-
Notifications
You must be signed in to change notification settings - Fork 892
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
TLS: add basic, basic, detection of Encrypted ClientHello (#2053)
- Loading branch information
Showing
7 changed files
with
55 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
Guessed flow protos: 0 | ||
|
||
DPI Packets (TCP): 6 (6.00 pkts/flow) | ||
Confidence DPI : 1 (flows) | ||
Num dissector calls: 1 (1.00 diss/flow) | ||
LRU cache ookla: 0/0/0 (insert/search/found) | ||
LRU cache bittorrent: 0/0/0 (insert/search/found) | ||
LRU cache zoom: 0/0/0 (insert/search/found) | ||
LRU cache stun: 0/0/0 (insert/search/found) | ||
LRU cache tls_cert: 0/0/0 (insert/search/found) | ||
LRU cache mining: 0/0/0 (insert/search/found) | ||
LRU cache msteams: 0/0/0 (insert/search/found) | ||
LRU cache stun_zoom: 0/0/0 (insert/search/found) | ||
Automa host: 1/1 (search/found) | ||
Automa domain: 1/0 (search/found) | ||
Automa tls cert: 0/0 (search/found) | ||
Automa risk mask: 0/0 (search/found) | ||
Automa common alpns: 2/2 (search/found) | ||
Patricia risk mask: 0/0 (search/found) | ||
Patricia risk: 0/0 (search/found) | ||
Patricia protocols: 0/0 (search/found) | ||
|
||
Cloudflare 10 4226 1 | ||
|
||
JA3 Host Stats: | ||
IP Address # JA3C | ||
1 2001:b07:a3d:c112:ce16:b409:3d0a:9177 1 | ||
|
||
|
||
1 TCP [2001:b07:a3d:c112:ce16:b409:3d0a:9177]:47460 <-> [2606:4700::6812:1e4e]:443 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/1172 bytes <-> 4 pkts/3054 bytes][Goodput ratio: 55/88][0.07 sec][Hostname/SNI: performance.radar.cloudflare.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 13/5 49/7 18/2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 195/764 670/2260 213/890][TLSv1.3][JA3C: 6820f114cf3b0809ffdcb30cb277848a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] |