From 48688344dd5316add7c5e35b844081328fa9c910 Mon Sep 17 00:00:00 2001 From: Ivan Nardi Date: Thu, 19 Dec 2024 12:28:26 +0100 Subject: [PATCH] ndpiReader: update JA statistics Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context --- example/ndpiReader.c | 265 +++++++++--------- example/reader_util.h | 26 +- tests/cfgs/caches_cfg/result/ookla.pcap.out | 4 +- tests/cfgs/caches_cfg/result/teams.pcap.out | 6 +- .../result/lru_ipv6_caches.pcapng.out | 4 +- .../cfgs/caches_global/result/ookla.pcap.out | 4 +- .../cfgs/caches_global/result/teams.pcap.out | 6 +- tests/cfgs/default/result/1kxun.pcap.out | 4 +- tests/cfgs/default/result/443-curl.pcap.out | 4 +- .../cfgs/default/result/443-firefox.pcap.out | 4 +- tests/cfgs/default/result/443-git.pcap.out | 4 +- tests/cfgs/default/result/443-safari.pcap.out | 4 +- tests/cfgs/default/result/4in6tunnel.pcap.out | 4 +- tests/cfgs/default/result/6in4tunnel.pcap.out | 4 +- .../default/result/KakaoTalk_chat.pcap.out | 4 +- .../default/result/KakaoTalk_talk.pcap.out | 4 +- .../cfgs/default/result/alexa-app.pcapng.out | 4 +- tests/cfgs/default/result/android.pcap.out | 6 +- .../default/result/anyconnect-vpn.pcap.out | 4 +- tests/cfgs/default/result/anydesk.pcapng.out | 4 +- tests/cfgs/default/result/bets.pcapng.out | 4 +- tests/cfgs/default/result/cachefly.pcapng.out | 4 +- .../default/result/capwap_data.pcapng.out | 4 +- tests/cfgs/default/result/chrome.pcap.out | 4 +- .../default/result/cloudflare-warp.pcap.out | 4 +- tests/cfgs/default/result/codm.pcap.out | 4 +- tests/cfgs/default/result/dazn.pcapng.out | 4 +- tests/cfgs/default/result/dingtalk.pcap.out | 4 +- tests/cfgs/default/result/discord.pcap.out | 4 +- tests/cfgs/default/result/dlt_ppp.pcap.out | 4 +- .../default/result/dns2tcp_tunnel.pcap.out | 4 +- tests/cfgs/default/result/dns_doh.pcap.out | 4 +- tests/cfgs/default/result/dns_dot.pcap.out | 4 +- .../default/result/dnscrypt-v2-doh.pcap.out | 4 +- tests/cfgs/default/result/doh.pcapng.out | 4 +- tests/cfgs/default/result/doq.pcapng.out | 4 +- .../default/result/doq_adguard.pcapng.out | 4 +- tests/cfgs/default/result/dtls.pcap.out | 4 +- tests/cfgs/default/result/dtls2.pcap.out | 4 +- .../result/dtls_certificate.pcapng.out | 4 +- .../dtls_certificate_fragments.pcap.out | 4 +- .../result/dtls_old_version.pcapng.out | 4 +- .../dtls_session_id_and_coockie_both.pcap.out | 4 +- tests/cfgs/default/result/emotet.pcap.out | 4 +- .../default/result/encrypted_sni.pcap.out | 4 +- tests/cfgs/default/result/facebook.pcap.out | 4 +- tests/cfgs/default/result/firefox.pcap.out | 4 +- .../cfgs/default/result/forticlient.pcap.out | 4 +- .../default/result/ftp-start-tls.pcap.out | 4 +- .../result/gaijin_mobile_mixed.pcap.out | 4 +- .../cfgs/default/result/geforcenow.pcapng.out | 4 +- tests/cfgs/default/result/gnutella.pcap.out | 4 +- .../default/result/google_chat.pcapng.out | 4 +- .../default/result/google_meet.pcapng.out | 4 +- .../result/googledns_android10.pcap.out | 4 +- .../result/heuristic_tcp_ack_payload.pcap.out | 4 +- .../cfgs/default/result/http_connect.pcap.out | 4 +- tests/cfgs/default/result/http_ipv6.pcap.out | 4 +- .../default/result/imap-starttls.pcap.out | 4 +- tests/cfgs/default/result/imaps.pcap.out | 4 +- tests/cfgs/default/result/instagram.pcap.out | 4 +- tests/cfgs/default/result/iphone.pcap.out | 6 +- .../result/ja3_lots_of_cipher_suites.pcap.out | 4 +- .../ja3_lots_of_cipher_suites_2_anon.pcap.out | 4 +- tests/cfgs/default/result/line.pcap.out | 4 +- .../result/long_tls_certificate.pcap.out | 4 +- .../default/result/lru_ipv6_caches.pcapng.out | 4 +- tests/cfgs/default/result/malware.pcap.out | 4 +- tests/cfgs/default/result/mumble.pcapng.out | 4 +- tests/cfgs/default/result/naver.pcap.out | 4 +- .../default/result/netease_games.pcapng.out | 4 +- tests/cfgs/default/result/netflix.pcap.out | 6 +- tests/cfgs/default/result/nintendo.pcap.out | 4 +- tests/cfgs/default/result/no_sni.pcap.out | 4 +- tests/cfgs/default/result/ocs.pcap.out | 4 +- tests/cfgs/default/result/ookla.pcap.out | 4 +- .../cfgs/default/result/opera-vpn.pcapng.out | 6 +- .../default/result/os_detected.pcapng.out | 4 +- tests/cfgs/default/result/paltalk.pcapng.out | 4 +- tests/cfgs/default/result/pia.pcap.out | 4 +- tests/cfgs/default/result/pinterest.pcap.out | 4 +- .../cfgs/default/result/pluralsight.pcap.out | 4 +- tests/cfgs/default/result/pop3_stls.pcap.out | 4 +- tests/cfgs/default/result/pops.pcapng.out | 4 +- tests/cfgs/default/result/protonvpn.pcap.out | 4 +- tests/cfgs/default/result/psiphon3.pcap.out | 4 +- tests/cfgs/default/result/quic-23.pcap.out | 4 +- tests/cfgs/default/result/quic-24.pcap.out | 4 +- tests/cfgs/default/result/quic-27.pcap.out | 4 +- tests/cfgs/default/result/quic-28.pcap.out | 4 +- tests/cfgs/default/result/quic-29.pcap.out | 4 +- tests/cfgs/default/result/quic-33.pcapng.out | 4 +- tests/cfgs/default/result/quic-34.pcap.out | 4 +- .../quic-forcing-vn-with-data.pcapng.out | 4 +- .../default/result/quic-mvfst-22.pcap.out | 4 +- .../default/result/quic-mvfst-27.pcapng.out | 4 +- .../default/result/quic-mvfst-exp.pcap.out | 4 +- tests/cfgs/default/result/quic-v2.pcapng.out | 4 +- tests/cfgs/default/result/quic_0RTT.pcap.out | 4 +- .../result/quic_crypto_aes_auth_size.pcap.out | 4 +- ...ic_frags_ch_in_multiple_packets.pcapng.out | 4 +- ..._of_order_same_packet_craziness.pcapng.out | 6 +- .../quic_frags_different_dcid.pcapng.out | 4 +- tests/cfgs/default/result/quic_t50.pcap.out | 4 +- tests/cfgs/default/result/quic_t51.pcap.out | 4 +- .../cfgs/default/result/rdp_over_tls.pcap.out | 4 +- tests/cfgs/default/result/reddit.pcap.out | 4 +- tests/cfgs/default/result/riot.pcapng.out | 4 +- tests/cfgs/default/result/roblox.pcapng.out | 4 +- tests/cfgs/default/result/safari.pcap.out | 4 +- tests/cfgs/default/result/salesforce.pcap.out | 4 +- tests/cfgs/default/result/selfsigned.pcap.out | 4 +- tests/cfgs/default/result/signal.pcap.out | 4 +- .../default/result/simple-dnscrypt.pcap.out | 4 +- tests/cfgs/default/result/sites.pcapng.out | 4 +- tests/cfgs/default/result/sites2.pcapng.out | 6 +- .../default/result/smtp-starttls.pcap.out | 4 +- tests/cfgs/default/result/smtps.pcapng.out | 4 +- tests/cfgs/default/result/snapchat.pcap.out | 4 +- .../result/snapchat_call_v1.pcapng.out | 4 +- tests/cfgs/default/result/sonos.pcapng.out | 4 +- .../result/ssl-cert-name-mismatch.pcap.out | 4 +- tests/cfgs/default/result/steam.pcapng.out | 6 +- tests/cfgs/default/result/stun.pcap.out | 4 +- .../default/result/stun_dtls_rtp.pcapng.out | 4 +- .../stun_dtls_unidirectional_client.pcap.out | 4 +- .../stun_dtls_unidirectional_server.pcap.out | 4 +- .../result/stun_google_meet.pcapng.out | 4 +- .../cfgs/default/result/stun_zoom.pcapng.out | 4 +- tests/cfgs/default/result/teams.pcap.out | 6 +- .../default/result/tls-esni-fuzzed.pcap.out | 4 +- .../default/result/tls-rdn-extract.pcap.out | 4 +- .../tls_1.2_unidirectional_client.pcapng.out | 4 +- ...2_unidirectional_client_no_cert.pcapng.out | 4 +- .../tls_1.2_unidirectional_server.pcapng.out | 4 +- ...2_unidirectional_server_no_cert.pcapng.out | 4 +- .../tls_1.3_unidirectional_client.pcapng.out | 4 +- .../tls_1.3_unidirectional_server.pcapng.out | 4 +- .../default/result/tls_2_reasms.pcapng.out | 4 +- .../default/result/tls_2_reasms_b.pcapng.out | 4 +- tests/cfgs/default/result/tls_alert.pcap.out | 4 +- .../result/tls_certificate_too_long.pcap.out | 4 +- .../default/result/tls_cipher_lens.pcap.out | 4 +- ...ificate_with_missing_server_one.pcapng.out | 4 +- tests/cfgs/default/result/tls_ech.pcapng.out | 4 +- .../default/result/tls_esni_sni_both.pcap.out | 4 +- .../tls_heur__shadowsocks-tcp.pcapng.out | 4 +- .../tls_heur__trojan-tcp-tls.pcapng.out | 4 +- .../result/tls_heur__vmess-tcp-tls.pcapng.out | 4 +- .../result/tls_heur__vmess-tcp.pcapng.out | 4 +- .../tls_heur__vmess-websocket.pcapng.out | 4 +- .../default/result/tls_invalid_reads.pcap.out | 4 +- .../default/result/tls_long_cert.pcap.out | 4 +- .../result/tls_malicious_sha1.pcapng.out | 4 +- .../result/tls_missing_ch_frag.pcap.out | 4 +- ...s_multiple_synack_different_seq.pcapng.out | 4 +- .../default/result/tls_port_80.pcapng.out | 4 +- .../default/result/tls_torrent.pcapng.out | 4 +- .../result/tls_verylong_certificate.pcap.out | 4 +- .../result/tls_with_huge_ch.pcapng.out | 4 +- tests/cfgs/default/result/tor.pcap.out | 4 +- tests/cfgs/default/result/tumblr.pcap.out | 4 +- tests/cfgs/default/result/tunnelbear.pcap.out | 6 +- tests/cfgs/default/result/ultrasurf.pcap.out | 4 +- tests/cfgs/default/result/viber.pcap.out | 6 +- tests/cfgs/default/result/vk.pcapng.out | 4 +- tests/cfgs/default/result/vxlan.pcap.out | 4 +- tests/cfgs/default/result/wa_voice.pcap.out | 4 +- tests/cfgs/default/result/waze.pcap.out | 4 +- tests/cfgs/default/result/webex.pcap.out | 4 +- tests/cfgs/default/result/wechat.pcap.out | 4 +- tests/cfgs/default/result/weibo.pcap.out | 4 +- .../result/whatsapp_login_call.pcap.out | 4 +- .../default/result/whatsappfiles.pcap.out | 4 +- tests/cfgs/default/result/whois.pcapng.out | 4 +- .../cfgs/default/result/windscribe.pcapng.out | 4 +- tests/cfgs/default/result/yandex.pcapng.out | 4 +- .../default/result/youtubeupload.pcap.out | 4 +- tests/cfgs/default/result/zattoo.pcap.out | 4 +- tests/cfgs/default/result/zoom.pcap.out | 4 +- tests/cfgs/default/result/zoom2.pcap.out | 4 +- .../result/ookla.pcap.out | 4 +- .../result/pluralsight.pcap.out | 4 +- .../result/iphone.pcap.out | 6 +- .../result/doh.pcapng.out | 4 +- .../enable_payload_stat/result/1kxun.pcap.out | 4 +- .../result/protonvpn.pcap.out | 4 +- tests/cfgs/fpc_disabled/result/teams.pcap.out | 6 +- .../result/1kxun.pcap.out | 4 +- .../guessing_disable/result/webex.pcap.out | 4 +- .../ip_lists_disable/result/1kxun.pcap.out | 4 +- tests/cfgs/monitoring/result/stun.pcap.out | 4 +- .../result/stun_google_meet.pcapng.out | 4 +- .../monitoring/result/stun_zoom.pcapng.out | 4 +- tests/cfgs/monitoring/result/teams.pcap.out | 6 +- .../result/telegram_videocall_2.pcapng.out | 4 +- .../result/teams.pcap.out | 6 +- .../result/lru_ipv6_caches.pcapng.out | 4 +- .../result/stun_dtls_rtp.pcapng.out | 4 +- .../result/stun_dtls_rtp_unidir.pcapng.out | 4 +- .../result/stun_zoom.pcapng.out | 4 +- .../result/anydesk.pcapng.out | 4 +- .../result/quic-mvfst-27.pcapng.out | 4 +- .../result/tls_ech.pcapng.out | 4 +- .../tls_heur__shadowsocks-tcp.pcapng.out | 4 +- .../tls_heur__trojan-tcp-tls.pcapng.out | 4 +- .../result/tls_heur__vmess-tcp-tls.pcapng.out | 4 +- .../result/tls_heur__vmess-tcp.pcapng.out | 4 +- .../tls_heur__vmess-websocket.pcapng.out | 4 +- .../result/tls_verylong_certificate.pcap.out | 5 +- .../result/tls_verylong_certificate.pcap.out | 4 +- .../result/tls_verylong_certificate.pcap.out | 5 +- .../result/zoom.pcap.out | 4 +- .../result/zoom2.pcap.out | 4 +- 214 files changed, 588 insertions(+), 585 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 08e0023f21b..d60723ca656 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -3308,15 +3308,15 @@ static void printFlowsStats() { } if(verbose) { - ndpi_host_ja3_fingerprints *ja3ByHostsHashT = NULL; // outer hash table - ndpi_ja3_fingerprints_host *hostByJA3C_ht = NULL; // for client - ndpi_ja3_fingerprints_host *hostByJA3S_ht = NULL; // for server + ndpi_host_ja_fingerprints *jaByHostsHashT = NULL; // outer hash table + ndpi_ja_fingerprints_host *hostByJA4C_ht = NULL; // for client + ndpi_ja_fingerprints_host *hostByJA3S_ht = NULL; // for server unsigned int i; - ndpi_host_ja3_fingerprints *ja3ByHost_element = NULL; - ndpi_ja3_info *info_of_element = NULL; - ndpi_host_ja3_fingerprints *tmp = NULL; - ndpi_ja3_info *tmp2 = NULL; - unsigned int num_ja3_ja4_client; + ndpi_host_ja_fingerprints *jaByHost_element = NULL; + ndpi_ja_info *info_of_element = NULL; + ndpi_host_ja_fingerprints *tmp = NULL; + ndpi_ja_info *tmp2 = NULL; + unsigned int num_ja4_client; unsigned int num_ja3_server; fprintf(out, "\n"); @@ -3329,167 +3329,170 @@ static void printFlowsStats() { } if((verbose == 2) || (verbose == 3)) { + + /* We are going to print JA4C and JA3S stats */ + for(i = 0; i < num_flows; i++) { - ndpi_host_ja3_fingerprints *ja3ByHostFound = NULL; - ndpi_ja3_fingerprints_host *hostByJA3Found = NULL; + ndpi_host_ja_fingerprints *jaByHostFound = NULL; + ndpi_ja_fingerprints_host *hostByJAFound = NULL; //check if this is a ssh-ssl flow - if(all_flows[i].flow->ssh_tls.ja3_client[0] != '\0') { + if(all_flows[i].flow->ssh_tls.ja4_client[0] != '\0') { //looking if the host is already in the hash table - HASH_FIND_INT(ja3ByHostsHashT, &(all_flows[i].flow->src_ip), ja3ByHostFound); + HASH_FIND_INT(jaByHostsHashT, &(all_flows[i].flow->src_ip), jaByHostFound); - //host ip -> ja3 - if(ja3ByHostFound == NULL) { + //host ip -> ja4c + if(jaByHostFound == NULL) { //adding the new host - ndpi_host_ja3_fingerprints *newHost = ndpi_malloc(sizeof(ndpi_host_ja3_fingerprints)); + ndpi_host_ja_fingerprints *newHost = ndpi_malloc(sizeof(ndpi_host_ja_fingerprints)); newHost->host_client_info_hasht = NULL; newHost->host_server_info_hasht = NULL; newHost->ip_string = all_flows[i].flow->src_name; newHost->ip = all_flows[i].flow->src_ip; newHost->dns_name = all_flows[i].flow->host_server_name; - ndpi_ja3_info *newJA3 = ndpi_malloc(sizeof(ndpi_ja3_info)); - newJA3->ja3 = all_flows[i].flow->ssh_tls.ja3_client; - newJA3->unsafe_cipher = all_flows[i].flow->ssh_tls.client_unsafe_cipher; - //adding the new ja3 fingerprint + ndpi_ja_info *newJA = ndpi_malloc(sizeof(ndpi_ja_info)); + newJA->ja = all_flows[i].flow->ssh_tls.ja4_client; + newJA->unsafe_cipher = all_flows[i].flow->ssh_tls.client_unsafe_cipher; + //adding the new ja4c fingerprint HASH_ADD_KEYPTR(hh, newHost->host_client_info_hasht, - newJA3->ja3, strlen(newJA3->ja3), newJA3); + newJA->ja, strlen(newJA->ja), newJA); //adding the new host - HASH_ADD_INT(ja3ByHostsHashT, ip, newHost); + HASH_ADD_INT(jaByHostsHashT, ip, newHost); } else { //host already in the hash table - ndpi_ja3_info *infoFound = NULL; + ndpi_ja_info *infoFound = NULL; - HASH_FIND_STR(ja3ByHostFound->host_client_info_hasht, - all_flows[i].flow->ssh_tls.ja3_client, infoFound); + HASH_FIND_STR(jaByHostFound->host_client_info_hasht, + all_flows[i].flow->ssh_tls.ja4_client, infoFound); if(infoFound == NULL) { - ndpi_ja3_info *newJA3 = ndpi_malloc(sizeof(ndpi_ja3_info)); - newJA3->ja3 = all_flows[i].flow->ssh_tls.ja3_client; - newJA3->unsafe_cipher = all_flows[i].flow->ssh_tls.client_unsafe_cipher; - HASH_ADD_KEYPTR(hh, ja3ByHostFound->host_client_info_hasht, - newJA3->ja3, strlen(newJA3->ja3), newJA3); + ndpi_ja_info *newJA = ndpi_malloc(sizeof(ndpi_ja_info)); + newJA->ja = all_flows[i].flow->ssh_tls.ja4_client; + newJA->unsafe_cipher = all_flows[i].flow->ssh_tls.client_unsafe_cipher; + HASH_ADD_KEYPTR(hh, jaByHostFound->host_client_info_hasht, + newJA->ja, strlen(newJA->ja), newJA); } } - //ja3 -> host ip - HASH_FIND_STR(hostByJA3C_ht, all_flows[i].flow->ssh_tls.ja3_client, hostByJA3Found); - if(hostByJA3Found == NULL) { + //ja4c -> host ip + HASH_FIND_STR(hostByJA4C_ht, all_flows[i].flow->ssh_tls.ja4_client, hostByJAFound); + if(hostByJAFound == NULL) { ndpi_ip_dns *newHost = ndpi_malloc(sizeof(ndpi_ip_dns)); newHost->ip = all_flows[i].flow->src_ip; newHost->ip_string = all_flows[i].flow->src_name; newHost->dns_name = all_flows[i].flow->host_server_name; - ndpi_ja3_fingerprints_host *newElement = ndpi_malloc(sizeof(ndpi_ja3_fingerprints_host)); - newElement->ja3 = all_flows[i].flow->ssh_tls.ja3_client; + ndpi_ja_fingerprints_host *newElement = ndpi_malloc(sizeof(ndpi_ja_fingerprints_host)); + newElement->ja = all_flows[i].flow->ssh_tls.ja4_client; newElement->unsafe_cipher = all_flows[i].flow->ssh_tls.client_unsafe_cipher; newElement->ipToDNS_ht = NULL; HASH_ADD_INT(newElement->ipToDNS_ht, ip, newHost); - HASH_ADD_KEYPTR(hh, hostByJA3C_ht, newElement->ja3, strlen(newElement->ja3), + HASH_ADD_KEYPTR(hh, hostByJA4C_ht, newElement->ja, strlen(newElement->ja), newElement); } else { ndpi_ip_dns *innerElement = NULL; - HASH_FIND_INT(hostByJA3Found->ipToDNS_ht, &(all_flows[i].flow->src_ip), innerElement); + HASH_FIND_INT(hostByJAFound->ipToDNS_ht, &(all_flows[i].flow->src_ip), innerElement); if(innerElement == NULL) { ndpi_ip_dns *newInnerElement = ndpi_malloc(sizeof(ndpi_ip_dns)); newInnerElement->ip = all_flows[i].flow->src_ip; newInnerElement->ip_string = all_flows[i].flow->src_name; newInnerElement->dns_name = all_flows[i].flow->host_server_name; - HASH_ADD_INT(hostByJA3Found->ipToDNS_ht, ip, newInnerElement); + HASH_ADD_INT(hostByJAFound->ipToDNS_ht, ip, newInnerElement); } } } if(all_flows[i].flow->ssh_tls.ja3_server[0] != '\0') { //looking if the host is already in the hash table - HASH_FIND_INT(ja3ByHostsHashT, &(all_flows[i].flow->dst_ip), ja3ByHostFound); - if(ja3ByHostFound == NULL) { + HASH_FIND_INT(jaByHostsHashT, &(all_flows[i].flow->dst_ip), jaByHostFound); + if(jaByHostFound == NULL) { //adding the new host in the hash table - ndpi_host_ja3_fingerprints *newHost = ndpi_malloc(sizeof(ndpi_host_ja3_fingerprints)); + ndpi_host_ja_fingerprints *newHost = ndpi_malloc(sizeof(ndpi_host_ja_fingerprints)); newHost->host_client_info_hasht = NULL; newHost->host_server_info_hasht = NULL; newHost->ip_string = all_flows[i].flow->dst_name; newHost->ip = all_flows[i].flow->dst_ip; newHost->dns_name = all_flows[i].flow->ssh_tls.server_info; - ndpi_ja3_info *newJA3 = ndpi_malloc(sizeof(ndpi_ja3_info)); - newJA3->ja3 = all_flows[i].flow->ssh_tls.ja3_server; - newJA3->unsafe_cipher = all_flows[i].flow->ssh_tls.server_unsafe_cipher; - //adding the new ja3 fingerprint - HASH_ADD_KEYPTR(hh, newHost->host_server_info_hasht, newJA3->ja3, - strlen(newJA3->ja3), newJA3); + ndpi_ja_info *newJA = ndpi_malloc(sizeof(ndpi_ja_info)); + newJA->ja = all_flows[i].flow->ssh_tls.ja3_server; + newJA->unsafe_cipher = all_flows[i].flow->ssh_tls.server_unsafe_cipher; + //adding the new ja3s fingerprint + HASH_ADD_KEYPTR(hh, newHost->host_server_info_hasht, newJA->ja, + strlen(newJA->ja), newJA); //adding the new host - HASH_ADD_INT(ja3ByHostsHashT, ip, newHost); + HASH_ADD_INT(jaByHostsHashT, ip, newHost); } else { //host already in the hashtable - ndpi_ja3_info *infoFound = NULL; - HASH_FIND_STR(ja3ByHostFound->host_server_info_hasht, + ndpi_ja_info *infoFound = NULL; + HASH_FIND_STR(jaByHostFound->host_server_info_hasht, all_flows[i].flow->ssh_tls.ja3_server, infoFound); if(infoFound == NULL) { - ndpi_ja3_info *newJA3 = ndpi_malloc(sizeof(ndpi_ja3_info)); - newJA3->ja3 = all_flows[i].flow->ssh_tls.ja3_server; - newJA3->unsafe_cipher = all_flows[i].flow->ssh_tls.server_unsafe_cipher; - HASH_ADD_KEYPTR(hh, ja3ByHostFound->host_server_info_hasht, - newJA3->ja3, strlen(newJA3->ja3), newJA3); + ndpi_ja_info *newJA = ndpi_malloc(sizeof(ndpi_ja_info)); + newJA->ja = all_flows[i].flow->ssh_tls.ja3_server; + newJA->unsafe_cipher = all_flows[i].flow->ssh_tls.server_unsafe_cipher; + HASH_ADD_KEYPTR(hh, jaByHostFound->host_server_info_hasht, + newJA->ja, strlen(newJA->ja), newJA); } } - HASH_FIND_STR(hostByJA3S_ht, all_flows[i].flow->ssh_tls.ja3_server, hostByJA3Found); - if(hostByJA3Found == NULL) { + HASH_FIND_STR(hostByJA3S_ht, all_flows[i].flow->ssh_tls.ja3_server, hostByJAFound); + if(hostByJAFound == NULL) { ndpi_ip_dns *newHost = ndpi_malloc(sizeof(ndpi_ip_dns)); newHost->ip = all_flows[i].flow->dst_ip; newHost->ip_string = all_flows[i].flow->dst_name; newHost->dns_name = all_flows[i].flow->ssh_tls.server_info;; - ndpi_ja3_fingerprints_host *newElement = ndpi_malloc(sizeof(ndpi_ja3_fingerprints_host)); - newElement->ja3 = all_flows[i].flow->ssh_tls.ja3_server; + ndpi_ja_fingerprints_host *newElement = ndpi_malloc(sizeof(ndpi_ja_fingerprints_host)); + newElement->ja = all_flows[i].flow->ssh_tls.ja3_server; newElement->unsafe_cipher = all_flows[i].flow->ssh_tls.server_unsafe_cipher; newElement->ipToDNS_ht = NULL; HASH_ADD_INT(newElement->ipToDNS_ht, ip, newHost); - HASH_ADD_KEYPTR(hh, hostByJA3S_ht, newElement->ja3, strlen(newElement->ja3), + HASH_ADD_KEYPTR(hh, hostByJA3S_ht, newElement->ja, strlen(newElement->ja), newElement); } else { ndpi_ip_dns *innerElement = NULL; - HASH_FIND_INT(hostByJA3Found->ipToDNS_ht, &(all_flows[i].flow->dst_ip), innerElement); + HASH_FIND_INT(hostByJAFound->ipToDNS_ht, &(all_flows[i].flow->dst_ip), innerElement); if(innerElement == NULL) { ndpi_ip_dns *newInnerElement = ndpi_malloc(sizeof(ndpi_ip_dns)); newInnerElement->ip = all_flows[i].flow->dst_ip; newInnerElement->ip_string = all_flows[i].flow->dst_name; newInnerElement->dns_name = all_flows[i].flow->ssh_tls.server_info; - HASH_ADD_INT(hostByJA3Found->ipToDNS_ht, ip, newInnerElement); + HASH_ADD_INT(hostByJAFound->ipToDNS_ht, ip, newInnerElement); } } } } - if(ja3ByHostsHashT) { - ndpi_ja3_fingerprints_host *hostByJA3Element = NULL; - ndpi_ja3_fingerprints_host *tmp3 = NULL; + if(jaByHostsHashT) { + ndpi_ja_fingerprints_host *hostByJAElement = NULL; + ndpi_ja_fingerprints_host *tmp3 = NULL; ndpi_ip_dns *innerHashEl = NULL; ndpi_ip_dns *tmp4 = NULL; if(verbose == 2) { - /* for each host the number of flow with a ja3 fingerprint is printed */ + /* for each host the number of flow with a ja4c fingerprint is printed */ i = 1; - fprintf(out, "JA3 Host Stats: \n"); - fprintf(out, "\t\t IP %-24s \t %-10s \n", "Address", "# JA3C"); + fprintf(out, "JA Host Stats: \n"); + fprintf(out, "\t\t IP %-24s \t %-10s \n", "Address", "# JA4C"); - for(ja3ByHost_element = ja3ByHostsHashT; ja3ByHost_element != NULL; - ja3ByHost_element = ja3ByHost_element->hh.next) { - num_ja3_ja4_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); - num_ja3_server = HASH_COUNT(ja3ByHost_element->host_server_info_hasht); + for(jaByHost_element = jaByHostsHashT; jaByHost_element != NULL; + jaByHost_element = jaByHost_element->hh.next) { + num_ja4_client = HASH_COUNT(jaByHost_element->host_client_info_hasht); + num_ja3_server = HASH_COUNT(jaByHost_element->host_server_info_hasht); - if(num_ja3_ja4_client > 0) { + if(num_ja4_client > 0) { fprintf(out, "\t%d\t %-24s \t %-7u\n", i, - ja3ByHost_element->ip_string, - num_ja3_ja4_client + jaByHost_element->ip_string, + num_ja4_client ); i++; } @@ -3498,31 +3501,31 @@ static void printFlowsStats() { } else if(verbose == 3) { int i = 1; int againstRepeat; - ndpi_ja3_fingerprints_host *hostByJA3Element = NULL; - ndpi_ja3_fingerprints_host *tmp3 = NULL; + ndpi_ja_fingerprints_host *hostByJAElement = NULL; + ndpi_ja_fingerprints_host *tmp3 = NULL; ndpi_ip_dns *innerHashEl = NULL; ndpi_ip_dns *tmp4 = NULL; - //for each host it is printted the JA3C and JA3S, along the server name (if any) + //for each host it is printted the JA4C and JA3S, along the server name (if any) //and the security status - fprintf(out, "JA3C/JA3S Host Stats: \n"); - fprintf(out, "\t%-7s %-24s %-34s %s\n", "", "IP", "JA3C", "JA3S"); + fprintf(out, "JA4C/JA3S Host Stats: \n"); + fprintf(out, "\t%-7s %-24s %-44s %s\n", "", "IP", "JA4C", "JA3S"); //reminder - //ja3ByHostsHashT: hash table - //ja3ByHost_element: element of ja3ByHostsHashT - //info_of_element: element of the inner hash table of ja3ByHost_element - HASH_ITER(hh, ja3ByHostsHashT, ja3ByHost_element, tmp) { - num_ja3_ja4_client = HASH_COUNT(ja3ByHost_element->host_client_info_hasht); - num_ja3_server = HASH_COUNT(ja3ByHost_element->host_server_info_hasht); + //jaByHostsHashT: hash table + //jaByHost_element: element of jaByHostsHashT + //info_of_element: element of the inner hash table of jaByHost_element + HASH_ITER(hh, jaByHostsHashT, jaByHost_element, tmp) { + num_ja4_client = HASH_COUNT(jaByHost_element->host_client_info_hasht); + num_ja3_server = HASH_COUNT(jaByHost_element->host_server_info_hasht); againstRepeat = 0; - if(num_ja3_ja4_client > 0) { - HASH_ITER(hh, ja3ByHost_element->host_client_info_hasht, info_of_element, tmp2) { + if(num_ja4_client > 0) { + HASH_ITER(hh, jaByHost_element->host_client_info_hasht, info_of_element, tmp2) { fprintf(out, "\t%-7d %-24s %s %s\n", i, - ja3ByHost_element->ip_string, - info_of_element->ja3, + jaByHost_element->ip_string, + info_of_element->ja, print_cipher(info_of_element->unsafe_cipher) ); againstRepeat = 1; @@ -3531,16 +3534,16 @@ static void printFlowsStats() { } if(num_ja3_server > 0) { - HASH_ITER(hh, ja3ByHost_element->host_server_info_hasht, info_of_element, tmp2) { - fprintf(out, "\t%-7d %-24s %-34s %s %s %s%s%s\n", + HASH_ITER(hh, jaByHost_element->host_server_info_hasht, info_of_element, tmp2) { + fprintf(out, "\t%-7d %-24s %-44s %s %s %s%s%s\n", i, - ja3ByHost_element->ip_string, + jaByHost_element->ip_string, "", - info_of_element->ja3, + info_of_element->ja, print_cipher(info_of_element->unsafe_cipher), - ja3ByHost_element->dns_name[0] ? "[" : "", - ja3ByHost_element->dns_name, - ja3ByHost_element->dns_name[0] ? "]" : "" + jaByHost_element->dns_name[0] ? "[" : "", + jaByHost_element->dns_name, + jaByHost_element->dns_name[0] ? "]" : "" ); i++; } @@ -3549,19 +3552,19 @@ static void printFlowsStats() { i = 1; - fprintf(out, "\nIP/JA3 Distribution:\n"); - fprintf(out, "%-15s %-39s %-26s\n", "", "JA3", "IP"); - HASH_ITER(hh, hostByJA3C_ht, hostByJA3Element, tmp3) { + fprintf(out, "\nIP/JA Distribution:\n"); + fprintf(out, "%-15s %-43s %-26s\n", "", "JA", "IP"); + HASH_ITER(hh, hostByJA4C_ht, hostByJAElement, tmp3) { againstRepeat = 0; - HASH_ITER(hh, hostByJA3Element->ipToDNS_ht, innerHashEl, tmp4) { + HASH_ITER(hh, hostByJAElement->ipToDNS_ht, innerHashEl, tmp4) { if(againstRepeat == 0) { - fprintf(out, "\t%-7d JA3C %s", + fprintf(out, "\t%-7d JA4C %s", i, - hostByJA3Element->ja3 + hostByJAElement->ja ); - fprintf(out, " %-15s %s\n", + fprintf(out, " %-20s %s\n", innerHashEl->ip_string, - print_cipher(hostByJA3Element->unsafe_cipher) + print_cipher(hostByJAElement->unsafe_cipher) ); againstRepeat = 1; i++; @@ -3569,22 +3572,22 @@ static void printFlowsStats() { fprintf(out, "\t%45s", ""); fprintf(out, " %-15s %s\n", innerHashEl->ip_string, - print_cipher(hostByJA3Element->unsafe_cipher) + print_cipher(hostByJAElement->unsafe_cipher) ); } } } - HASH_ITER(hh, hostByJA3S_ht, hostByJA3Element, tmp3) { + HASH_ITER(hh, hostByJA3S_ht, hostByJAElement, tmp3) { againstRepeat = 0; - HASH_ITER(hh, hostByJA3Element->ipToDNS_ht, innerHashEl, tmp4) { + HASH_ITER(hh, hostByJAElement->ipToDNS_ht, innerHashEl, tmp4) { if(againstRepeat == 0) { fprintf(out, "\t%-7d JA3S %s", i, - hostByJA3Element->ja3 + hostByJAElement->ja ); fprintf(out, " %-15s %-10s %s%s%s\n", innerHashEl->ip_string, - print_cipher(hostByJA3Element->unsafe_cipher), + print_cipher(hostByJAElement->unsafe_cipher), innerHashEl->dns_name[0] ? "[" : "", innerHashEl->dns_name, innerHashEl->dns_name[0] ? "]" : "" @@ -3595,7 +3598,7 @@ static void printFlowsStats() { fprintf(out, "\t%45s", ""); fprintf(out, " %-15s %-10s %s%s%s\n", innerHashEl->ip_string, - print_cipher(hostByJA3Element->unsafe_cipher), + print_cipher(hostByJAElement->unsafe_cipher), innerHashEl->dns_name[0] ? "[" : "", innerHashEl->dns_name, innerHashEl->dns_name[0] ? "]" : "" @@ -3607,40 +3610,40 @@ static void printFlowsStats() { fprintf(out, "\n\n"); //freeing the hash table - HASH_ITER(hh, ja3ByHostsHashT, ja3ByHost_element, tmp) { - HASH_ITER(hh, ja3ByHost_element->host_client_info_hasht, info_of_element, tmp2) { - if(ja3ByHost_element->host_client_info_hasht) - HASH_DEL(ja3ByHost_element->host_client_info_hasht, info_of_element); + HASH_ITER(hh, jaByHostsHashT, jaByHost_element, tmp) { + HASH_ITER(hh, jaByHost_element->host_client_info_hasht, info_of_element, tmp2) { + if(jaByHost_element->host_client_info_hasht) + HASH_DEL(jaByHost_element->host_client_info_hasht, info_of_element); ndpi_free(info_of_element); } - HASH_ITER(hh, ja3ByHost_element->host_server_info_hasht, info_of_element, tmp2) { - if(ja3ByHost_element->host_server_info_hasht) - HASH_DEL(ja3ByHost_element->host_server_info_hasht, info_of_element); + HASH_ITER(hh, jaByHost_element->host_server_info_hasht, info_of_element, tmp2) { + if(jaByHost_element->host_server_info_hasht) + HASH_DEL(jaByHost_element->host_server_info_hasht, info_of_element); ndpi_free(info_of_element); } - HASH_DEL(ja3ByHostsHashT, ja3ByHost_element); - ndpi_free(ja3ByHost_element); + HASH_DEL(jaByHostsHashT, jaByHost_element); + ndpi_free(jaByHost_element); } - HASH_ITER(hh, hostByJA3C_ht, hostByJA3Element, tmp3) { - HASH_ITER(hh, hostByJA3C_ht->ipToDNS_ht, innerHashEl, tmp4) { - if(hostByJA3Element->ipToDNS_ht) - HASH_DEL(hostByJA3Element->ipToDNS_ht, innerHashEl); + HASH_ITER(hh, hostByJA4C_ht, hostByJAElement, tmp3) { + HASH_ITER(hh, hostByJA4C_ht->ipToDNS_ht, innerHashEl, tmp4) { + if(hostByJAElement->ipToDNS_ht) + HASH_DEL(hostByJAElement->ipToDNS_ht, innerHashEl); ndpi_free(innerHashEl); } - HASH_DEL(hostByJA3C_ht, hostByJA3Element); - ndpi_free(hostByJA3Element); + HASH_DEL(hostByJA4C_ht, hostByJAElement); + ndpi_free(hostByJAElement); } - hostByJA3Element = NULL; - HASH_ITER(hh, hostByJA3S_ht, hostByJA3Element, tmp3) { + hostByJAElement = NULL; + HASH_ITER(hh, hostByJA3S_ht, hostByJAElement, tmp3) { HASH_ITER(hh, hostByJA3S_ht->ipToDNS_ht, innerHashEl, tmp4) { - if(hostByJA3Element->ipToDNS_ht) - HASH_DEL(hostByJA3Element->ipToDNS_ht, innerHashEl); + if(hostByJAElement->ipToDNS_ht) + HASH_DEL(hostByJAElement->ipToDNS_ht, innerHashEl); ndpi_free(innerHashEl); } - HASH_DEL(hostByJA3S_ht, hostByJA3Element); - ndpi_free(hostByJA3Element); + HASH_DEL(hostByJA3S_ht, hostByJAElement); + ndpi_free(hostByJAElement); } } } diff --git a/example/reader_util.h b/example/reader_util.h index 6a44ae0221d..a0aca5baeb4 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -97,24 +97,24 @@ extern int dpdk_port_deinit(int port); extern "C" { #endif -// inner hash table (ja3 -> security state) -typedef struct ndpi_ja3_info { - char * ja3; +// inner hash table (ja -> security state) +typedef struct ndpi_ja_info { + char * ja; ndpi_cipher_weakness unsafe_cipher; UT_hash_handle hh; -} ndpi_ja3_info; +} ndpi_ja_info; -// external hash table (host ip -> ) +// external hash table (host ip -> ) // used to aggregate ja3 fingerprints by hosts -typedef struct ndpi_host_ja3_fingerprints { +typedef struct ndpi_host_ja_fingerprints { u_int32_t ip; char *ip_string; char *dns_name; - ndpi_ja3_info *host_client_info_hasht; - ndpi_ja3_info *host_server_info_hasht; + ndpi_ja_info *host_client_info_hasht; + ndpi_ja_info *host_server_info_hasht; UT_hash_handle hh; -} ndpi_host_ja3_fingerprints; +} ndpi_host_ja_fingerprints; //inner hash table @@ -125,13 +125,13 @@ typedef struct ndpi_ip_dns{ UT_hash_handle hh; } ndpi_ip_dns; -//hash table ja3 -> , used to aggregate host by ja3 fingerprints -typedef struct ndpi_ja3_fingerprints_host{ - char *ja3; //key +//hash table ja -> , used to aggregate host by ja fingerprints +typedef struct ndpi_ja_fingerprints_host{ + char *ja; //key ndpi_cipher_weakness unsafe_cipher; ndpi_ip_dns *ipToDNS_ht; UT_hash_handle hh; -} ndpi_ja3_fingerprints_host; +} ndpi_ja_fingerprints_host; struct flow_metrics { float entropy, average, stddev; diff --git a/tests/cfgs/caches_cfg/result/ookla.pcap.out b/tests/cfgs/caches_cfg/result/ookla.pcap.out index 4d1269d8ad0..815355ddea3 100644 --- a/tests/cfgs/caches_cfg/result/ookla.pcap.out +++ b/tests/cfgs/caches_cfg/result/ookla.pcap.out @@ -30,8 +30,8 @@ Ookla 74 12870 4 Safe 103 36036 5 Acceptable 10 2375 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 2 diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out index 68214901e00..517c79c849d 100644 --- a/tests/cfgs/caches_cfg/result/teams.pcap.out +++ b/tests/cfgs/caches_cfg/result/teams.pcap.out @@ -49,9 +49,9 @@ Acceptable 328 111885 33 Fun 1 82 1 Unrated 4 456 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.1.6 6 +JA Host Stats: + IP Address # JA4C + 1 192.168.1.6 7 1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] diff --git a/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out index 92ad54c753d..1cc5ec1a7f9 100644 --- a/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out @@ -29,8 +29,8 @@ Cloudflare 9 8862 3 Acceptable 88 20854 12 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 UDP [32fb:f967:681e:e96b:face:b00c::74fd]:3478 <-> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080]:45658 [proto: 165/RTCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VoIP/10][14 pkts/1612 