Skip to content

Commit

Permalink
Fixed output when tLS (nad not QUIC) is used
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucaderi
lucaderi committed Dec 28, 2020
1 parent cf00ffe commit 9c1827a
Show file tree
Hide file tree
Showing 14 changed files with 131 additions and 195 deletions.
110 changes: 56 additions & 54 deletions example/reader_util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1034,7 +1034,7 @@ u_int8_t plen2slot(u_int16_t plen) {
/* ****************************************************** */

void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow, FILE * csv_fp) {
u_int i;
u_int i, is_quic = 0;

if(!flow->ndpi_flow) return;

Expand Down Expand Up @@ -1138,7 +1138,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
}
/* TLS */
else if((is_ndpi_proto(flow, NDPI_PROTOCOL_TLS))
|| ((is_ndpi_proto(flow, NDPI_PROTOCOL_QUIC)))
|| ((is_quic = is_ndpi_proto(flow, NDPI_PROTOCOL_QUIC)))
|| (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS)
|| (flow->ndpi_flow->protos.stun_ssl.ssl.ja3_client[0] != '\0')
) {
Expand All @@ -1151,66 +1151,68 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl

if(flow->ndpi_flow->protos.stun_ssl.ssl.server_names_len > 0 && flow->ndpi_flow->protos.stun_ssl.ssl.server_names)
flow->ssh_tls.server_names = ndpi_strdup(flow->ndpi_flow->protos.stun_ssl.ssl.server_names);
flow->ssh_tls.notBefore = flow->ndpi_flow->protos.stun_ssl.ssl.notBefore;
flow->ssh_tls.notAfter = flow->ndpi_flow->protos.stun_ssl.ssl.notAfter;
snprintf(flow->ssh_tls.ja3_client, sizeof(flow->ssh_tls.ja3_client), "%s",
flow->ndpi_flow->protos.stun_ssl.ssl.ja3_client);
snprintf(flow->ssh_tls.ja3_server, sizeof(flow->ssh_tls.ja3_server), "%s",
flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server);
flow->ssh_tls.server_unsafe_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_unsafe_cipher;
flow->ssh_tls.server_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_cipher;

if(flow->ndpi_flow->l4.tcp.tls.fingerprint_set) {
memcpy(flow->ssh_tls.sha1_cert_fingerprint,
flow->ndpi_flow->l4.tcp.tls.sha1_certificate_fingerprint, 20);
flow->ssh_tls.sha1_cert_fingerprint_set = 1;
}

if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn) {
if((flow->ssh_tls.tls_alpn = ndpi_strdup(flow->ndpi_flow->protos.stun_ssl.ssl.alpn)) != NULL)
correct_csv_data_field(flow->ssh_tls.tls_alpn);
}
if(!is_quic) {
flow->ssh_tls.notBefore = flow->ndpi_flow->protos.stun_ssl.ssl.notBefore;
flow->ssh_tls.notAfter = flow->ndpi_flow->protos.stun_ssl.ssl.notAfter;
snprintf(flow->ssh_tls.ja3_client, sizeof(flow->ssh_tls.ja3_client), "%s",
flow->ndpi_flow->protos.stun_ssl.ssl.ja3_client);
snprintf(flow->ssh_tls.ja3_server, sizeof(flow->ssh_tls.ja3_server), "%s",
flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server);
flow->ssh_tls.server_unsafe_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_unsafe_cipher;
flow->ssh_tls.server_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_cipher;

if(flow->ndpi_flow->l4.tcp.tls.fingerprint_set) {
memcpy(flow->ssh_tls.sha1_cert_fingerprint,
flow->ndpi_flow->l4.tcp.tls.sha1_certificate_fingerprint, 20);
flow->ssh_tls.sha1_cert_fingerprint_set = 1;
}

if(flow->ndpi_flow->protos.stun_ssl.ssl.issuerDN)
flow->ssh_tls.tls_issuerDN = strdup(flow->ndpi_flow->protos.stun_ssl.ssl.issuerDN);

if(flow->ndpi_flow->protos.stun_ssl.ssl.subjectDN)
flow->ssh_tls.tls_subjectDN = strdup(flow->ndpi_flow->protos.stun_ssl.ssl.subjectDN);
if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn) {
if((flow->ssh_tls.tls_alpn = ndpi_strdup(flow->ndpi_flow->protos.stun_ssl.ssl.alpn)) != NULL)
correct_csv_data_field(flow->ssh_tls.tls_alpn);
}

