ndpiReader: update JA statistics

Show JA4C and JA3S information (instead of JA3C and JA3S) See #2551 for context
ntop · Dec 19, 2024 · 4868834 · 4868834
1 parent b2c2453
commit 4868834
Show file tree

Hide file tree

Showing 214 changed files with 588 additions and 585 deletions.
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
diff --git a/example/reader_util.h b/example/reader_util.h
@@ -97,24 +97,24 @@ extern int dpdk_port_deinit(int port);
 extern "C" {
 #endif
 
-// inner hash table (ja3 -> security state)
-typedef struct ndpi_ja3_info {
-  char * ja3;
+// inner hash table (ja -> security state)
+typedef struct ndpi_ja_info {
+  char * ja;
   ndpi_cipher_weakness unsafe_cipher;
   UT_hash_handle hh;
-} ndpi_ja3_info;
+} ndpi_ja_info;
 
-// external hash table (host ip -> <ip string, hash table ja3c, hash table ja3s>)
+// external hash table (host ip -> <ip string, hash table ja4c, hash table ja3s>)
 // used to aggregate ja3 fingerprints by hosts
-typedef struct ndpi_host_ja3_fingerprints {
+typedef struct ndpi_host_ja_fingerprints {
   u_int32_t ip;
   char *ip_string;
   char *dns_name;
-  ndpi_ja3_info *host_client_info_hasht;
-  ndpi_ja3_info *host_server_info_hasht;
+  ndpi_ja_info *host_client_info_hasht;
+  ndpi_ja_info *host_server_info_hasht;
 
   UT_hash_handle hh;
-} ndpi_host_ja3_fingerprints;
+} ndpi_host_ja_fingerprints;
 
 
 //inner hash table
@@ -125,13 +125,13 @@ typedef struct ndpi_ip_dns{
   UT_hash_handle hh;
 } ndpi_ip_dns;
 
-//hash table ja3 -> <host, ip, security>, used to aggregate host by ja3 fingerprints
-typedef struct ndpi_ja3_fingerprints_host{
-  char *ja3; //key
+//hash table ja -> <host, ip, security>, used to aggregate host by ja fingerprints
+typedef struct ndpi_ja_fingerprints_host{
+  char *ja; //key
   ndpi_cipher_weakness unsafe_cipher;
   ndpi_ip_dns *ipToDNS_ht;
   UT_hash_handle hh;
-} ndpi_ja3_fingerprints_host;
+} ndpi_ja_fingerprints_host;
 
 struct flow_metrics {
   float entropy, average, stddev;

diff --git a/tests/cfgs/caches_cfg/result/ookla.pcap.out b/tests/cfgs/caches_cfg/result/ookla.pcap.out
@@ -30,8 +30,8 @@ Ookla	74	12870	4
 Safe                           103 36036         5            
 Acceptable                      10 2375          1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.128            	 2      
 
 

diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out
@@ -49,9 +49,9 @@ Acceptable                     328 111885        33
 Fun                              1 82            1            
 Unrated                          4 456           1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
-	1	 192.168.1.6              	 6      
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
+	1	 192.168.1.6              	 7      
 
 
 	1	TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0]

diff --git a/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out
@@ -29,8 +29,8 @@ Cloudflare	9	8862	3
 
 Acceptable                      88 20854         12           
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 
 
 	1	UDP [32fb:f967:681e:e96b:face:b00c::74fd]:3478 <-> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080]:45658 [proto: 165/RTCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VoIP/10][14 pkts/1612 bytes <-> 16 pkts/1838 bytes][Goodput ratio: 46/46][2.71 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 12/1 188/155 778/396 231/147][Pkt Len c2s/s2c min/avg/max/stddev: 84/84 115/115 214/206 44/39][PLAIN TEXT (4/WtFTidwfa)][Plen Bins: 46,23,16,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

diff --git a/tests/cfgs/caches_global/result/ookla.pcap.out b/tests/cfgs/caches_global/result/ookla.pcap.out
@@ -28,8 +28,8 @@ Ookla	113	38411	6
 
 Safe                           113 38411         6            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.128            	 2      
 
 

diff --git a/tests/cfgs/caches_global/result/teams.pcap.out b/tests/cfgs/caches_global/result/teams.pcap.out
@@ -49,9 +49,9 @@ Acceptable                     431 155530        37
 Fun                              1 82            1            
 Unrated                          4 456           1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
-	1	 192.168.1.6              	 6      
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
+	1	 192.168.1.6              	 7      
 
 
 	1	TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0]

diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out
@@ -50,8 +50,8 @@ Fun                            948 1976493       53
 Dangerous                        5 1197          2            
 Unrated                         19 5564          9            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.5.16             	 2      
 
 

diff --git a/tests/cfgs/default/result/443-curl.pcap.out b/tests/cfgs/default/result/443-curl.pcap.out
@@ -24,8 +24,8 @@ ntop	109	73982	1
 
 Safe                           109 73982         1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.13             	 1      
 
 

diff --git a/tests/cfgs/default/result/443-firefox.pcap.out b/tests/cfgs/default/result/443-firefox.pcap.out
@@ -24,8 +24,8 @@ ntop	667	458067	1
 
 Safe                           667 458067        1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.13             	 1      
 
 

diff --git a/tests/cfgs/default/result/443-git.pcap.out b/tests/cfgs/default/result/443-git.pcap.out
@@ -24,8 +24,8 @@ Github	70	37189	1
 
 Acceptable                      70 37189         1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.13             	 1      
 
 

diff --git a/tests/cfgs/default/result/443-safari.pcap.out b/tests/cfgs/default/result/443-safari.pcap.out
@@ -24,8 +24,8 @@ ntop	41	19929	1
 