bytes <-> 16 pkts/1838 bytes][Goodput ratio: 46/46][2.71 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 12/1 188/155 778/396 231/147][Pkt Len c2s/s2c min/avg/max/stddev: 84/84 115/115 214/206 44/39][PLAIN TEXT (4/WtFTidwfa)][Plen Bins: 46,23,16,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/caches_global/result/ookla.pcap.out b/tests/cfgs/caches_global/result/ookla.pcap.out index 6e6b4f508fe..f474f2aa6f1 100644 --- a/tests/cfgs/caches_global/result/ookla.pcap.out +++ b/tests/cfgs/caches_global/result/ookla.pcap.out @@ -28,8 +28,8 @@ Ookla 113 38411 6 Safe 113 38411 6 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 2 diff --git a/tests/cfgs/caches_global/result/teams.pcap.out b/tests/cfgs/caches_global/result/teams.pcap.out index 4b74a78020a..0e696e66646 100644 --- a/tests/cfgs/caches_global/result/teams.pcap.out +++ b/tests/cfgs/caches_global/result/teams.pcap.out @@ -49,9 +49,9 @@ Acceptable 431 155530 37 Fun 1 82 1 Unrated 4 456 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.1.6 6 +JA Host Stats: + IP Address # JA4C + 1 192.168.1.6 7 1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index c863d7b914a..9cd7f2589cc 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -50,8 +50,8 @@ Fun 948 1976493 53 Dangerous 5 1197 2 Unrated 19 5564 9 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.5.16 2 diff --git a/tests/cfgs/default/result/443-curl.pcap.out b/tests/cfgs/default/result/443-curl.pcap.out index 219bafa3bfb..7dbf64e3ccc 100644 --- a/tests/cfgs/default/result/443-curl.pcap.out +++ b/tests/cfgs/default/result/443-curl.pcap.out @@ -24,8 +24,8 @@ ntop 109 73982 1 Safe 109 73982 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/443-firefox.pcap.out b/tests/cfgs/default/result/443-firefox.pcap.out index 3e827a7a911..df11b23ddf2 100644 --- a/tests/cfgs/default/result/443-firefox.pcap.out +++ b/tests/cfgs/default/result/443-firefox.pcap.out @@ -24,8 +24,8 @@ ntop 667 458067 1 Safe 667 458067 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/443-git.pcap.out b/tests/cfgs/default/result/443-git.pcap.out index fdbc2eaaad2..86170589654 100644 --- a/tests/cfgs/default/result/443-git.pcap.out +++ b/tests/cfgs/default/result/443-git.pcap.out @@ -24,8 +24,8 @@ Github 70 37189 1 Acceptable 70 37189 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/443-safari.pcap.out b/tests/cfgs/default/result/443-safari.pcap.out index 8c51f099a8c..6459225084d 100644 --- a/tests/cfgs/default/result/443-safari.pcap.out +++ b/tests/cfgs/default/result/443-safari.pcap.out @@ -24,8 +24,8 @@ ntop 41 19929 1 Safe 41 19929 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.13 1 diff --git a/tests/cfgs/default/result/4in6tunnel.pcap.out b/tests/cfgs/default/result/4in6tunnel.pcap.out index fc20a7b63cd..0760441bf52 100644 --- a/tests/cfgs/default/result/4in6tunnel.pcap.out +++ b/tests/cfgs/default/result/4in6tunnel.pcap.out @@ -24,8 +24,8 @@ Microsoft 4 2188 1 Safe 4 2188 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.0.1 1 diff --git a/tests/cfgs/default/result/6in4tunnel.pcap.out b/tests/cfgs/default/result/6in4tunnel.pcap.out index be266a30830..64193da576e 100644 --- a/tests/cfgs/default/result/6in4tunnel.pcap.out +++ b/tests/cfgs/default/result/6in4tunnel.pcap.out @@ -32,8 +32,8 @@ Safe 32 15913 3 Acceptable 58 9654 4 Fun 37 14726 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:470:1f17:13f:3e97:eff:fe73:4dec 2 diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out index 4777f6d85f1..fc6625a3bdb 100644 --- a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out @@ -37,8 +37,8 @@ Safe 37 5258 7 Acceptable 99 15120 20 Fun 211 51558 11 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.24.82.188 3 diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out index d8bac93256e..19258caaae5 100644 --- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out @@ -39,8 +39,8 @@ Safe 41 5761 8 Acceptable 3145 428107 10 Fun 17 1924 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.24.82.188 2 diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out index fc797951a64..d8c1086875c 100644 --- a/tests/cfgs/default/result/alexa-app.pcapng.out +++ b/tests/cfgs/default/result/alexa-app.pcapng.out @@ -42,8 +42,8 @@ AmazonAWS 383 142290 19 Safe 138 23305 13 Acceptable 2936 1146440 147 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 172.16.42.216 8 diff --git a/tests/cfgs/default/result/android.pcap.out b/tests/cfgs/default/result/android.pcap.out index bc6ca3eefb3..3a7edf2605a 100644 --- a/tests/cfgs/default/result/android.pcap.out +++ b/tests/cfgs/default/result/android.pcap.out @@ -47,9 +47,9 @@ Safe 97 27653 11 Acceptable 262 77875 38 Fun 116 26426 14 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.2.16 8 +JA Host Stats: + IP Address # JA4C + 1 192.168.2.16 7 1 TCP 192.168.2.16:32996 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 7][cat: Web/5][17 pkts/1949 bytes <-> 15 pkts/11826 bytes][Goodput ratio: 42/92][0.75 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/27 386/221 108/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/788 578/1484 125/627][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA3C: 6ec2896feff5746955f700c0023f5804][JA4: t12d1409ht_c866b44c5a26_b39be8c56a14][ServerNames: www.google.com][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com][Certificate SHA-1: 32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0][Safari][Validity: 2020-02-12 11:47:41 - 2020-05-06 11:47:41][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,13,6,0,0,6,0,0,0,6,6,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,35,0,0,0] diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index 843b7f6a1cb..6a61d28f20c 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -48,8 +48,8 @@ Safe 361 93506 16 Acceptable 205 36053 51 Unrated 19 1054 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.0.227 5 diff --git a/tests/cfgs/default/result/anydesk.pcapng.out b/tests/cfgs/default/result/anydesk.pcapng.out index b921bb7012e..05cd4713ba8 100644 --- a/tests/cfgs/default/result/anydesk.pcapng.out +++ b/tests/cfgs/default/result/anydesk.pcapng.out @@ -27,8 +27,8 @@ AnyDesk 154 44400 6 Safe 20 1717 1 Acceptable 154 44400 6 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.178 1 2 192.168.1.187 1 3 192.168.1.128 1 diff --git a/tests/cfgs/default/result/bets.pcapng.out b/tests/cfgs/default/result/bets.pcapng.out index 6ab14d27a6d..683dc3181ce 100644 --- a/tests/cfgs/default/result/bets.pcapng.out +++ b/tests/cfgs/default/result/bets.pcapng.out @@ -24,8 +24,8 @@ TLS 33 9228 1 Safe 33 9228 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.10.2 1 diff --git a/tests/cfgs/default/result/cachefly.pcapng.out b/tests/cfgs/default/result/cachefly.pcapng.out index 6fd6fe08e86..ebe3792e50c 100644 --- a/tests/cfgs/default/result/cachefly.pcapng.out +++ b/tests/cfgs/default/result/cachefly.pcapng.out @@ -24,8 +24,8 @@ Cachefly 6 6163 1 Acceptable 6 6163 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.10.10.1 1 diff --git a/tests/cfgs/default/result/capwap_data.pcapng.out b/tests/cfgs/default/result/capwap_data.pcapng.out index 5dbdeb74377..1ef1bb6e269 100644 --- a/tests/cfgs/default/result/capwap_data.pcapng.out +++ b/tests/cfgs/default/result/capwap_data.pcapng.out @@ -24,8 +24,8 @@ GoogleServices 14 2624 3 Acceptable 14 2624 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.1.3.68 1 diff --git a/tests/cfgs/default/result/chrome.pcap.out b/tests/cfgs/default/result/chrome.pcap.out index bfc02195563..2ddc12ba03d 100644 --- a/tests/cfgs/default/result/chrome.pcap.out +++ b/tests/cfgs/default/result/chrome.pcap.out @@ -24,8 +24,8 @@ TLS 127 68131 6 Safe 127 68131 6 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/cloudflare-warp.pcap.out b/tests/cfgs/default/result/cloudflare-warp.pcap.out index 00d0e712c47..6f6c1e01f02 100644 --- a/tests/cfgs/default/result/cloudflare-warp.pcap.out +++ b/tests/cfgs/default/result/cloudflare-warp.pcap.out @@ -35,8 +35,8 @@ CloudflareWarp 37 10500 3 Safe 5 294 2 Acceptable 73 14433 7 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.8.0.1 3 diff --git a/tests/cfgs/default/result/codm.pcap.out b/tests/cfgs/default/result/codm.pcap.out index bf409133250..3aef5a8c660 100644 --- a/tests/cfgs/default/result/codm.pcap.out +++ b/tests/cfgs/default/result/codm.pcap.out @@ -25,8 +25,8 @@ CoD_Mobile 13 3590 3 Fun 13 3590 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.215.173.1 1 diff --git a/tests/cfgs/default/result/dazn.pcapng.out b/tests/cfgs/default/result/dazn.pcapng.out index 10325fc8db8..0f3f209610c 100644 --- a/tests/cfgs/default/result/dazn.pcapng.out +++ b/tests/cfgs/default/result/dazn.pcapng.out @@ -24,8 +24,8 @@ Dazn 12 6675 3 Fun 12 6675 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/dingtalk.pcap.out b/tests/cfgs/default/result/dingtalk.pcap.out index 96f0493fda6..5ba03f4fd7c 100644 --- a/tests/cfgs/default/result/dingtalk.pcap.out +++ b/tests/cfgs/default/result/dingtalk.pcap.out @@ -24,8 +24,8 @@ DingTalk 16 4890 2 Acceptable 16 4890 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.215.173.1 1 diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out index b7de5d65f15..c24a4154ce2 100644 --- a/tests/cfgs/default/result/discord.pcap.out +++ b/tests/cfgs/default/result/discord.pcap.out @@ -25,8 +25,8 @@ Discord 411 98410 34 Fun 411 98410 34 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/dlt_ppp.pcap.out b/tests/cfgs/default/result/dlt_ppp.pcap.out index ca55273b8b9..9895b986fbc 100644 --- a/tests/cfgs/default/result/dlt_ppp.pcap.out +++ b/tests/cfgs/default/result/dlt_ppp.pcap.out @@ -24,8 +24,8 @@ QUIC 1 1230 1 Acceptable 1 1230 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 193.167.0.252 1 diff --git a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out index 1345ac75164..540524a1518 100644 --- a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out +++ b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out @@ -24,8 +24,8 @@ TLS 50 8960 1 Safe 50 8960 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.20.211 1 diff --git a/tests/cfgs/default/result/dns_doh.pcap.out b/tests/cfgs/default/result/dns_doh.pcap.out index 8b98c421a9e..147f6562e57 100644 --- a/tests/cfgs/default/result/dns_doh.pcap.out +++ b/tests/cfgs/default/result/dns_doh.pcap.out @@ -24,8 +24,8 @@ DoH_DoT 142 20362 1 Acceptable 142 20362 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 172.20.10.4 1 diff --git a/tests/cfgs/default/result/dns_dot.pcap.out b/tests/cfgs/default/result/dns_dot.pcap.out index d4c12882c20..61027072d72 100644 --- a/tests/cfgs/default/result/dns_dot.pcap.out +++ b/tests/cfgs/default/result/dns_dot.pcap.out @@ -24,8 +24,8 @@ DoH_DoT 24 5869 1 Acceptable 24 5869 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.185 1 diff --git a/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out b/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out index d3411ee5a63..175c8386ee2 100644 --- a/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out @@ -24,8 +24,8 @@ DoH_DoT 577 216583 34 Acceptable 577 216583 34 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.0.1 1 diff --git a/tests/cfgs/default/result/doh.pcapng.out b/tests/cfgs/default/result/doh.pcapng.out index db857091ed7..a545d5af86e 100644 --- a/tests/cfgs/default/result/doh.pcapng.out +++ b/tests/cfgs/default/result/doh.pcapng.out @@ -24,8 +24,8 @@ TLS 120 14592 1 Safe 120 14592 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.253 1 diff --git a/tests/cfgs/default/result/doq.pcapng.out b/tests/cfgs/default/result/doq.pcapng.out index cb9b92c16fe..251cc3106f2 100644 --- a/tests/cfgs/default/result/doq.pcapng.out +++ b/tests/cfgs/default/result/doq.pcapng.out @@ -26,8 +26,8 @@ DoH_DoT 14 4788 1 Acceptable 20 5958 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 ::1 1 diff --git a/tests/cfgs/default/result/doq_adguard.pcapng.out b/tests/cfgs/default/result/doq_adguard.pcapng.out index 1c7d32a1a8a..a58ac8dd95b 100644 --- a/tests/cfgs/default/result/doq_adguard.pcapng.out +++ b/tests/cfgs/default/result/doq_adguard.pcapng.out @@ -24,8 +24,8 @@ DoH_DoT 296 44445 1 Acceptable 296 44445 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.169 1 diff --git a/tests/cfgs/default/result/dtls.pcap.out b/tests/cfgs/default/result/dtls.pcap.out index 67617be1077..d8c5b1c0feb 100644 --- a/tests/cfgs/default/result/dtls.pcap.out +++ b/tests/cfgs/default/result/dtls.pcap.out @@ -24,8 +24,8 @@ DTLS 24 8508 3 Safe 24 8508 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.191.227.13 1 2 192.168.13.203 1 3 127.0.0.1 1 diff --git a/tests/cfgs/default/result/dtls2.pcap.out b/tests/cfgs/default/result/dtls2.pcap.out index e88d2f123ff..3221b775cca 100644 --- a/tests/cfgs/default/result/dtls2.pcap.out +++ b/tests/cfgs/default/result/dtls2.pcap.out @@ -24,8 +24,8 @@ DTLS 30 4991 1 Safe 30 4991 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 61.68.110.153 1 diff --git a/tests/cfgs/default/result/dtls_certificate.pcapng.out b/tests/cfgs/default/result/dtls_certificate.pcapng.out index 85136ca82ca..4968497b5dd 100644 --- a/tests/cfgs/default/result/dtls_certificate.pcapng.out +++ b/tests/cfgs/default/result/dtls_certificate.pcapng.out @@ -24,8 +24,8 @@ WindowsUpdate 1 1486 1 Safe 1 1486 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 UDP 191.62.60.190:443 -> 163.205.15.180:38876 [proto: 30.147/DTLS.WindowsUpdate][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 30.147/DTLS.WindowsUpdate, Confidence: DPI][DPI packets: 1][cat: SoftwareUpdate/19][1 pkts/1486 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** TLS Cert Expired **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / 27/Feb/2017 12:00:00 - 27/Feb/2019 00:00:00][DTLSv1.2][JA3S: 953c1507994f72697446de4eff6e300b][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Update Secure Server CA 1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft, OU=DSP, CN=www.update.microsoft.com][Certificate SHA-1: D1:88:0F:51:C1:01:91:72:A1:A4:6E:69:F4:33:7F:FE:3E:C4:F0:39][Validity: 2017-02-27 12:00:00 - 2019-02-27 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (Washington1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out index eb51b5e1ec6..92417a47498 100644 --- a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out +++ b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out @@ -26,8 +26,8 @@ Discord 6 4215 1 Safe 20 5978 1 Fun 6 4215 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.26 1 2 10.186.198.149 1 diff --git a/tests/cfgs/default/result/dtls_old_version.pcapng.out b/tests/cfgs/default/result/dtls_old_version.pcapng.out index c558495c47e..6483f93da35 100644 --- a/tests/cfgs/default/result/dtls_old_version.pcapng.out +++ b/tests/cfgs/default/result/dtls_old_version.pcapng.out @@ -24,8 +24,8 @@ DTLS 7 994 1 Safe 7 994 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 37.188.4.115 1 diff --git a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out index f696fdd8552..f88f33aa70a 100644 --- a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out +++ b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out @@ -24,8 +24,8 @@ DTLS 4 604 1 Safe 4 604 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 185.196.113.239 1 diff --git a/tests/cfgs/default/result/emotet.pcap.out b/tests/cfgs/default/result/emotet.pcap.out index 5b125da9471..1f86a5b2588 100644 --- a/tests/cfgs/default/result/emotet.pcap.out +++ b/tests/cfgs/default/result/emotet.pcap.out @@ -27,8 +27,8 @@ TLS 32 10095 2 Safe 32 10095 2 Acceptable 137 89149 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.4.25.101 1 diff --git a/tests/cfgs/default/result/encrypted_sni.pcap.out b/tests/cfgs/default/result/encrypted_sni.pcap.out index c78c14f6de2..ac205de6ff5 100644 --- a/tests/cfgs/default/result/encrypted_sni.pcap.out +++ b/tests/cfgs/default/result/encrypted_sni.pcap.out @@ -24,8 +24,8 @@ TLS 3 2310 3 Safe 3 2310 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.12 1 diff --git a/tests/cfgs/default/result/facebook.pcap.out b/tests/cfgs/default/result/facebook.pcap.out index 7177613e760..d75d5f8e280 