if(flow->ndpi_flow->protos.stun_ssl.ssl.encrypted_sni.esni) {
flow->ssh_tls.encrypted_sni.esni = strdup(flow->ndpi_flow->protos.stun_ssl.ssl.encrypted_sni.esni);
flow->ssh_tls.encrypted_sni.cipher_suite = flow->ndpi_flow->protos.stun_ssl.ssl.encrypted_sni.cipher_suite;
}
if(flow->ndpi_flow->protos.stun_ssl.ssl.issuerDN)
flow->ssh_tls.tls_issuerDN = strdup(flow->ndpi_flow->protos.stun_ssl.ssl.issuerDN);

if(flow->ssh_tls.tls_supported_versions) {
if((flow->ssh_tls.tls_supported_versions = ndpi_strdup(flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions)) != NULL)
correct_csv_data_field(flow->ssh_tls.tls_supported_versions);
}
if(flow->ndpi_flow->protos.stun_ssl.ssl.subjectDN)
flow->ssh_tls.tls_subjectDN = strdup(flow->ndpi_flow->protos.stun_ssl.ssl.subjectDN);

if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn
&& flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions) {
correct_csv_data_field(flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
correct_csv_data_field(flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions);
if(flow->ndpi_flow->protos.stun_ssl.ssl.encrypted_sni.esni) {
flow->ssh_tls.encrypted_sni.esni = strdup(flow->ndpi_flow->protos.stun_ssl.ssl.encrypted_sni.esni);
flow->ssh_tls.encrypted_sni.cipher_suite = flow->ndpi_flow->protos.stun_ssl.ssl.encrypted_sni.cipher_suite;
}

if(flow->ssh_tls.tls_supported_versions) {
if((flow->ssh_tls.tls_supported_versions = ndpi_strdup(flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions)) != NULL)
correct_csv_data_field(flow->ssh_tls.tls_supported_versions);
}

if(csv_fp)
snprintf(flow->info, sizeof(flow->info), "%s",
flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
else
snprintf(flow->info, sizeof(flow->info), "ALPN: %s][TLS Supported Versions: %s",
flow->ndpi_flow->protos.stun_ssl.ssl.alpn,
flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions);
}
else if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn) {
correct_csv_data_field(flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn
&& flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions) {
correct_csv_data_field(flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
correct_csv_data_field(flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions);

if(csv_fp)
snprintf(flow->info, sizeof(flow->info), "%s,",
flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
else
snprintf(flow->info, sizeof(flow->info), "ALPN: %s",
flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
if(csv_fp)
snprintf(flow->info, sizeof(flow->info), "%s",
flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
else
snprintf(flow->info, sizeof(flow->info), "ALPN: %s][TLS Supported Versions: %s",
flow->ndpi_flow->protos.stun_ssl.ssl.alpn,
flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions);
} else if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn) {
correct_csv_data_field(flow->ndpi_flow->protos.stun_ssl.ssl.alpn);

if(csv_fp)
snprintf(flow->info, sizeof(flow->info), "%s,",
flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
else
snprintf(flow->info, sizeof(flow->info), "ALPN: %s",
flow->ndpi_flow->protos.stun_ssl.ssl.alpn);
}
}

if(enable_doh_dot_detection) {
/* For TLS we use TLS block lenght instead of payload lenght */
ndpi_reset_bin(&flow->payload_len_bin);
Expand Down
7 changes: 1 addition & 6 deletions tests/result/dlt_ppp.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
QUIC 1 1230 1

JA3 Host Stats:
IP Address # JA3C
1 193.167.0.252 1


1 UDP 193.167.0.252:44083 -> 193.167.100.100:443 [proto: 188/QUIC][cat: Web/5][1 pkts/1230 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][TLSv1.3][Client: server4][JA3C: fe94e313a5d76fb687c85443cdfa8170][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0]
1 UDP 193.167.0.252:44083 -> 193.167.100.100:443 [proto: 188/QUIC][cat: Web/5][1 pkts/1230 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][TLSv1.3][Client: server4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0]
7 changes: 1 addition & 6 deletions tests/result/quic-23.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
QUIC 20 7191 1

