][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
		1 TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Username: test][Password: fail2][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: Clear-Text Credentials Error Code ][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -29,4 +29,4 @@ JA3 Host Stats:
		1 192.168.17.53 1


		1 TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: Known Proto on Non Std Port TLS (probably) Not Carrying HTTPS Missing SNI TLS Extn ][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN / SNI should always be present][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
		1 TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: Known Proto on Non Std Port TLS (probably) Not Carrying HTTPS Missing SNI TLS Extn ][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN / SNI should always be present][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]