100644 --- a/tests/cfgs/default/result/facebook.pcap.out +++ b/tests/cfgs/default/result/facebook.pcap.out @@ -24,8 +24,8 @@ Facebook 60 30511 2 Fun 60 30511 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.43.18 2 diff --git a/tests/cfgs/default/result/firefox.pcap.out b/tests/cfgs/default/result/firefox.pcap.out index 29d38a7cca2..3d7a98d9b65 100644 --- a/tests/cfgs/default/result/firefox.pcap.out +++ b/tests/cfgs/default/result/firefox.pcap.out @@ -24,8 +24,8 @@ TLS 129 60233 6 Safe 129 60233 6 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/forticlient.pcap.out b/tests/cfgs/default/result/forticlient.pcap.out index 1a8a21fcd11..89d4fc9fc5d 100644 --- a/tests/cfgs/default/result/forticlient.pcap.out +++ b/tests/cfgs/default/result/forticlient.pcap.out @@ -25,8 +25,8 @@ FortiClient 2000 430931 5 Safe 2000 430931 5 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/ftp-start-tls.pcap.out b/tests/cfgs/default/result/ftp-start-tls.pcap.out index 2fe6370dade..76015030933 100644 --- a/tests/cfgs/default/result/ftp-start-tls.pcap.out +++ b/tests/cfgs/default/result/ftp-start-tls.pcap.out @@ -24,8 +24,8 @@ Huawei 51 7510 1 Acceptable 51 7510 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.238.26.36 1 diff --git a/tests/cfgs/default/result/gaijin_mobile_mixed.pcap.out b/tests/cfgs/default/result/gaijin_mobile_mixed.pcap.out index 1afefecd193..1e282d0fce8 100644 --- a/tests/cfgs/default/result/gaijin_mobile_mixed.pcap.out +++ b/tests/cfgs/default/result/gaijin_mobile_mixed.pcap.out @@ -25,8 +25,8 @@ GaijinEntertainment 18 10554 3 Fun 18 10554 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.215.173.1 2 diff --git a/tests/cfgs/default/result/geforcenow.pcapng.out b/tests/cfgs/default/result/geforcenow.pcapng.out index f62ebb4684d..eb5a741afbe 100644 --- a/tests/cfgs/default/result/geforcenow.pcapng.out +++ b/tests/cfgs/default/result/geforcenow.pcapng.out @@ -25,8 +25,8 @@ GeForceNow 108 69000 2 Fun 108 69000 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.245 2 diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index 736c762db31..c216923753b 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -49,8 +49,8 @@ Potentially Dangerous 2787 437378 330 Dangerous 5 1215 1 Unrated 883 76902 389 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/google_chat.pcapng.out b/tests/cfgs/default/result/google_chat.pcapng.out index 9bd3131e747..26788ed6c72 100644 --- a/tests/cfgs/default/result/google_chat.pcapng.out +++ b/tests/cfgs/default/result/google_chat.pcapng.out @@ -24,8 +24,8 @@ GoogleChat 6 3875 1 Acceptable 6 3875 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.88.231 1 diff --git a/tests/cfgs/default/result/google_meet.pcapng.out b/tests/cfgs/default/result/google_meet.pcapng.out index cc30e303c4a..099b724b589 100644 --- a/tests/cfgs/default/result/google_meet.pcapng.out +++ b/tests/cfgs/default/result/google_meet.pcapng.out @@ -25,8 +25,8 @@ GoogleMeet 12 8888 2 Acceptable 12 8888 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.88.231 2 diff --git a/tests/cfgs/default/result/googledns_android10.pcap.out b/tests/cfgs/default/result/googledns_android10.pcap.out index 2085ec21407..0658de88d64 100644 --- a/tests/cfgs/default/result/googledns_android10.pcap.out +++ b/tests/cfgs/default/result/googledns_android10.pcap.out @@ -29,8 +29,8 @@ DoH_DoT 528 132502 7 Acceptable 532 132894 8 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.159 2 diff --git a/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out b/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out index 62802b9d313..731a7df7110 100644 --- a/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out +++ b/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out @@ -27,8 +27,8 @@ Pinterest 88 34448 1 Safe 215 78855 5 Fun 88 34448 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 194.226.199.103 1 2 194.226.199.61 2 3 194.226.199.9 1 diff --git a/tests/cfgs/default/result/http_connect.pcap.out b/tests/cfgs/default/result/http_connect.pcap.out index baf586d6b11..d4e01547d18 100644 --- a/tests/cfgs/default/result/http_connect.pcap.out +++ b/tests/cfgs/default/result/http_connect.pcap.out @@ -28,8 +28,8 @@ HTTP_Connect 40 26841 1 Safe 58 36496 1 Acceptable 42 27019 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.146 1 diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index 34649c8382f..f3ed6ba822e 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -34,8 +34,8 @@ Safe 106 39646 11 Acceptable 65 16479 2 Fun 22 10202 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2a00:d40:1:3:7aac:c0ff:fea7:d4c 1 diff --git a/tests/cfgs/default/result/imap-starttls.pcap.out b/tests/cfgs/default/result/imap-starttls.pcap.out index bdbda22da45..cfd25624eb8 100644 --- a/tests/cfgs/default/result/imap-starttls.pcap.out +++ b/tests/cfgs/default/result/imap-starttls.pcap.out @@ -24,8 +24,8 @@ IMAPS 32 7975 1 Safe 32 7975 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.17.53 1 diff --git a/tests/cfgs/default/result/imaps.pcap.out b/tests/cfgs/default/result/imaps.pcap.out index c8e48d2b6e7..81963523030 100644 --- a/tests/cfgs/default/result/imaps.pcap.out +++ b/tests/cfgs/default/result/imaps.pcap.out @@ -25,8 +25,8 @@ IMAPS 8 4378 1 Safe 28 9574 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.0.1 1 2 192.168.1.8 1 diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index b80f8e4f108..85f49f78c45 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -38,8 +38,8 @@ Acceptable 166 132007 10 Fun 576 391376 22 Unrated 1 66 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.0.103 1 2 192.168.2.17 2 diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out index ba222d1cde7..10f87bd705a 100644 --- a/tests/cfgs/default/result/iphone.pcap.out +++ b/tests/cfgs/default/result/iphone.pcap.out @@ -42,9 +42,9 @@ Safe 150 55443 17 Acceptable 260 140186 25 Fun 76 25323 9 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.2.17 2 +JA Host Stats: + IP Address # JA4C + 1 192.168.2.17 3 1 TCP 192.168.2.17:50581 <-> 17.248.185.87:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 9][cat: Web/5][56 pkts/68759 bytes <-> 21 pkts/9571 bytes][Goodput ratio: 95/85][2.03 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/111 655/803 103/219][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1228/456 1506/1506 541/618][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F][Safari][Validity: 2019-12-09 19:35:05 - 2021-01-07 19:45:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,90,0,0] diff --git a/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out b/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out index d2b45fb7a6d..9e429a0c798 100644 --- a/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out +++ b/tests/cfgs/default/result/ja3_lots_of_cipher_suites.pcap.out @@ -24,8 +24,8 @@ TLS 11 5132 1 Safe 11 5132 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 TCP 10.206.131.18:58657 <-> 10.206.65.249:443 [VLAN: 258][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Web/5][5 pkts/1144 bytes <-> 6 pkts/3988 bytes][Goodput ratio: 70/90][0.22 sec][bytes ratio: -0.554 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/39 164/136 72/50][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 229/665 866/1522 319/650][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][TCP Fingerprint: 2_64_29200_7f0b1e49d59f/Unknown][TLSv1.2][JA3S: 9d456958a9e86bb0d503543beaf1a65b][Issuer: C=US, ST=New York, L=Rochester, O=Xerox Corporation, OU=Generic Root Certificate Authority, CN=Xerox Generic Root Certificate Authority][Subject: C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF, C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF][Certificate SHA-1: 3B:2B:5E:58:6E:3E:30:1F:52:BF:9B:81:20:47:DE:10:A0:67:8E:FA][Firefox][Validity: 2018-11-29 18:57:22 - 2023-11-29 18:57:22][Cipher: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] diff --git a/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out b/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out index 580ce83cd7c..6edec9d8162 100644 --- a/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/tests/cfgs/default/result/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -24,8 +24,8 @@ TLS 27 6966 1 Safe 27 6966 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 TCP 192.168.147.177:58496 <-> 151.121.193.160:443 [proto: GTP:91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Web/5][13 pkts/3520 bytes <-> 14 pkts/3446 bytes][Goodput ratio: 60/59][5.96 sec][Hostname/SNI: 192.69.136.179][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 479/256 1619/1072 582/419][Pkt Len c2s/s2c min/avg/max/stddev: 106/90 271/246 1202/1490 315/354][Risk: ** Self-signed Cert **** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 220][Risk Info: 192.69.136.179 / No ALPN / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384 / C=DE, ST=Munich, L=Grenoble, O=Munniccan Establishment GmB][TCP Fingerprint: 2_64_14600_d853e95bd80f/Unknown][TLSv1.2][JA3S: 7c02dbae662670040c7af9bd15fb7e2f (WEAK)][Issuer: C=DE, ST=Munich, L=Grenoble, O=Munniccan Establishment GmBH, OU=Munnican Workforce, CN=munniccan.de][Subject: C=DE, ST=Munich, L=Grenoble, O=Munniccan Establishment GmBH, OU=Munnican Workforce, CN=munniccan.de][Certificate SHA-1: 91:0C:1D:82:6B:28:01:8F:55:03:28:5B:90:A9:18:B9:ED:72:01:37][Firefox][Validity: 2016-12-21 19:19:24 - 2019-09-16 19:19:24][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 9,27,0,0,0,9,18,0,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0] diff --git a/tests/cfgs/default/result/line.pcap.out b/tests/cfgs/default/result/line.pcap.out index d1f316d23b7..ec045d8c827 100644 --- a/tests/cfgs/default/result/line.pcap.out +++ b/tests/cfgs/default/result/line.pcap.out @@ -28,8 +28,8 @@ LineCall 181 42253 3 Safe 72 11499 1 Acceptable 218 51733 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.200.3.125 1 diff --git a/tests/cfgs/default/result/long_tls_certificate.pcap.out b/tests/cfgs/default/result/long_tls_certificate.pcap.out index e8508e42aa6..d0e1481510b 100644 --- a/tests/cfgs/default/result/long_tls_certificate.pcap.out +++ b/tests/cfgs/default/result/long_tls_certificate.pcap.out @@ -24,8 +24,8 @@ Alibaba 47 14812 1 Acceptable 47 14812 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.60 1 diff --git a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out index 92ad54c753d..1cc5ec1a7f9 100644 --- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out @@ -29,8 +29,8 @@ Cloudflare 9 8862 3 Acceptable 88 20854 12 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 UDP [32fb:f967:681e:e96b:face:b00c::74fd]:3478 <-> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080]:45658 [proto: 165/RTCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VoIP/10][14 pkts/1612 bytes <-> 16 pkts/1838 bytes][Goodput ratio: 46/46][2.71 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 12/1 188/155 778/396 231/147][Pkt Len c2s/s2c min/avg/max/stddev: 84/84 115/115 214/206 44/39][PLAIN TEXT (4/WtFTidwfa)][Plen Bins: 46,23,16,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/malware.pcap.out b/tests/cfgs/default/result/malware.pcap.out index b36704eff40..e681e38c079 100644 --- a/tests/cfgs/default/result/malware.pcap.out +++ b/tests/cfgs/default/result/malware.pcap.out @@ -33,8 +33,8 @@ TLS 94 60194 2 Safe 94 60194 2 Acceptable 6 861 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.0.20 1 2 192.168.7.7 1 diff --git a/tests/cfgs/default/result/mumble.pcapng.out b/tests/cfgs/default/result/mumble.pcapng.out index a97ab31d411..914a06f1de9 100644 --- a/tests/cfgs/default/result/mumble.pcapng.out +++ b/tests/cfgs/default/result/mumble.pcapng.out @@ -25,8 +25,8 @@ Mumble 10 2551 3 Fun 10 2551 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.88.208 1 diff --git a/tests/cfgs/default/result/naver.pcap.out b/tests/cfgs/default/result/naver.pcap.out index 2fbaea9a83a..3dde7193112 100644 --- a/tests/cfgs/default/result/naver.pcap.out +++ b/tests/cfgs/default/result/naver.pcap.out @@ -24,8 +24,8 @@ Naver 22 13795 3 Safe 22 13795 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.215.173.1 2 diff --git a/tests/cfgs/default/result/netease_games.pcapng.out b/tests/cfgs/default/result/netease_games.pcapng.out index 3b5be6c530a..ea5d74f6a76 100644 --- a/tests/cfgs/default/result/netease_games.pcapng.out +++ b/tests/cfgs/default/result/netease_games.pcapng.out @@ -25,8 +25,8 @@ NetEaseGames 20 2662 5 Fun 20 2662 5 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.88.231 1 diff --git a/tests/cfgs/default/result/netflix.pcap.out b/tests/cfgs/default/result/netflix.pcap.out index b5a8fb72a13..5df48b18848 100644 --- a/tests/cfgs/default/result/netflix.pcap.out +++ b/tests/cfgs/default/result/netflix.pcap.out @@ -36,9 +36,9 @@ Safe 2 126 1 Acceptable 835 498043 22 Fun 956 508247 38 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.1.7 4 +JA Host Stats: + IP Address # JA4C + 1 192.168.1.7 5 1 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found host 23.246.3.140 / Found binary mime octet-stream][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index b83219ef73c..0bd7333145e 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -35,8 +35,8 @@ Safe 56 8595 2 Acceptable 50 4316 7 Fun 890 320242 12 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.114 1 diff --git a/tests/cfgs/default/result/no_sni.pcap.out b/tests/cfgs/default/result/no_sni.pcap.out index dee05ca1497..9fced3a194f 100644 --- a/tests/cfgs/default/result/no_sni.pcap.out +++ b/tests/cfgs/default/result/no_sni.pcap.out @@ -26,8 +26,8 @@ DoH_DoT 268 31882 1 Safe 174 50253 7 Acceptable 268 31882 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.119 4 diff --git a/tests/cfgs/default/result/ocs.pcap.out b/tests/cfgs/default/result/ocs.pcap.out index 5f8e71b0807..19fa81d1379 100644 --- a/tests/cfgs/default/result/ocs.pcap.out +++ b/tests/cfgs/default/result/ocs.pcap.out @@ -38,8 +38,8 @@ Safe 26 3128 3 Acceptable 57 6705 10 Fun 863 57552 7 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.180.2 4 diff --git a/tests/cfgs/default/result/ookla.pcap.out b/tests/cfgs/default/result/ookla.pcap.out index 6e6b4f508fe..f474f2aa6f1 100644 --- a/tests/cfgs/default/result/ookla.pcap.out +++ b/tests/cfgs/default/result/ookla.pcap.out @@ -28,8 +28,8 @@ Ookla 113 38411 6 Safe 113 38411 6 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 2 diff --git a/tests/cfgs/default/result/opera-vpn.pcapng.out b/tests/cfgs/default/result/opera-vpn.pcapng.out index 392a72bd802..79fdce32fc8 100644 --- a/tests/cfgs/default/result/opera-vpn.pcapng.out +++ b/tests/cfgs/default/result/opera-vpn.pcapng.out @@ -29,9 +29,9 @@ OperaVPN 3197 1398676 61 Safe 3 206 1 Acceptable 3197 1398676 61 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.1.29 61 +JA Host Stats: + IP Address # JA4C + 1 192.168.1.29 2 1 TCP 192.168.1.29:51430 <-> 77.111.247.69:443 [proto: 91.339/TLS.OperaVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][120 pkts/12683 bytes <-> 145 pkts/170702 bytes][Goodput ratio: 37/94][1.87 sec][Hostname/SNI: eu0.sec-tunnel.