JA3 Host Stats:
IP Address # JA3C
1 2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7 1


1 UDP [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7]:50339 <-> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][cat: Web/5][10 pkts/2613 bytes <-> 10 pkts/4578 bytes][Goodput ratio: 76/86][0.11 sec][ALPN: h3-22][TLS Supported Versions: TLSv1.3][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 38/34 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 92/94 261/458 1342/1342 373/458][TLSv1.3][Client: quic.aiortc.org][JA3C: d9e7bdb15af8e499820ca74a68affd78][Plen Bins: 5,35,15,10,5,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0]
1 UDP [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7]:50339 <-> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][cat: Web/5][10 pkts/2613 bytes <-> 10 pkts/4578 bytes][Goodput ratio: 76/86][0.11 sec][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 38/34 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 92/94 261/458 1342/1342 373/458][TLSv1.3][Client: quic.aiortc.org][Plen Bins: 5,35,15,10,5,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0]
7 changes: 1 addition & 6 deletions tests/result/quic-24.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
QUIC 15 8000 1

JA3 Host Stats:
IP Address # JA3C
1 10.9.0.1 1


1 UDP 10.9.0.1:41436 <-> 10.9.0.2:443 [proto: 188/QUIC][cat: Web/5][7 pkts/4672 bytes <-> 8 pkts/3328 bytes][Goodput ratio: 94/90][30.04 sec][ALPN: h3-24][TLS Supported Versions: TLSv1.3][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6006/4 30007/12 12000/4][Pkt Len c2s/s2c min/avg/max/stddev: 82/81 667/416 1294/1294 562/406][TLSv1.3][Client: localhost][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][PLAIN TEXT (Udwn.wf)][Plen Bins: 0,34,0,6,6,0,0,0,6,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0]
1 UDP 10.9.0.1:41436 <-> 10.9.0.2:443 [proto: 188/QUIC][cat: Web/5][7 pkts/4672 bytes <-> 8 pkts/3328 bytes][Goodput ratio: 94/90][30.04 sec][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6006/4 30007/12 12000/4][Pkt Len c2s/s2c min/avg/max/stddev: 82/81 667/416 1294/1294 562/406][TLSv1.3][Client: localhost][PLAIN TEXT (Udwn.wf)][Plen Bins: 0,34,0,6,6,0,0,0,6,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0]
7 changes: 1 addition & 6 deletions tests/result/quic-27.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
Google 20 12887 1

JA3 Host Stats:
IP Address # JA3C
1 3ef4:2194:f4a6:3503:40cd:714:57:c4e4 1


1 UDP [3ef4:2194:f4a6:3503:40cd:714:57:c4e4]:64229 <-> [2f3d:64d1:9d59:549b::200e]:443 [proto: 188.126/QUIC.Google][cat: Web/5][9 pkts/6081 bytes <-> 11 pkts/6806 bytes][Goodput ratio: 91/90][8.46 sec][ALPN: h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: -0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 1198/938 8168/8161 2846/2554][Pkt Len c2s/s2c min/avg/max/stddev: 95/87 676/619 1392/1392 622/598][User-Agent: beta Chrome/84.0.4147.45 Windows NT 10.0; Win64; x64][TLSv1.3][Client: play.google.com][JA3C: 1e022f87823477abd6a79c31d70062d7][Plen Bins: 20,30,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,30,0,0,0,0,0,0]
1 UDP [3ef4:2194:f4a6:3503:40cd:714:57:c4e4]:64229 <-> [2f3d:64d1:9d59:549b::200e]:443 [proto: 188.126/QUIC.Google][cat: Web/5][9 pkts/6081 bytes <-> 11 pkts/6806 bytes][Goodput ratio: 91/90][8.46 sec][bytes ratio: -0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 1198/938 8168/8161 2846/2554][Pkt Len c2s/s2c min/avg/max/stddev: 95/87 676/619 1392/1392 622/598][User-Agent: beta Chrome/84.0.4147.45 Windows NT 10.0; Win64; x64][TLSv1.3][Client: play.google.com][Plen Bins: 20,30,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,30,0,0,0,0,0,0]
7 changes: 1 addition & 6 deletions tests/result/quic-28.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
Cloudflare 253 246793 1

JA3 Host Stats:
IP Address # JA3C
1 10.9.0.2 1


1 UDP 10.9.0.2:60106 <-> 104.26.11.240:443 [proto: 188.220/QUIC.Cloudflare][cat: Web/5][34 pkts/6856 bytes <-> 219 pkts/239937 bytes][Goodput ratio: 79/96][2.76 sec][ALPN: h3-28;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: -0.944 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/14 1007/1023 229/91][Pkt Len c2s/s2c min/avg/max/stddev: 85/84 202/1096 1242/1242 325/364][TLSv1.3][Client: www.wireshark.org][JA3C: 1e022f87823477abd6a79c31d70062d7][PLAIN TEXT (tGLddu)][Plen Bins: 0,16,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0,0,0,0,0,0,0,0,0]
1 UDP 10.9.0.2:60106 <-> 104.26.11.240:443 [proto: 188.220/QUIC.Cloudflare][cat: Web/5][34 pkts/6856 bytes <-> 219 pkts/239937 bytes][Goodput ratio: 79/96][2.76 sec][bytes ratio: -0.944 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/14 1007/1023 229/91][Pkt Len c2s/s2c min/avg/max/stddev: 85/84 202/1096 1242/1242 325/364][TLSv1.3][Client: www.wireshark.org][PLAIN TEXT (tGLddu)][Plen Bins: 0,16,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0,0,0,0,0,0,0,0,0]
7 changes: 1 addition & 6 deletions tests/result/quic-29.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
QUIC 15 9386 1

JA3 Host Stats:
IP Address # JA3C
1 10.9.0.1 1


1 UDP 10.9.0.1:36588 <-> 10.9.0.2:443 [proto: 188/QUIC][cat: Web/5][6 pkts/4555 bytes <-> 9 pkts/4831 bytes][Goodput ratio: 94/92][0.04 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6/3 18/8 7/3][Pkt Len c2s/s2c min/avg/max/stddev: 84/81 759/537 1294/1294 552/493][TLSv1.3][Client: localhost][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][PLAIN TEXT (SYmlKmO)][Plen Bins: 0,27,0,13,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0]
1 UDP 10.9.0.1:36588 <-> 10.9.0.2:443 [proto: 188/QUIC][cat: Web/5][6 pkts/4555 bytes <-> 9 pkts/4831 bytes][Goodput ratio: 94/92][0.04 sec][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6/3 18/8 7/3][Pkt Len c2s/s2c min/avg/max/stddev: 84/81 759/537 1294/1294 552/493][TLSv1.3][Client: localhost][PLAIN TEXT (SYmlKmO)][Plen Bins: 0,27,0,13,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0]
7 changes: 1 addition & 6 deletions tests/result/quic-mvfst-22.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
Facebook 490 288303 1

JA3 Host Stats:
IP Address # JA3C
1 10.0.2.15 1


1 UDP 10.0.2.15:35601 <-> 31.13.86.8:443 [proto: 188.119/QUIC.Facebook][cat: SocialNetwork/6][188 pkts/80544 bytes <-> 302 pkts/207759 bytes][Goodput ratio: 90/94][115.21 sec][ALPN: h3-fb-05;h1q-fb][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft)][bytes ratio: -0.441 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 276/385 10173/64999 1046/4119][Pkt Len c2s/s2c min/avg/max/stddev: 73/66 428/688 1274/1294 478/546][TLSv1.3][Client: graph.facebook.com][JA3C: a3795d067fbf6f44c8657f9e9cbae493][PLAIN TEXT (rPnDAD)][Plen Bins: 21,26,1,0,0,0,0,0,0,2,0,2,3,1,3,1,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,32,0,0,0,0,0,0,0,0]
1 UDP 10.0.2.15:35601 <-> 31.13.86.8:443 [proto: 188.119/QUIC.Facebook][cat: SocialNetwork/6][188 pkts/80544 bytes <-> 302 pkts/207759 bytes][Goodput ratio: 90/94][115.21 sec][bytes ratio: -0.441 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 276/385 10173/64999 1046/4119][Pkt Len c2s/s2c min/avg/max/stddev: 73/66 428/688 1274/1294 478/546][TLSv1.3][Client: graph.facebook.com][PLAIN TEXT (rPnDAD)][Plen Bins: 21,26,1,0,0,0,0,0,0,2,0,2,3,1,3,1,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,32,0,0,0,0,0,0,0,0]
7 changes: 1 addition & 6 deletions tests/result/quic-mvfst-27.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
Google 20 12887 1