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.862 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/14 714/744 100/92][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1177 1479/1506 163/509][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.3][JA3C: 936e6ce83ab4f11d1ce3ffb026e44b8e][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,4,2,0,0,2,0,0,1,2,0,0,0,1,0,0,1,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,1,0,0,0,0,0,67,0,0] diff --git a/tests/cfgs/default/result/os_detected.pcapng.out b/tests/cfgs/default/result/os_detected.pcapng.out index 1493bf9ae48..9b790f5dad3 100644 --- a/tests/cfgs/default/result/os_detected.pcapng.out +++ b/tests/cfgs/default/result/os_detected.pcapng.out @@ -24,8 +24,8 @@ QUIC 1 1294 1 Acceptable 1 1294 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/paltalk.pcapng.out b/tests/cfgs/default/result/paltalk.pcapng.out index ff7cbfacf90..87f9253f0d8 100644 --- a/tests/cfgs/default/result/paltalk.pcapng.out +++ b/tests/cfgs/default/result/paltalk.pcapng.out @@ -24,8 +24,8 @@ Paltalk 17 3511 4 Acceptable 17 3511 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.88.208 1 diff --git a/tests/cfgs/default/result/pia.pcap.out b/tests/cfgs/default/result/pia.pcap.out index 1f096d76a55..a2626e4d00a 100644 --- a/tests/cfgs/default/result/pia.pcap.out +++ b/tests/cfgs/default/result/pia.pcap.out @@ -24,8 +24,8 @@ PrivateInternetAccess 9 3842 1 Acceptable 9 3842 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.88.3 1 diff --git a/tests/cfgs/default/result/pinterest.pcap.out b/tests/cfgs/default/result/pinterest.pcap.out index 108644e975e..7b285b1d7fe 100644 --- a/tests/cfgs/default/result/pinterest.pcap.out +++ b/tests/cfgs/default/result/pinterest.pcap.out @@ -35,8 +35,8 @@ Acceptable 383 161216 6 Fun 323 193395 11 Tracker/Ads 48 23075 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 1 diff --git a/tests/cfgs/default/result/pluralsight.pcap.out b/tests/cfgs/default/result/pluralsight.pcap.out index bcbe44b8da1..8310657704c 100644 --- a/tests/cfgs/default/result/pluralsight.pcap.out +++ b/tests/cfgs/default/result/pluralsight.pcap.out @@ -24,8 +24,8 @@ Pluralsight 44 29652 6 Fun 44 29652 6 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 1 diff --git a/tests/cfgs/default/result/pop3_stls.pcap.out b/tests/cfgs/default/result/pop3_stls.pcap.out index 12165ccf9bb..90ee4186565 100644 --- a/tests/cfgs/default/result/pop3_stls.pcap.out +++ b/tests/cfgs/default/result/pop3_stls.pcap.out @@ -24,8 +24,8 @@ POPS 53 11189 1 Safe 53 11189 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.20.18 1 diff --git a/tests/cfgs/default/result/pops.pcapng.out b/tests/cfgs/default/result/pops.pcapng.out index 23b3f724f3e..85fb04f80fc 100644 --- a/tests/cfgs/default/result/pops.pcapng.out +++ b/tests/cfgs/default/result/pops.pcapng.out @@ -24,8 +24,8 @@ POPS 5 2998 1 Safe 5 2998 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.0.1 1 diff --git a/tests/cfgs/default/result/protonvpn.pcap.out b/tests/cfgs/default/result/protonvpn.pcap.out index 02bfd6b5527..2aae7323895 100644 --- a/tests/cfgs/default/result/protonvpn.pcap.out +++ b/tests/cfgs/default/result/protonvpn.pcap.out @@ -31,8 +31,8 @@ ProtonVPN 26 8061 1 Safe 1 74 1 Acceptable 40 10121 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/psiphon3.pcap.out b/tests/cfgs/default/result/psiphon3.pcap.out index fe68290eaa7..22a100e10e8 100644 --- a/tests/cfgs/default/result/psiphon3.pcap.out +++ b/tests/cfgs/default/result/psiphon3.pcap.out @@ -24,8 +24,8 @@ Psiphon 62 11818 1 Acceptable 62 11818 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.0.103 1 diff --git a/tests/cfgs/default/result/quic-23.pcap.out b/tests/cfgs/default/result/quic-23.pcap.out index 87f06e31505..23a603433f4 100644 --- a/tests/cfgs/default/result/quic-23.pcap.out +++ b/tests/cfgs/default/result/quic-23.pcap.out @@ -24,8 +24,8 @@ QUIC 20 7191 1 Acceptable 20 7191 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7 1 diff --git a/tests/cfgs/default/result/quic-24.pcap.out b/tests/cfgs/default/result/quic-24.pcap.out index 8fbcfb83839..b07f38218a5 100644 --- a/tests/cfgs/default/result/quic-24.pcap.out +++ b/tests/cfgs/default/result/quic-24.pcap.out @@ -24,8 +24,8 @@ QUIC 15 8000 1 Acceptable 15 8000 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.9.0.1 1 diff --git a/tests/cfgs/default/result/quic-27.pcap.out b/tests/cfgs/default/result/quic-27.pcap.out index 3370c79cd8a..949dae78cc6 100644 --- a/tests/cfgs/default/result/quic-27.pcap.out +++ b/tests/cfgs/default/result/quic-27.pcap.out @@ -24,8 +24,8 @@ Google 20 12887 1 Acceptable 20 12887 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 3ef4:2194:f4a6:3503:40cd:714:57:c4e4 1 diff --git a/tests/cfgs/default/result/quic-28.pcap.out b/tests/cfgs/default/result/quic-28.pcap.out index 78d30268a50..4625dbcfe03 100644 --- a/tests/cfgs/default/result/quic-28.pcap.out +++ b/tests/cfgs/default/result/quic-28.pcap.out @@ -24,8 +24,8 @@ QUIC 253 246793 1 Acceptable 253 246793 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.9.0.2 1 diff --git a/tests/cfgs/default/result/quic-29.pcap.out b/tests/cfgs/default/result/quic-29.pcap.out index 40dc3dd084d..dbcf933b152 100644 --- a/tests/cfgs/default/result/quic-29.pcap.out +++ b/tests/cfgs/default/result/quic-29.pcap.out @@ -24,8 +24,8 @@ QUIC 15 9386 1 Acceptable 15 9386 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.9.0.1 1 diff --git a/tests/cfgs/default/result/quic-33.pcapng.out b/tests/cfgs/default/result/quic-33.pcapng.out index bfe8b278ab0..d2a0d014167 100644 --- a/tests/cfgs/default/result/quic-33.pcapng.out +++ b/tests/cfgs/default/result/quic-33.pcapng.out @@ -24,8 +24,8 @@ QUIC 7 5336 1 Acceptable 7 5336 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 ::1 1 diff --git a/tests/cfgs/default/result/quic-34.pcap.out b/tests/cfgs/default/result/quic-34.pcap.out index a708246a690..7805234f1bc 100644 --- a/tests/cfgs/default/result/quic-34.pcap.out +++ b/tests/cfgs/default/result/quic-34.pcap.out @@ -24,8 +24,8 @@ QUIC 4 4836 1 Acceptable 4 4836 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.56.1 1 diff --git a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out index 28cb81fd898..fea420bbeb4 100644 --- a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out +++ b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out @@ -24,8 +24,8 @@ QUIC 21 9039 1 Acceptable 21 9039 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.56.103 1 diff --git a/tests/cfgs/default/result/quic-mvfst-22.pcap.out b/tests/cfgs/default/result/quic-mvfst-22.pcap.out index 92aba857817..c229a6dca91 100644 --- a/tests/cfgs/default/result/quic-mvfst-22.pcap.out +++ b/tests/cfgs/default/result/quic-mvfst-22.pcap.out @@ -24,8 +24,8 @@ Facebook 490 288303 1 Fun 490 288303 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/quic-mvfst-27.pcapng.out b/tests/cfgs/default/result/quic-mvfst-27.pcapng.out index 74b5116df2e..ad2a549d92f 100644 --- a/tests/cfgs/default/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/default/result/quic-mvfst-27.pcapng.out @@ -24,8 +24,8 @@ Facebook 20 11399 1 Fun 20 11399 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.2.15 1 diff --git a/tests/cfgs/default/result/quic-mvfst-exp.pcap.out b/tests/cfgs/default/result/quic-mvfst-exp.pcap.out index a7c0c20dc3b..7ad65b92e86 100644 --- a/tests/cfgs/default/result/quic-mvfst-exp.pcap.out +++ b/tests/cfgs/default/result/quic-mvfst-exp.pcap.out @@ -24,8 +24,8 @@ FbookReelStory 30 26309 1 Fun 30 26309 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2aac:cdf7:d506:7807:9092:75f:a963:f4ab 1 diff --git a/tests/cfgs/default/result/quic-v2.pcapng.out b/tests/cfgs/default/result/quic-v2.pcapng.out index 69866e72cec..201ad0ed28e 100644 --- a/tests/cfgs/default/result/quic-v2.pcapng.out +++ b/tests/cfgs/default/result/quic-v2.pcapng.out @@ -24,8 +24,8 @@ QUIC 19 12970 1 Acceptable 19 12970 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 ::1 1 diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index d0eb1374823..32b33da2f80 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -25,8 +25,8 @@ QUIC 2 2588 1 Acceptable 17 7766 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.2.100 1 2 ::1 1 diff --git a/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out b/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out index ac6cfa1c66d..079cbae8ca9 100644 --- a/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out +++ b/tests/cfgs/default/result/quic_crypto_aes_auth_size.pcap.out @@ -24,8 +24,8 @@ Snapchat 2 2784 2 Fun 2 2784 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 134.53.36.43 1 2 245.161.134.177 1 diff --git a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out index 7e8ee9135ea..4ffe5e4954e 100644 --- a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out @@ -24,8 +24,8 @@ QUIC 4 3998 1 Acceptable 4 3998 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 ::1 1 diff --git a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index c585c6247ce..dbf664e1702 100644 --- a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -35,9 +35,9 @@ Safe 3 4176 3 Acceptable 154 214368 88 Fun 22 30624 22 -JA3 Host Stats: - IP Address # JA3C - 1 168.144.64.5 4 +JA Host Stats: + IP Address # JA4C + 1 168.144.64.5 2 2 52.187.20.175 1 3 159.117.176.124 1 4 192.168.254.11 1 diff --git a/tests/cfgs/default/result/quic_frags_different_dcid.pcapng.out b/tests/cfgs/default/result/quic_frags_different_dcid.pcapng.out index 3eed3ec2bac..fbcdd6f2630 100644 --- a/tests/cfgs/default/result/quic_frags_different_dcid.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_different_dcid.pcapng.out @@ -24,8 +24,8 @@ Cloudflare 3 3826 1 Acceptable 3 3826 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 129.21.84.33 1 diff --git a/tests/cfgs/default/result/quic_t50.pcap.out b/tests/cfgs/default/result/quic_t50.pcap.out index 9ec9a9975bd..7f4a3c3d413 100644 --- a/tests/cfgs/default/result/quic_t50.pcap.out +++ b/tests/cfgs/default/result/quic_t50.pcap.out @@ -24,8 +24,8 @@ GoogleServices 12 8420 1 Acceptable 12 8420 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 40.154.127.200 1 diff --git a/tests/cfgs/default/result/quic_t51.pcap.out b/tests/cfgs/default/result/quic_t51.pcap.out index ff227372ba7..2817653cd7b 100644 --- a/tests/cfgs/default/result/quic_t51.pcap.out +++ b/tests/cfgs/default/result/quic_t51.pcap.out @@ -24,8 +24,8 @@ Google 12 9296 1 Acceptable 12 9296 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 187.227.136.152 1 diff --git a/tests/cfgs/default/result/rdp_over_tls.pcap.out b/tests/cfgs/default/result/rdp_over_tls.pcap.out index a752010541e..85c9a81b696 100644 --- a/tests/cfgs/default/result/rdp_over_tls.pcap.out +++ b/tests/cfgs/default/result/rdp_over_tls.pcap.out @@ -24,8 +24,8 @@ RDP 19 3868 1 Acceptable 19 3868 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 91.238.181.21 1 diff --git a/tests/cfgs/default/result/reddit.pcap.out b/tests/cfgs/default/result/reddit.pcap.out index 6c624c302ac..74829a05c49 100644 --- a/tests/cfgs/default/result/reddit.pcap.out +++ b/tests/cfgs/default/result/reddit.pcap.out @@ -37,8 +37,8 @@ Acceptable 1007 390125 26 Fun 733 252471 26 Tracker/Ads 27 8961 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 1 diff --git a/tests/cfgs/default/result/riot.pcapng.out b/tests/cfgs/default/result/riot.pcapng.out index bdf99330c0c..45e4e8e8896 100644 --- a/tests/cfgs/default/result/riot.pcapng.out +++ b/tests/cfgs/default/result/riot.pcapng.out @@ -29,8 +29,8 @@ RiotGames 4 4338 1 Safe 3 4242 1 Fun 4 4338 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 TCP 35.234.85.218:443 -> 192.168.26.22:51949 [proto: 91.302/TLS.RiotGames][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 4][cat: Game/8][4 pkts/4338 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.00 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: embed.rgpub.io,sites.rgpub.io,*.embed.rgpub.io,*.sites.rgpub.io][JA3S: 827b71c134bd28975c2d605a06ef00ef][Issuer: C=US, O=IdenTrust, OU=HydrantID Trusted Certificate Service, CN=HydrantID Server CA O1][Subject: CN=embed.rgpub.io, O=Riot Games Inc, L=Los Angeles, ST=California, C=US][Certificate SHA-1: CE:85:16:DF:E3:42:05:16:39:97:1F:6B:7A:53:22:22:C8:DD:66:44][Validity: 2022-12-08 19:52:14 - 2024-01-07 19:51:14][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/roblox.pcapng.out b/tests/cfgs/default/result/roblox.pcapng.out index 6da1e15b1ca..eeb9aaab013 100644 --- a/tests/cfgs/default/result/roblox.pcapng.out +++ b/tests/cfgs/default/result/roblox.pcapng.out @@ -26,8 +26,8 @@ Roblox 34 12002 1 Fun 78 33909 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.156 1 diff --git a/tests/cfgs/default/result/safari.pcap.out b/tests/cfgs/default/result/safari.pcap.out index c18fd5c4231..e093af6509b 100644 --- a/tests/cfgs/default/result/safari.pcap.out +++ b/tests/cfgs/default/result/safari.pcap.out @@ -24,8 +24,8 @@ TLS 168 83390 7 Safe 168 83390 7 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.178 2 diff --git a/tests/cfgs/default/result/salesforce.pcap.out b/tests/cfgs/default/result/salesforce.pcap.out index bb84ff02b8e..4e1e9061c6f 100644 --- a/tests/cfgs/default/result/salesforce.pcap.out +++ b/tests/cfgs/default/result/salesforce.pcap.out @@ -24,8 +24,8 @@ Salesforce 15 5205 1 Safe 15 5205 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.178 1 diff --git a/tests/cfgs/default/result/selfsigned.pcap.out b/tests/cfgs/default/result/selfsigned.pcap.out index 9ec986cba75..372f3df4838 100644 --- a/tests/cfgs/default/result/selfsigned.pcap.out +++ b/tests/cfgs/default/result/selfsigned.pcap.out @@ -24,8 +24,8 @@ ntop 20 3766 1 Safe 20 3766 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 127.0.0.1 1 diff --git a/tests/cfgs/default/result/signal.pcap.out b/tests/cfgs/default/result/signal.pcap.out index 153361a61e0..4e430eb008a 100644 --- a/tests/cfgs/default/result/signal.pcap.out +++ b/tests/cfgs/default/result/signal.pcap.out @@ -33,8 +33,8 @@ Safe 28 2022 3 Acceptable 7 1624 3 Fun 602 312122 13 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.2.17 3 diff --git a/tests/cfgs/default/result/simple-dnscrypt.pcap.out b/tests/cfgs/default/result/simple-dnscrypt.pcap.out index 64928f17352..87d22057f6f 100644 --- a/tests/cfgs/default/result/simple-dnscrypt.pcap.out +++ b/tests/cfgs/default/result/simple-dnscrypt.pcap.out @@ -25,8 +25,8 @@ DNScrypt 111 44676 4 Acceptable 111 44676 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.43.167 2 diff --git a/tests/cfgs/default/result/sites.pcapng.out b/tests/cfgs/default/result/sites.pcapng.out index 690e6c02ecd..8edca3c28a4 100644 --- a/tests/cfgs/default/result/sites.pcapng.out +++ b/tests/cfgs/default/result/sites.pcapng.out @@ -78,8 +78,8 @@ Acceptable 218 123356 24 Fun 371 199377 30 Potentially Dangerous 4 2225 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 5 2 192.168.12.169 2 3 192.168.1.245 2 diff --git a/tests/cfgs/default/result/sites2.pcapng.out b/tests/cfgs/default/result/sites2.pcapng.out index cd11107b7df..95b8978f2f9 100644 --- a/tests/cfgs/default/result/sites2.pcapng.out +++ b/tests/cfgs/default/result/sites2.pcapng.out @@ -29,9 +29,9 @@ YandexAlice 10 882 1 Acceptable 58 20370 4 Fun 4 797 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.12.67 3 +JA Host Stats: + IP Address # JA4C + 1 192.168.12.67 4 1 TCP 192.168.12.67:47694 <-> 20.15.0.9:443 [proto: 91.435/TLS.Temu][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Shopping/27][10 pkts/1963 bytes <-> 10 pkts/5360 bytes][Goodput ratio: 71/90][0.54 sec][Hostname/SNI: gtm.temu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.464 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 61/49 282/342 86/112][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 196/536 571/1514 206/532][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA3C: 92768199641a57091d8ad9085387a16f][JA4: t13d1712h2_5b57614c22b0_3f5d972527c0][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,0,0,0,25,0,0,0,0,0,0,16,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0] diff --git a/tests/cfgs/default/result/smtp-starttls.pcap.out b/tests/cfgs/default/result/smtp-starttls.pcap.out index 10dbca7ed98..9017478947a 100644 --- a/tests/cfgs/default/result/smtp-starttls.pcap.out +++ b/tests/cfgs/default/result/smtp-starttls.pcap.out @@ -26,8 +26,8 @@ Google 36 8403 1 Safe 33 6429 1 Acceptable 36 8403 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.0.1 1 2 2003:de:2016:125:fc36:8317:4e86:cb72 1 diff --git a/tests/cfgs/default/result/smtps.pcapng.out b/tests/cfgs/default/result/smtps.pcapng.out index 33a5bb51fb6..14c3d3d7b17 100644 --- a/tests/cfgs/default/result/smtps.pcapng.out +++ b/tests/cfgs/default/result/smtps.pcapng.out @@ -24,8 +24,8 @@ SMTPS 4 936 1 Safe 4 936 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 62.43.36.99 1 diff --git a/tests/cfgs/default/result/snapchat.pcap.out b/tests/cfgs/default/result/snapchat.pcap.out index 2cc7017b152..ae351b95839 100644 --- a/tests/cfgs/default/result/snapchat.pcap.out +++ b/tests/cfgs/default/result/snapchat.pcap.out @@ -26,8 +26,8 @@ Snapchat 34 7320 2 Safe 22 2879 1 Fun 34 7320 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.8.0.1 2 diff --git a/tests/cfgs/default/result/snapchat_call_v1.pcapng.out b/tests/cfgs/default/result/snapchat_call_v1.pcapng.out index 1f62bb337e8..fd4ef486a5c 100644 --- a/tests/cfgs/default/result/snapchat_call_v1.pcapng.out +++ b/tests/cfgs/default/result/snapchat_call_v1.pcapng.out @@ -24,8 +24,8 @@ SnapchatCall 477 365314 1 Acceptable 477 365314 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.169 1 diff --git a/tests/cfgs/default/result/sonos.pcapng.out b/tests/cfgs/default/result/sonos.pcapng.out index 78e61f50cbe..63cb7282434 100644 --- a/tests/cfgs/default/result/sonos.pcapng.out +++ b/tests/cfgs/default/result/sonos.pcapng.out @@ -25,8 +25,8 @@ Sonos 61 29332 2 Fun 61 29332 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.29 1 diff --git a/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out b/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out index cc9150dbd04..6eda72d077f 100644 --- a/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out +++ b/tests/cfgs/default/result/ssl-cert-name-mismatch.pcap.out @@ -24,8 +24,8 @@ TLS 21 5412 1 Safe 21 5412 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.2.222 1 diff --git a/tests/cfgs/default/result/steam.pcapng.out b/tests/cfgs/default/result/steam.pcapng.out index 187a1b9a05c..c41c6fb7278 100644 --- a/tests/cfgs/default/result/steam.pcapng.out +++ b/tests/cfgs/default/result/steam.pcapng.out @@ -27,9 +27,9 @@ Dota2 10 2545 1 Fun 48 12726 7 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.88.231 2 +JA Host Stats: + IP Address # JA4C + 1 192.168.88.231 3 2 162.254.198.46 1 diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out index 49e86d06dfd..351036b9536 100644 --- a/tests/cfgs/default/result/stun.pcap.out +++ b/tests/cfgs/default/result/stun.pcap.out @@ -32,8 +32,8 @@ GoogleCall 41 7228 2 Safe 4 766 1 Acceptable 197 28062 8 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.169 1 2 192.168.43.169 1 diff --git a/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out b/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out index 9e361c4c4d9..6cd28722e76 100644 --- a/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out +++ b/tests/cfgs/default/result/stun_dtls_rtp.pcapng.out @@ -25,8 +25,8 @@ GoogleCall 102 26347 2 Acceptable 102 26347 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.156 1 diff --git a/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out b/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out index bd64d827d71..23b1912cf5d 100644 --- a/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out +++ b/tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out @@ -24,8 +24,8 @@ DTLS 6 1708 1 Safe 6 1708 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 26.83.9.81 1 diff --git a/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out b/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out index db228a8b7c5..b672f2578fc 100644 --- a/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out +++ b/tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out @@ -24,8 +24,8 @@ DTLS 6 1563 1 Safe 6 1563 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 UDP 33.35.223.103:540 -> 26.83.9.81:57567 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/1563 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][1.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/0 299/0 116/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/0 260/0 958/0 312/0][Mapped IP/Port: 5.36.191.232:57567][Risk: ** Self-signed Cert **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / CN=LiveFoundry Inc.][DTLSv1.0][JA3S: 1974c5c625e99dc22d0477079a54aed3][Issuer: CN=LiveFoundry Inc.][Subject: CN=LiveFoundry Inc.][Certificate SHA-1: 23:F4:E7:42:93:22:91:BB:A3:54:70:97:94:2A:DE:AF:26:61:18:98][Validity: 2015-08-27 09:07:05 - 2016-08-27 09:07:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (LiveFoundry Inc.0)][Plen Bins: 0,0,67,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_google_meet.pcapng.out b/tests/cfgs/default/result/stun_google_meet.pcapng.out index 0e40a3ea31f..6a7964de924 100644 --- a/tests/cfgs/default/result/stun_google_meet.pcapng.out +++ b/tests/cfgs/default/result/stun_google_meet.pcapng.out @@ -25,8 +25,8 @@ GoogleCall 362 74597 7 Acceptable 362 74597 7 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:b07:a3d:c112:48a1:1094:1227:281e 1 2 192.168.12.156 1 diff --git a/tests/cfgs/default/result/stun_zoom.pcapng.out b/tests/cfgs/default/result/stun_zoom.pcapng.out index e2d990dcc58..12f755781fe 100644 --- a/tests/cfgs/default/result/stun_zoom.pcapng.out +++ b/tests/cfgs/default/result/stun_zoom.pcapng.out @@ -26,8 +26,8 @@ Zoom 30 8381 1 Safe 40 9877 1 Acceptable 30 8381 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.43.169 1 diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index 4b74a78020a..0e696e66646 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -49,9 +49,9 @@ Acceptable 431 155530 37 Fun 1 82 1 Unrated 4 456 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.1.6 6 +JA Host Stats: + IP Address # JA4C + 1 192.168.1.6 7 1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] diff --git a/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out b/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out index 9fbcecf14e1..1528dbb62d3 100644 --- a/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out +++ b/tests/cfgs/default/result/tls-esni-fuzzed.pcap.out @@ -24,8 +24,8 @@ TLS 3 2310 3 Safe 3 2310 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.12 1 diff --git a/tests/cfgs/default/result/tls-rdn-extract.pcap.out b/tests/cfgs/default/result/tls-rdn-extract.pcap.out index 36fb5552622..689e8d070ec 100644 --- a/tests/cfgs/default/result/tls-rdn-extract.pcap.out +++ b/tests/cfgs/default/result/tls-rdn-extract.pcap.out @@ -24,8 +24,8 @@ Microsoft 6 7205 1 Safe 6 7205 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.0.1 1 diff --git a/tests/cfgs/default/result/tls_1.2_unidirectional_client.pcapng.out b/tests/cfgs/default/result/tls_1.2_unidirectional_client.pcapng.out index 065c5e163c0..bb93d2bb69d 100644 --- a/tests/cfgs/default/result/tls_1.2_unidirectional_client.pcapng.out +++ b/tests/cfgs/default/result/tls_1.2_unidirectional_client.pcapng.out @@ -24,8 +24,8 @@ GoogleServices 17 3004 1 Acceptable 17 3004 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.156 1 diff --git a/tests/cfgs/default/result/tls_1.2_unidirectional_client_no_cert.pcapng.out b/tests/cfgs/default/result/tls_1.2_unidirectional_client_no_cert.pcapng.out index 791bb331e2f..5d1bce83119 100644 --- a/tests/cfgs/default/result/tls_1.2_unidirectional_client_no_cert.pcapng.out +++ b/tests/cfgs/default/result/tls_1.2_unidirectional_client_no_cert.pcapng.out @@ -24,8 +24,8 @@ TLS 10 1549 1 Safe 10 1549 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.156 1 diff --git a/tests/cfgs/default/result/tls_1.2_unidirectional_server.pcapng.out b/tests/cfgs/default/result/tls_1.2_unidirectional_server.pcapng.out index a45a479a3ed..2b19432526f 100644 --- a/tests/cfgs/default/result/tls_1.2_unidirectional_server.pcapng.out +++ b/tests/cfgs/default/result/tls_1.2_unidirectional_server.pcapng.out @@ -24,8 +24,8 @@ YouTubeUpload 18 7218 1 Fun 18 7218 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 TCP 216.58.209.42:443 -> 192.168.12.156:43854 [proto: 91.136/TLS.YouTubeUpload][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 15][cat: Media/1][18 pkts/7218 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][0.43 sec][(Negotiated) ALPN: h2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/0 233/0 57/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 401/0 1484/0 503/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.youtube-3rd-party.com,upload.google.com,*.upload.google.com,upload.youtube.com,*.upload.youtube.com,uploads.stage.gdata.youtube.com,bg-call-donation.goog,bg-call-donation-alpha.goog,bg-call-donation-canary.goog,bg-call-donation-dev.goog][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1C3][Subject: CN=upload.video.google.com][Certificate SHA-1: A9:8F:37:B3:54:4F:D0:01:B7:8D:0F:88:21:37:4A:EB:F7:E3:D3:F2][Validity: 2022-06-06 09:17:59 - 2022-08-29 09:17:58][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,0,8,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] diff --git a/tests/cfgs/default/result/tls_1.2_unidirectional_server_no_cert.pcapng.out b/tests/cfgs/default/result/tls_1.2_unidirectional_server_no_cert.pcapng.out index 122eaac7296..32673e02ab5 100644 --- a/tests/cfgs/default/result/tls_1.2_unidirectional_server_no_cert.pcapng.out +++ b/tests/cfgs/default/result/tls_1.2_unidirectional_server_no_cert.pcapng.out @@ -24,8 +24,8 @@ TLS 10 1978 1 Safe 10 1978 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 TCP 172.67.21.133:443 -> 192.168.12.156:39958 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 10][cat: Web/5][10 pkts/1978 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][0.30 sec][(Negotiated) ALPN: http/1.1][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/0 88/0 32/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 198/0 1284/0 365/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,33,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls_1.3_unidirectional_client.pcapng.out b/tests/cfgs/default/result/tls_1.3_unidirectional_client.pcapng.out index 07750aa7375..a1125335933 100644 --- a/tests/cfgs/default/result/tls_1.3_unidirectional_client.pcapng.out +++ b/tests/cfgs/default/result/tls_1.3_unidirectional_client.pcapng.out @@ -24,8 +24,8 @@ Google 9 1488 1 Acceptable 9 1488 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.156 1 diff --git a/tests/cfgs/default/result/tls_1.3_unidirectional_server.pcapng.out b/tests/cfgs/default/result/tls_1.3_unidirectional_server.pcapng.out index 3607d5461d4..ba60b0bedff 100644 --- a/tests/cfgs/default/result/tls_1.3_unidirectional_server.pcapng.out +++ b/tests/cfgs/default/result/tls_1.3_unidirectional_server.pcapng.out @@ -24,8 +24,8 @@ TLS 9 1651 1 Safe 9 1651 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 TCP 142.250.184.68:443 -> 192.168.12.156:39750 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 9][cat: Web/5][9 pkts/1651 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/0 20/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 183/0 921/0 270/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.3][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tls_2_reasms.pcapng.out b/tests/cfgs/default/result/tls_2_reasms.pcapng.out index 3d3bd303efb..69ae727a0ba 100644 --- a/tests/cfgs/default/result/tls_2_reasms.pcapng.out +++ b/tests/cfgs/default/result/tls_2_reasms.pcapng.out @@ -24,8 +24,8 @@ Instagram 14 6907 1 Fun 14 6907 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.91.186.174 1 diff --git a/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out b/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out index 7d292816c21..71763fd7b0e 100644 --- a/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out +++ b/tests/cfgs/default/result/tls_2_reasms_b.pcapng.out @@ -24,8 +24,8 @@ FbookReelStory 15 13455 1 Fun 15 13455 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 88.14.137.195 1 diff --git a/tests/cfgs/default/result/tls_alert.pcap.out b/tests/cfgs/default/result/tls_alert.pcap.out index c8c9d73ae28..5054e62bdfc 100644 --- a/tests/cfgs/default/result/tls_alert.pcap.out +++ b/tests/cfgs/default/result/tls_alert.pcap.out @@ -26,8 +26,8 @@ Google 11 952 1 Safe 7 533 1 Acceptable 11 952 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.192 1 diff --git a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out index 04ebd5d3204..4c3d4b4630b 100644 --- a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out +++ b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out @@ -40,8 +40,8 @@ Safe 259 102331 20 Acceptable 43 5081 14 Unrated 13 5582 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.121 1 diff --git a/tests/cfgs/default/result/tls_cipher_lens.pcap.out b/tests/cfgs/default/result/tls_cipher_lens.pcap.out index 01518c88426..5dbef2fad9d 100644 --- a/tests/cfgs/default/result/tls_cipher_lens.pcap.out +++ b/tests/cfgs/default/result/tls_cipher_lens.pcap.out @@ -26,8 +26,8 @@ Google 1 233 1 Safe 4 932 4 Acceptable 1 233 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.11.11 2 diff --git a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out index f7eb814a698..d76567f6782 100644 --- a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out @@ -26,8 +26,8 @@ AnyDesk 9 3433 1 Safe 8 2093 1 Acceptable 9 3433 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 1 2 195.181.174.176 1 diff --git a/tests/cfgs/default/result/tls_ech.pcapng.out b/tests/cfgs/default/result/tls_ech.pcapng.out index 363dbee68ab..e4ee9f82090 100644 --- a/tests/cfgs/default/result/tls_ech.pcapng.out +++ b/tests/cfgs/default/result/tls_ech.pcapng.out @@ -24,8 +24,8 @@ Cloudflare 10 4226 1 Acceptable 10 4226 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:b07:a3d:c112:ce16:b409:3d0a:9177 1 diff --git a/tests/cfgs/default/result/tls_esni_sni_both.pcap.out b/tests/cfgs/default/result/tls_esni_sni_both.pcap.out index 719124c6ac9..62710e7d66c 100644 --- a/tests/cfgs/default/result/tls_esni_sni_both.pcap.out +++ b/tests/cfgs/default/result/tls_esni_sni_both.pcap.out @@ -24,8 +24,8 @@ TLS 38 15899 2 Safe 38 15899 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.21 1 diff --git a/tests/cfgs/default/result/tls_heur__shadowsocks-tcp.pcapng.out b/tests/cfgs/default/result/tls_heur__shadowsocks-tcp.pcapng.out index 012e64029e2..d2dc2d4357e 100644 --- a/tests/cfgs/default/result/tls_heur__shadowsocks-tcp.pcapng.out +++ b/tests/cfgs/default/result/tls_heur__shadowsocks-tcp.pcapng.out @@ -30,8 +30,8 @@ Acceptable 30 21330 1 Fun 45 36920 2 Unrated 25 22923 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:b07:a3d:c112:8628:88aa:8b00:913c 1 diff --git a/tests/cfgs/default/result/tls_heur__trojan-tcp-tls.pcapng.out b/tests/cfgs/default/result/tls_heur__trojan-tcp-tls.pcapng.out index ef62fc3253a..aeaa2c0c1ca 100644 --- a/tests/cfgs/default/result/tls_heur__trojan-tcp-tls.pcapng.out +++ b/tests/cfgs/default/result/tls_heur__trojan-tcp-tls.pcapng.out @@ -30,8 +30,8 @@ Safe 25 11617 1 Acceptable 35 10659 5 Fun 40 17498 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 127.0.0.1 1 2 192.168.1.183 1 diff --git a/tests/cfgs/default/result/tls_heur__vmess-tcp-tls.pcapng.out b/tests/cfgs/default/result/tls_heur__vmess-tcp-tls.pcapng.out index 16e2eff208f..c5864593606 100644 --- a/tests/cfgs/default/result/tls_heur__vmess-tcp-tls.pcapng.out +++ b/tests/cfgs/default/result/tls_heur__vmess-tcp-tls.pcapng.out @@ -30,8 +30,8 @@ Safe 30 14152 1 Acceptable 36 10726 5 Fun 34 22317 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 127.0.0.1 1 2 192.168.1.183 1 diff --git a/tests/cfgs/default/result/tls_heur__vmess-tcp.pcapng.out b/tests/cfgs/default/result/tls_heur__vmess-tcp.pcapng.out index cf3ce4fce80..ad2841b7320 100644 --- a/tests/cfgs/default/result/tls_heur__vmess-tcp.pcapng.out +++ b/tests/cfgs/default/result/tls_heur__vmess-tcp.pcapng.out @@ -30,8 +30,8 @@ Acceptable 30 21345 1 Fun 41 25855 2 Unrated 29 22543 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:b07:a3d:c112:8628:88aa:8b00:913c 1 diff --git a/tests/cfgs/default/result/tls_heur__vmess-websocket.pcapng.out b/tests/cfgs/default/result/tls_heur__vmess-websocket.pcapng.out index 5d7be384619..1634e2e1c3b 100644 --- a/tests/cfgs/default/result/tls_heur__vmess-websocket.pcapng.out +++ b/tests/cfgs/default/result/tls_heur__vmess-websocket.pcapng.out @@ -28,8 +28,8 @@ SOCKS 33 21475 1 Acceptable 68 44387 2 Fun 32 24681 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.183 1 diff --git a/tests/cfgs/default/result/tls_invalid_reads.pcap.out b/tests/cfgs/default/result/tls_invalid_reads.pcap.out index 27cc51de456..b9321e9e10c 100644 --- a/tests/cfgs/default/result/tls_invalid_reads.pcap.out +++ b/tests/cfgs/default/result/tls_invalid_reads.pcap.out @@ -29,8 +29,8 @@ Crashlytics 3 560 1 Safe 8 1891 2 Acceptable 3 560 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.191.139.17 1 diff --git a/tests/cfgs/default/result/tls_long_cert.pcap.out b/tests/cfgs/default/result/tls_long_cert.pcap.out index 02a61e2cb6c..e9c2465c962 100644 --- a/tests/cfgs/default/result/tls_long_cert.pcap.out +++ b/tests/cfgs/default/result/tls_long_cert.pcap.out @@ -24,8 +24,8 @@ TLS 182 117601 1 Safe 182 117601 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.2.126 1 diff --git a/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out b/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out index 3b698a29b84..9305a9110c3 100644 --- a/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out +++ b/tests/cfgs/default/result/tls_malicious_sha1.pcapng.out @@ -24,8 +24,8 @@ TLS 22 7204 1 Safe 22 7204 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:b07:a3d:c112:9726:f643:a838:b0c4 1 diff --git a/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out b/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out index 1f178f9e808..cc8914220f0 100644 --- a/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out +++ b/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out @@ -24,8 +24,8 @@ TLS 14 10082 1 Safe 14 10082 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 TCP 10.10.10.1:443 <-> 192.168.0.1:33063 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Web/5][6 pkts/6525 bytes <-> 8 pkts/3557 bytes][Goodput ratio: 94/85][0.38 sec][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/13 161/59 70/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1088/445 2023/1090 747/434][TLSv1.3][JA3S: 907bf3ecef1c987c889946b737b43de8][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,33,0,0,0,11] diff --git a/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out b/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out index c3a8aa62326..600500fcebf 100644 --- a/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out +++ b/tests/cfgs/default/result/tls_multiple_synack_different_seq.pcapng.out @@ -24,8 +24,8 @@ AmazonAWS 10 6532 1 Acceptable 10 6532 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.10.10.1 1 diff --git a/tests/cfgs/default/result/tls_port_80.pcapng.out b/tests/cfgs/default/result/tls_port_80.pcapng.out index f8405033b9f..fe8f498b88c 100644 --- a/tests/cfgs/default/result/tls_port_80.pcapng.out +++ b/tests/cfgs/default/result/tls_port_80.pcapng.out @@ -24,8 +24,8 @@ TLS 13 2439 1 Safe 13 2439 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 57.91.202.194 1 diff --git a/tests/cfgs/default/result/tls_torrent.pcapng.out b/tests/cfgs/default/result/tls_torrent.pcapng.out index 7cf105575bf..fef0ad395c0 100644 --- a/tests/cfgs/default/result/tls_torrent.pcapng.out +++ b/tests/cfgs/default/result/tls_torrent.pcapng.out @@ -24,8 +24,8 @@ BitTorrent 7 6308 1 Acceptable 7 6308 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.10.10.1 1 diff --git a/tests/cfgs/default/result/tls_verylong_certificate.pcap.out b/tests/cfgs/default/result/tls_verylong_certificate.pcap.out index feee665032f..a8b7fc1410c 100644 --- a/tests/cfgs/default/result/tls_verylong_certificate.pcap.out +++ b/tests/cfgs/default/result/tls_verylong_certificate.pcap.out @@ -24,8 +24,8 @@ Cybersec 48 22229 1 Safe 48 22229 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.160 1 diff --git a/tests/cfgs/default/result/tls_with_huge_ch.pcapng.out b/tests/cfgs/default/result/tls_with_huge_ch.pcapng.out index 9149d793b04..0fb72d249f0 100644 --- a/tests/cfgs/default/result/tls_with_huge_ch.pcapng.out +++ b/tests/cfgs/default/result/tls_with_huge_ch.pcapng.out @@ -24,8 +24,8 @@ TLS 428 119100 1 Safe 428 119100 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 172.30.84.193 1 diff --git a/tests/cfgs/default/result/tor.pcap.out b/tests/cfgs/default/result/tor.pcap.out index 390789fb52e..ac72bf03bf8 100644 --- a/tests/cfgs/default/result/tor.pcap.out +++ b/tests/cfgs/default/result/tor.pcap.out @@ -35,8 +35,8 @@ Acceptable 16 2766 2 Potentially Dangerous 112 39736 3 Dangerous 1 252 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.252 1 diff --git a/tests/cfgs/default/result/tumblr.pcap.out b/tests/cfgs/default/result/tumblr.pcap.out index 064d567ab56..813aa636c08 100644 --- a/tests/cfgs/default/result/tumblr.pcap.out +++ b/tests/cfgs/default/result/tumblr.pcap.out @@ -35,8 +35,8 @@ Acceptable 170 130417 2 Fun 84 38260 2 Tracker/Ads 54 17122 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 2 diff --git a/tests/cfgs/default/result/tunnelbear.pcap.out b/tests/cfgs/default/result/tunnelbear.pcap.out index eca911ce9ef..e2019542a13 100644 --- a/tests/cfgs/default/result/tunnelbear.pcap.out +++ b/tests/cfgs/default/result/tunnelbear.pcap.out @@ -35,9 +35,9 @@ Safe 24 9110 1 Acceptable 375 94996 19 Tracker/Ads 34 13737 2 -JA3 Host Stats: - IP Address # JA3C - 1 10.8.0.1 6 +JA Host Stats: + IP Address # JA4C + 1 10.8.0.1 5 2 10.158.132.91 1 diff --git a/tests/cfgs/default/result/ultrasurf.pcap.out b/tests/cfgs/default/result/ultrasurf.pcap.out index fd9d4f4b5d8..cc17411d646 100644 --- a/tests/cfgs/default/result/ultrasurf.pcap.out +++ b/tests/cfgs/default/result/ultrasurf.pcap.out @@ -26,8 +26,8 @@ UltraSurf 100 120543 1 Safe 233 106228 2 Acceptable 100 120543 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.132.0.23 1 diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index 1dd51cd524f..fa525497421 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -42,9 +42,9 @@ Acceptable 61 15685 10 Fun 297 105785 13 Tracker/Ads 2 377 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.0.17 2 +JA Host Stats: + IP Address # JA4C + 1 192.168.0.17 3 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/TLS.Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 144/Viber, Confidence: DNS][DPI packets: 8][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][Goodput ratio: 38/95][5.64 sec][Hostname/SNI: dl-media.viber.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 162/2 5370/40 907/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1306 774/1514 151/466][TCP Fingerprint: 2_64_65535_2e3cee914fc1/Unknown][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][JA4: t12d1409h2_c866b44c5a26_e08eabe7240f][ServerNames: *.viber.com,viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com][Certificate SHA-1: E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A][Firefox][Validity: 2016-06-26 00:00:00 - 2018-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,4,0,2,0,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0] diff --git a/tests/cfgs/default/result/vk.pcapng.out b/tests/cfgs/default/result/vk.pcapng.out index 7ad194fb9a2..2692d3526b7 100644 --- a/tests/cfgs/default/result/vk.pcapng.out +++ b/tests/cfgs/default/result/vk.pcapng.out @@ -26,8 +26,8 @@ TLS 827 116853 6 Safe 827 116853 6 Fun 82 10228 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.249 1 diff --git a/tests/cfgs/default/result/vxlan.pcap.out b/tests/cfgs/default/result/vxlan.pcap.out index 93d458365a8..0030a9aeffc 100644 --- a/tests/cfgs/default/result/vxlan.pcap.out +++ b/tests/cfgs/default/result/vxlan.pcap.out @@ -25,8 +25,8 @@ Facebook 127 85322 4 Fun 127 85322 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.10.20.4 1 diff --git a/tests/cfgs/default/result/wa_voice.pcap.out b/tests/cfgs/default/result/wa_voice.pcap.out index c6e19311b0a..e38c47f4209 100644 --- a/tests/cfgs/default/result/wa_voice.pcap.out +++ b/tests/cfgs/default/result/wa_voice.pcap.out @@ -43,8 +43,8 @@ Acceptable 722 169382 25 Fun 2 172 1 Unrated 2 120 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.2.12 2 diff --git a/tests/cfgs/default/result/waze.pcap.out b/tests/cfgs/default/result/waze.pcap.out index 041229edec9..d5cedd4ee94 100644 --- a/tests/cfgs/default/result/waze.pcap.out +++ b/tests/cfgs/default/result/waze.pcap.out @@ -36,8 +36,8 @@ Safe 21 2574 3 Acceptable 566 355633 29 Unrated 10 786 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.8.0.1 2 diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 2ad61aa1cda..71a7356a076 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -34,8 +34,8 @@ Webex 790 500686 30 Safe 259 29507 23 Acceptable 851 525599 34 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.8.0.1 6 diff --git a/tests/cfgs/default/result/wechat.pcap.out b/tests/cfgs/default/result/wechat.pcap.out index 5134642204c..6298a18748f 100644 --- a/tests/cfgs/default/result/wechat.pcap.out +++ b/tests/cfgs/default/result/wechat.pcap.out @@ -47,8 +47,8 @@ Acceptable 349 47161 46 Fun 1015 530189 34 Dangerous 3 751 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.103 3 diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index bb0a5293771..033717ba32e 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -37,8 +37,8 @@ Safe 23 1578 15 Acceptable 45 6147 11 Fun 430 259830 18 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.105 1 diff --git a/tests/cfgs/default/result/whatsapp_login_call.pcap.out b/tests/cfgs/default/result/whatsapp_login_call.pcap.out index c093829a6a4..2e68b915474 100644 --- a/tests/cfgs/default/result/whatsapp_login_call.pcap.out +++ b/tests/cfgs/default/result/whatsapp_login_call.pcap.out @@ -44,8 +44,8 @@ Safe 198 50852 23 Acceptable 1050 141996 33 Fun 3 258 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.2.4 1 diff --git a/tests/cfgs/default/result/whatsappfiles.pcap.out b/tests/cfgs/default/result/whatsappfiles.pcap.out index 77b9d1de574..fa43e3649e7 100644 --- a/tests/cfgs/default/result/whatsappfiles.pcap.out +++ b/tests/cfgs/default/result/whatsappfiles.pcap.out @@ -24,8 +24,8 @@ WhatsAppFiles 620 452233 2 Acceptable 620 452233 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.2.29 2 diff --git a/tests/cfgs/default/result/whois.pcapng.out b/tests/cfgs/default/result/whois.pcapng.out index 1f63f6c98c7..2df76cafe6a 100644 --- a/tests/cfgs/default/result/whois.pcapng.out +++ b/tests/cfgs/default/result/whois.pcapng.out @@ -29,8 +29,8 @@ Whois-DAS 16 4294 2 Safe 7 2046 1 Acceptable 16 4294 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.17.34.139 1 diff --git a/tests/cfgs/default/result/windscribe.pcapng.out b/tests/cfgs/default/result/windscribe.pcapng.out index 9913f03b3eb..b0386931703 100644 --- a/tests/cfgs/default/result/windscribe.pcapng.out +++ b/tests/cfgs/default/result/windscribe.pcapng.out @@ -24,8 +24,8 @@ Windscribe 24 9582 1 Acceptable 24 9582 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.156 1 diff --git a/tests/cfgs/default/result/yandex.pcapng.out b/tests/cfgs/default/result/yandex.pcapng.out index b2114851bb4..8e58b387a2a 100644 --- a/tests/cfgs/default/result/yandex.pcapng.out +++ b/tests/cfgs/default/result/yandex.pcapng.out @@ -33,8 +33,8 @@ Safe 94 40622 7 Fun 18 8243 1 Tracker/Ads 18 8718 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.249 1 diff --git a/tests/cfgs/default/result/youtubeupload.pcap.out b/tests/cfgs/default/result/youtubeupload.pcap.out index 6beac9cd737..6aae48a3fff 100644 --- a/tests/cfgs/default/result/youtubeupload.pcap.out +++ b/tests/cfgs/default/result/youtubeupload.pcap.out @@ -25,8 +25,8 @@ YouTubeUpload 137 127038 3 Fun 137 127038 3 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.2.27 1 diff --git a/tests/cfgs/default/result/zattoo.pcap.out b/tests/cfgs/default/result/zattoo.pcap.out index 77d3dd37cf7..3a3612b8152 100644 --- a/tests/cfgs/default/result/zattoo.pcap.out +++ b/tests/cfgs/default/result/zattoo.pcap.out @@ -24,8 +24,8 @@ Zattoo 32 13467 2 Fun 32 13467 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.101.0.2 1 diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out index e9f0677beb1..4e9ea2160af 100644 --- a/tests/cfgs/default/result/zoom.pcap.out +++ b/tests/cfgs/default/result/zoom.pcap.out @@ -43,8 +43,8 @@ Safe 40 11444 4 Acceptable 737 370956 29 Fun 1 86 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.117 4 diff --git a/tests/cfgs/default/result/zoom2.pcap.out b/tests/cfgs/default/result/zoom2.pcap.out index 984200f0b95..0df2754208a 100644 --- a/tests/cfgs/default/result/zoom2.pcap.out +++ b/tests/cfgs/default/result/zoom2.pcap.out @@ -25,8 +25,8 @@ Zoom 342 112658 4 Acceptable 342 112658 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.178 1 diff --git a/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out b/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out index 6b09ebe6111..6d53a6a0157 100644 --- a/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out +++ b/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out @@ -28,8 +28,8 @@ Ookla 84 15245 5 Safe 113 38411 6 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 2 diff --git a/tests/cfgs/disable_protocols/result/pluralsight.pcap.out b/tests/cfgs/disable_protocols/result/pluralsight.pcap.out index 4c71989528e..0d4948d0b95 100644 --- a/tests/cfgs/disable_protocols/result/pluralsight.pcap.out +++ b/tests/cfgs/disable_protocols/result/pluralsight.pcap.out @@ -24,8 +24,8 @@ TLS 44 29652 6 Safe 44 29652 6 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.128 1 diff --git a/tests/cfgs/disable_use_client_port/result/iphone.pcap.out b/tests/cfgs/disable_use_client_port/result/iphone.pcap.out index 293082ec1ac..f63bd80317f 100644 --- a/tests/cfgs/disable_use_client_port/result/iphone.pcap.out +++ b/tests/cfgs/disable_use_client_port/result/iphone.pcap.out @@ -41,9 +41,9 @@ Acceptable 258 140066 24 Fun 76 25323 9 Unrated 2 120 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.2.17 2 +JA Host Stats: + IP Address # JA4C + 1 192.168.2.17 3 1 TCP 192.168.2.17:50581 <-> 17.248.185.87:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 9][cat: Web/5][56 pkts/68759 bytes <-> 21 pkts/9571 bytes][Goodput ratio: 95/85][2.03 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/111 655/803 103/219][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1228/456 1506/1506 541/618][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F][Safari][Validity: 2019-12-09 19:35:05 - 2021-01-07 19:45:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,90,0,0] diff --git a/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out b/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out index f2b636450d8..66da210325c 100644 --- a/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out +++ b/tests/cfgs/enable_doh_heuristic/result/doh.pcapng.out @@ -24,8 +24,8 @@ TLS 120 14592 1 Safe 120 14592 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.253 1 diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out index bd85fa81cf7..78275d6745d 100644 --- a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out +++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out @@ -79,8 +79,8 @@ Payload Analysis [......] [2E 2E 2E 2E 2E 2E] [len: 6][num_occurrencies: 126][flowId: 0 9 10 12 13 15 17 18 19 23 25 32 33 38 42 46 47 51 52 61 62 63 66 67 68 71 72 75 77 79 80 81 84 89 90 91 94 95 96 97 98 99 101 102 103 107 110 111 113 114 117 119 120 121 122 123 124 125 126 127 128][packetIds: 1 2 14 15 17 18 19 20 29 30 35 36 39 40 41 42 43 44 48 49 52 53 54 55 69 70 84 85 198 199 387 388 472 473 507 539 554 555 563 564 591 592 594 595 642 643 645 646 648 651 654 657 658 662 665 666 667 670 671 672 673 682 684 686 687 688 690 691 696 703 730 731 733 734 740 743 755 756 761 774 775 777 778 780 781 787 788 798 799 800 801 803 820 822 827 828 829 830 831 858 901 902 903 904 930 931 932 985 986 991 994 995 996 1008 1009 1011 1012 1015 1016 1017 1018 1021 1023 1024 1025 1026] [.......] [2E 2E 2E 2E 2E 2E 2E] [len: 7][num_occurrencies: 126][flowId: 0 9 10 12 13 15 17 18 19 23 25 32 33 38 42 46 47 51 52 61 62 63 66 67 68 71 72 75 77 79 80 81 84 89 90 91 94 95 96 97 98 99 101 102 103 107 110 111 113 114 117 119 120 121 122 123 124 125 126 127 128][packetIds: 1 2 14 15 17 18 19 20 29 30 35 36 39 40 41 42 43 44 48 49 52 53 54 55 69 70 84 85 198 199 387 388 472 473 507 539 554 555 563 564 591 592 594 595 642 643 645 646 648 651 654 657 658 662 665 666 667 670 671 672 673 682 684 686 687 688 690 691 696 703 730 731 733 734 740 