JA3 Host Stats:
IP Address # JA3C
1 3ef4:2194:f4a6:3503:40cd:714:57:c4e4 1


1 UDP [3ef4:2194:f4a6:3503:40cd:714:57:c4e4]:64229 <-> [2f3d:64d1:9d59:549b::200e]:443 [proto: 188.126/QUIC.Google][cat: Web/5][9 pkts/6081 bytes <-> 11 pkts/6806 bytes][Goodput ratio: 91/90][8.46 sec][ALPN: h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: -0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 1198/938 8168/8161 2846/2554][Pkt Len c2s/s2c min/avg/max/stddev: 95/87 676/619 1392/1392 622/598][User-Agent: beta Chrome/84.0.4147.45 Windows NT 10.0; Win64; x64][TLSv1.3][Client: play.google.com][JA3C: 1e022f87823477abd6a79c31d70062d7][Plen Bins: 20,30,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,30,0,0,0,0,0,0]
1 UDP [3ef4:2194:f4a6:3503:40cd:714:57:c4e4]:64229 <-> [2f3d:64d1:9d59:549b::200e]:443 [proto: 188.126/QUIC.Google][cat: Web/5][9 pkts/6081 bytes <-> 11 pkts/6806 bytes][Goodput ratio: 91/90][8.46 sec][bytes ratio: -0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 1198/938 8168/8161 2846/2554][Pkt Len c2s/s2c min/avg/max/stddev: 95/87 676/619 1392/1392 622/598][User-Agent: beta Chrome/84.0.4147.45 Windows NT 10.0; Win64; x64][TLSv1.3][Client: play.google.com][Plen Bins: 20,30,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,30,0,0,0,0,0,0]
7 changes: 1 addition & 6 deletions tests/result/quic-mvfst-exp.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
Facebook 30 26309 1

JA3 Host Stats:
IP Address # JA3C
1 2aac:cdf7:d506:7807:9092:75f:a963:f4ab 1


1 UDP [2aac:cdf7:d506:7807:9092:75f:a963:f4ab]:57587 <-> [3f65:ece9:fe71:6e2a:face:b00c::358e]:443 [proto: 188.119/QUIC.Facebook][cat: SocialNetwork/6][9 pkts/4054 bytes <-> 21 pkts/22255 bytes][Goodput ratio: 86/94][0.16 sec][ALPN: h3-fb-05][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft)][bytes ratio: -0.692 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/4 55/56 19/13][Pkt Len c2s/s2c min/avg/max/stddev: 93/105 450/1060 1294/1294 505/429][TLSv1.3][Client: video.fmct2-3.fna.fbcdn.net][JA3C: 61d8a93ff379660087082a82411f19a2][PLAIN TEXT (wEPCri)][Plen Bins: 3,20,3,0,0,0,0,0,3,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0]
1 UDP [2aac:cdf7:d506:7807:9092:75f:a963:f4ab]:57587 <-> [3f65:ece9:fe71:6e2a:face:b00c::358e]:443 [proto: 188.119/QUIC.Facebook][cat: SocialNetwork/6][9 pkts/4054 bytes <-> 21 pkts/22255 bytes][Goodput ratio: 86/94][0.16 sec][bytes ratio: -0.692 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/4 55/56 19/13][Pkt Len c2s/s2c min/avg/max/stddev: 93/105 450/1060 1294/1294 505/429][TLSv1.3][Client: video.fmct2-3.fna.fbcdn.net][PLAIN TEXT (wEPCri)][Plen Bins: 3,20,3,0,0,0,0,0,3,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0]
7 changes: 1 addition & 6 deletions tests/result/quic_0RTT.pcap.out
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,3 @@
QUIC 2 2588 1

JA3 Host Stats:
IP Address # JA3C
1 ::1 1


1 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][ALPN: h3-32][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][TLSv1.3][Client: abcd][JA3C: a7b629a5bd67bfc25e2c78b3daa4c12f][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
1 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][TLSv1.3][Client: abcd][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
Loading

0 comments on commit 9c1827a

Please sign in to comment.