743 755 756 761 774 775 777 778 780 781 787 788 798 799 800 801 803 820 822 827 828 829 830 831 858 901 902 903 904 930 931 932 985 986 991 994 995 996 1008 1009 1011 1012 1015 1016 1017 1018 1021 1023 1024 1025 1026] -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.5.16 2 diff --git a/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out b/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out index 9481eadd2ef..ac7e26b8fa4 100644 --- a/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out +++ b/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out @@ -31,8 +31,8 @@ ProtonVPN 26 8061 1 Safe 1 74 1 Acceptable 40 10121 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.2.15 1 diff --git a/tests/cfgs/fpc_disabled/result/teams.pcap.out b/tests/cfgs/fpc_disabled/result/teams.pcap.out index fce3641567c..763dab2eaf9 100644 --- a/tests/cfgs/fpc_disabled/result/teams.pcap.out +++ b/tests/cfgs/fpc_disabled/result/teams.pcap.out @@ -49,9 +49,9 @@ Acceptable 431 155530 37 Fun 1 82 1 Unrated 4 456 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.1.6 6 +JA Host Stats: + IP Address # JA4C + 1 192.168.1.6 7 1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] diff --git a/tests/cfgs/guess_ip_before_port_enabled/result/1kxun.pcap.out b/tests/cfgs/guess_ip_before_port_enabled/result/1kxun.pcap.out index 2e277b31a34..4f5428225d6 100644 --- a/tests/cfgs/guess_ip_before_port_enabled/result/1kxun.pcap.out +++ b/tests/cfgs/guess_ip_before_port_enabled/result/1kxun.pcap.out @@ -51,8 +51,8 @@ Fun 948 1976493 53 Dangerous 5 1197 2 Unrated 19 5564 9 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.5.16 2 diff --git a/tests/cfgs/guessing_disable/result/webex.pcap.out b/tests/cfgs/guessing_disable/result/webex.pcap.out index b1bb3ff5663..ce84e09d2ca 100644 --- a/tests/cfgs/guessing_disable/result/webex.pcap.out +++ b/tests/cfgs/guessing_disable/result/webex.pcap.out @@ -33,8 +33,8 @@ Safe 250 28977 20 Acceptable 835 524428 33 Unrated 25 1701 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.8.0.1 6 diff --git a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out index 57c617fb510..73c6606e875 100644 --- a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out +++ b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out @@ -50,8 +50,8 @@ Fun 948 1976493 53 Dangerous 5 1197 2 Unrated 19 5564 9 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.5.16 2 diff --git a/tests/cfgs/monitoring/result/stun.pcap.out b/tests/cfgs/monitoring/result/stun.pcap.out index 819382297b8..9218314f06d 100644 --- a/tests/cfgs/monitoring/result/stun.pcap.out +++ b/tests/cfgs/monitoring/result/stun.pcap.out @@ -32,8 +32,8 @@ GoogleCall 41 7228 2 Safe 4 766 1 Acceptable 197 28062 8 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.169 1 2 192.168.43.169 1 diff --git a/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out b/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out index 58a144f5647..d88efa6c5b1 100644 --- a/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out +++ b/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out @@ -25,8 +25,8 @@ GoogleCall 362 74597 7 Acceptable 362 74597 7 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:b07:a3d:c112:48a1:1094:1227:281e 1 2 192.168.12.156 1 diff --git a/tests/cfgs/monitoring/result/stun_zoom.pcapng.out b/tests/cfgs/monitoring/result/stun_zoom.pcapng.out index 0b36fea34fd..4773db80826 100644 --- a/tests/cfgs/monitoring/result/stun_zoom.pcapng.out +++ b/tests/cfgs/monitoring/result/stun_zoom.pcapng.out @@ -24,8 +24,8 @@ Zoom 70 18258 2 Acceptable 70 18258 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.43.169 1 diff --git a/tests/cfgs/monitoring/result/teams.pcap.out b/tests/cfgs/monitoring/result/teams.pcap.out index 6b57a0cefe6..4d9b5380987 100644 --- a/tests/cfgs/monitoring/result/teams.pcap.out +++ b/tests/cfgs/monitoring/result/teams.pcap.out @@ -49,9 +49,9 @@ Acceptable 431 155530 37 Fun 1 82 1 Unrated 4 456 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.1.6 6 +JA Host Stats: + IP Address # JA4C + 1 192.168.1.6 7 1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] diff --git a/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out b/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out index cde4b813a83..f0835e23b57 100644 --- a/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out +++ b/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out @@ -27,8 +27,8 @@ TelegramVoip 244 121141 1 Acceptable 315 131265 8 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 UDP 192.168.12.67:39968 <-> 91.108.9.106:1400 [proto: 30.355/DTLS.TelegramVoip][IP: 185/Telegram][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 244][DPI packets before monitoring: 43][cat: VoIP/10][124 pkts/50596 bytes <-> 120 pkts/70545 bytes][Goodput ratio: 90/93][2.48 sec][Hostname/SNI: telegram.org][bytes ratio: -0.165 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/20 633/629 67/66][Pkt Len c2s/s2c min/avg/max/stddev: 70/84 408/588 1253/1235 406/467][Mapped IP/Port: 93.35.170.144:39295, 91.108.9.106:37674, 91.108.9.106:52874][Peer IP/Port: 91.108.9.106:52874][Relayed IP/Port: 91.108.9.106:37674][RTP packets: 81/82][Risk: ** Self-signed Cert **** TLS Cert About To Expire **][Risk Score: 150][Risk Info: 17/Nov/2024 16:19:00 - 18/Dec/2024 16:19:00 / CN=WebRTC][DTLSv1.2][JA3S: 6431b01c80e20aa21a6d7a54b248a3bf][Issuer: CN=WebRTC][Subject: CN=WebRTC][Certificate SHA-1: 27:83:F6:62:B2:02:79:6C:C7:B9:73:6C:DA:79:A5:2F:71:48:C3:83][Validity: 2024-11-17 16:19:00 - 2024-12-18 16:19:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (1/talggGwr)][Plen Bins: 0,22,11,4,10,2,6,1,7,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,3,6,4,2,0,0,1,4,6,3,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out b/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out index 5fe7ad3db8a..bc15d1dec7f 100644 --- a/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out +++ b/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out @@ -49,9 +49,9 @@ Acceptable 431 155530 37 Fun 1 82 1 Unrated 4 456 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.1.6 6 +JA Host Stats: + IP Address # JA4C + 1 192.168.1.6 7 1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] diff --git a/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out index 5782e9a0b90..64069bc3dd2 100644 --- a/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out @@ -29,8 +29,8 @@ Cloudflare 9 8862 3 Acceptable 88 20854 12 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 UDP [32fb:f967:681e:e96b:face:b00c::74fd]:3478 <-> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080]:45658 [proto: 78.87/STUN.RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 30][cat: Media/1][14 pkts/1612 bytes <-> 16 pkts/1838 bytes][Goodput ratio: 46/46][2.71 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 12/1 188/155 778/396 231/147][Pkt Len c2s/s2c min/avg/max/stddev: 84/84 115/115 214/206 44/39][PLAIN TEXT (4/WtFTidwfa)][Plen Bins: 46,23,16,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp.pcapng.out b/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp.pcapng.out index c4ece6066a5..5c50cba9146 100644 --- a/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp.pcapng.out +++ b/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp.pcapng.out @@ -25,8 +25,8 @@ GoogleCall 102 26347 2 Acceptable 102 26347 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.12.156 1 2 192.168.12.182 1 diff --git a/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp_unidir.pcapng.out b/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp_unidir.pcapng.out index 00a3ea082a7..720fddfce43 100644 --- a/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp_unidir.pcapng.out +++ b/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp_unidir.pcapng.out @@ -24,8 +24,8 @@ SRTP 43 10358 2 Acceptable 43 10358 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.10.0.1 1 diff --git a/tests/cfgs/stun_extra_dissection/result/stun_zoom.pcapng.out b/tests/cfgs/stun_extra_dissection/result/stun_zoom.pcapng.out index 15ef1378646..4f8d7b56601 100644 --- a/tests/cfgs/stun_extra_dissection/result/stun_zoom.pcapng.out +++ b/tests/cfgs/stun_extra_dissection/result/stun_zoom.pcapng.out @@ -24,8 +24,8 @@ Zoom 70 18258 2 Acceptable 70 18258 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.43.169 1 diff --git a/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out b/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out index 7b9d85afbae..2575582b809 100644 --- a/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out +++ b/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out @@ -27,8 +27,8 @@ TLS 170 45725 5 Safe 170 45725 5 Acceptable 4 392 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.178 1 2 192.168.1.187 1 3 192.168.1.128 1 diff --git a/tests/cfgs/subclassification_disable/result/quic-mvfst-27.pcapng.out b/tests/cfgs/subclassification_disable/result/quic-mvfst-27.pcapng.out index ef7a9656fac..bcb2e614820 100644 --- a/tests/cfgs/subclassification_disable/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/subclassification_disable/result/quic-mvfst-27.pcapng.out @@ -24,8 +24,8 @@ QUIC 20 11399 1 Acceptable 20 11399 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 10.0.2.15 1 diff --git a/tests/cfgs/subclassification_disable/result/tls_ech.pcapng.out b/tests/cfgs/subclassification_disable/result/tls_ech.pcapng.out index e8553c8856f..8427b3b2426 100644 --- a/tests/cfgs/subclassification_disable/result/tls_ech.pcapng.out +++ b/tests/cfgs/subclassification_disable/result/tls_ech.pcapng.out @@ -24,8 +24,8 @@ TLS 10 4226 1 Safe 10 4226 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:b07:a3d:c112:ce16:b409:3d0a:9177 1 diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__shadowsocks-tcp.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__shadowsocks-tcp.pcapng.out index 25a398bf07f..230cc1fc5b6 100644 --- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__shadowsocks-tcp.pcapng.out +++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__shadowsocks-tcp.pcapng.out @@ -30,8 +30,8 @@ Safe 25 22923 1 Acceptable 30 21330 1 Fun 45 36920 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:b07:a3d:c112:8628:88aa:8b00:913c 1 diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__trojan-tcp-tls.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__trojan-tcp-tls.pcapng.out index 56b4b66dff4..91246acff3a 100644 --- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__trojan-tcp-tls.pcapng.out +++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__trojan-tcp-tls.pcapng.out @@ -31,8 +31,8 @@ Safe 25 11617 1 Acceptable 35 10659 5 Fun 40 17498 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 127.0.0.1 1 2 192.168.1.183 1 diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp-tls.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp-tls.pcapng.out index ee6339c11f9..f51586754e5 100644 --- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp-tls.pcapng.out +++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp-tls.pcapng.out @@ -31,8 +31,8 @@ Safe 30 14152 1 Acceptable 36 10726 5 Fun 34 22317 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 127.0.0.1 1 2 192.168.1.183 1 diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp.pcapng.out index 3b87cca5381..9e6275c2735 100644 --- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp.pcapng.out +++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp.pcapng.out @@ -30,8 +30,8 @@ Safe 29 22543 1 Acceptable 30 21345 1 Fun 41 25855 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 2001:b07:a3d:c112:8628:88aa:8b00:913c 1 diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-websocket.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-websocket.pcapng.out index 53a99ff05d5..7392d7e76e0 100644 --- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-websocket.pcapng.out +++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-websocket.pcapng.out @@ -29,8 +29,8 @@ SOCKS 33 21475 1 Acceptable 68 44387 2 Fun 32 24681 2 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.183 1 diff --git a/tests/cfgs/tls_ja3c_disabled/result/tls_verylong_certificate.pcap.out b/tests/cfgs/tls_ja3c_disabled/result/tls_verylong_certificate.pcap.out index 1f66b4d3126..eb58330e558 100644 --- a/tests/cfgs/tls_ja3c_disabled/result/tls_verylong_certificate.pcap.out +++ b/tests/cfgs/tls_ja3c_disabled/result/tls_verylong_certificate.pcap.out @@ -24,8 +24,9 @@ Cybersec 48 22229 1 Safe 48 22229 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C + 1 192.168.1.160 1 1 TCP 192.168.1.160:54804 <-> 151.101.66.49:443 [proto: 91.283/TLS.Cybersec][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Cybersecurity/33][24 pkts/2404 bytes <-> 24 pkts/19825 bytes][Goodput ratio: 35/92][0.09 sec][Hostname/SNI: feodotracker.abuse.ch][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.784 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 15/21 5/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 100/826 583/1434 109/662][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d6707ht_2955a3196ffa_c83f907a73d3][ServerNames: p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net][Certificate SHA-1: E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B][Firefox][Validity: 2019-11-19 01:31:22 - 2020-08-29 17:19:32][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,16,0,4,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,55,0,0,0,0,0] diff --git a/tests/cfgs/tls_ja3s_disabled/result/tls_verylong_certificate.pcap.out b/tests/cfgs/tls_ja3s_disabled/result/tls_verylong_certificate.pcap.out index e530b580fd2..84c7f4d37bb 100644 --- a/tests/cfgs/tls_ja3s_disabled/result/tls_verylong_certificate.pcap.out +++ b/tests/cfgs/tls_ja3s_disabled/result/tls_verylong_certificate.pcap.out @@ -24,8 +24,8 @@ Cybersec 48 22229 1 Safe 48 22229 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.160 1 diff --git a/tests/cfgs/tls_ja4c_disabled/result/tls_verylong_certificate.pcap.out b/tests/cfgs/tls_ja4c_disabled/result/tls_verylong_certificate.pcap.out index 538d50d3ddd..f5b7f7224ea 100644 --- a/tests/cfgs/tls_ja4c_disabled/result/tls_verylong_certificate.pcap.out +++ b/tests/cfgs/tls_ja4c_disabled/result/tls_verylong_certificate.pcap.out @@ -24,9 +24,8 @@ Cybersec 48 22229 1 Safe 48 22229 1 -JA3 Host Stats: - IP Address # JA3C - 1 192.168.1.160 1 +JA Host Stats: + IP Address # JA4C 1 TCP 192.168.1.160:54804 <-> 151.101.66.49:443 [proto: 91.283/TLS.Cybersec][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Cybersecurity/33][24 pkts/2404 bytes <-> 24 pkts/19825 bytes][Goodput ratio: 35/92][0.09 sec][Hostname/SNI: feodotracker.abuse.ch][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.784 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 15/21 5/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 100/826 583/1434 109/662][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net][Certificate SHA-1: E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B][Firefox][Validity: 2019-11-19 01:31:22 - 2020-08-29 17:19:32][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,16,0,4,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,55,0,0,0,0,0] diff --git a/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out b/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out index bed112ff9bd..5b7934bbe9a 100644 --- a/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out +++ b/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out @@ -43,8 +43,8 @@ Safe 40 11444 4 Acceptable 737 370956 29 Fun 1 86 1 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.117 4 diff --git a/tests/cfgs/zoom_extra_dissection/result/zoom2.pcap.out b/tests/cfgs/zoom_extra_dissection/result/zoom2.pcap.out index bda085fb76c..ba3512ecaad 100644 --- a/tests/cfgs/zoom_extra_dissection/result/zoom2.pcap.out +++ b/tests/cfgs/zoom_extra_dissection/result/zoom2.pcap.out @@ -25,8 +25,8 @@ Zoom 342 112658 4 Acceptable 342 112658 4 -JA3 Host Stats: - IP Address # JA3C +JA Host Stats: + IP Address # JA4C 1 192.168.1.178 1