 Safe                            41 19929         1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.13             	 1      
 
 

diff --git a/tests/cfgs/default/result/4in6tunnel.pcap.out b/tests/cfgs/default/result/4in6tunnel.pcap.out
@@ -24,8 +24,8 @@ Microsoft	4	2188	1
 
 Safe                             4 2188          1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.0.1              	 1      
 
 

diff --git a/tests/cfgs/default/result/6in4tunnel.pcap.out b/tests/cfgs/default/result/6in4tunnel.pcap.out
@@ -32,8 +32,8 @@ Safe                            32 15913         3
 Acceptable                      58 9654          4            
 Fun                             37 14726         3            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 2001:470:1f17:13f:3e97:eff:fe73:4dec 	 2      
 
 

diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out
@@ -37,8 +37,8 @@ Safe                            37 5258          7
 Acceptable                      99 15120         20           
 Fun                            211 51558         11           
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 10.24.82.188             	 3      
 
 

diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
@@ -39,8 +39,8 @@ Safe                            41 5761          8
 Acceptable                    3145 428107        10           
 Fun                             17 1924          2            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 10.24.82.188             	 2      
 
 

diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out
@@ -42,8 +42,8 @@ AmazonAWS	383	142290	19
 Safe                           138 23305         13           
 Acceptable                    2936 1146440       147          
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 172.16.42.216            	 8      
 
 

diff --git a/tests/cfgs/default/result/android.pcap.out b/tests/cfgs/default/result/android.pcap.out
@@ -47,9 +47,9 @@ Safe                            97 27653         11
 Acceptable                     262 77875         38           
 Fun                            116 26426         14           
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
-	1	 192.168.2.16             	 8      
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
+	1	 192.168.2.16             	 7      
 
 
 	1	TCP 192.168.2.16:32996 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 7][cat: Web/5][17 pkts/1949 bytes <-> 15 pkts/11826 bytes][Goodput ratio: 42/92][0.75 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/27 386/221 108/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/788 578/1484 125/627][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA3C: 6ec2896feff5746955f700c0023f5804][JA4: t12d1409ht_c866b44c5a26_b39be8c56a14][ServerNames: www.google.com][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com][Certificate SHA-1: 32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0][Safari][Validity: 2020-02-12 11:47:41 - 2020-05-06 11:47:41][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,13,6,0,0,6,0,0,0,6,6,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,35,0,0,0]

diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@@ -48,8 +48,8 @@ Safe                           361 93506         16
 Acceptable                     205 36053         51           
 Unrated                         19 1054          2            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 10.0.0.227               	 5      
 
 

diff --git a/tests/cfgs/default/result/anydesk.pcapng.out b/tests/cfgs/default/result/anydesk.pcapng.out
@@ -27,8 +27,8 @@ AnyDesk	154	44400	6
 Safe                            20 1717          1            
 Acceptable                     154 44400         6            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.178            	 1      
 	2	 192.168.1.187            	 1      
 	3	 192.168.1.128            	 1      

diff --git a/tests/cfgs/default/result/bets.pcapng.out b/tests/cfgs/default/result/bets.pcapng.out
@@ -24,8 +24,8 @@ TLS	33	9228	1
 
 Safe                            33 9228          1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.10.2             	 1      
 
 

diff --git a/tests/cfgs/default/result/cachefly.pcapng.out b/tests/cfgs/default/result/cachefly.pcapng.out
@@ -24,8 +24,8 @@ Cachefly	6	6163	1
 
 Acceptable                       6 6163          1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 10.10.10.1               	 1      
 
 

diff --git a/tests/cfgs/default/result/capwap_data.pcapng.out b/tests/cfgs/default/result/capwap_data.pcapng.out
@@ -24,8 +24,8 @@ GoogleServices	14	2624	3
 
 Acceptable                      14 2624          3            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 10.1.3.68                	 1      
 
 

diff --git a/tests/cfgs/default/result/chrome.pcap.out b/tests/cfgs/default/result/chrome.pcap.out
@@ -24,8 +24,8 @@ TLS	127	68131	6
 
 Safe                           127 68131         6            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.178            	 2      
 
 

diff --git a/tests/cfgs/default/result/cloudflare-warp.pcap.out b/tests/cfgs/default/result/cloudflare-warp.pcap.out
@@ -35,8 +35,8 @@ CloudflareWarp	37	10500	3
 Safe                             5 294           2            
 Acceptable                      73 14433         7            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 10.8.0.1                 	 3      
 
 

diff --git a/tests/cfgs/default/result/codm.pcap.out b/tests/cfgs/default/result/codm.pcap.out
@@ -25,8 +25,8 @@ CoD_Mobile	13	3590	3
 
 Fun                             13 3590          3            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 10.215.173.1             	 1      
 
 

diff --git a/tests/cfgs/default/result/dazn.pcapng.out b/tests/cfgs/default/result/dazn.pcapng.out
@@ -24,8 +24,8 @@ Dazn	12	6675	3
 
 Fun                             12 6675          3            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.128            	 1      
 
 

diff --git a/tests/cfgs/default/result/dingtalk.pcap.out b/tests/cfgs/default/result/dingtalk.pcap.out
@@ -24,8 +24,8 @@ DingTalk	16	4890	2
 
 Acceptable                      16 4890          2            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 10.215.173.1             	 1      
 
 

diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out
@@ -25,8 +25,8 @@ Discord	411	98410	34
 
 Fun                            411 98410         34           
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 10.0.2.15                	 1      
 
 

diff --git a/tests/cfgs/default/result/dlt_ppp.pcap.out b/tests/cfgs/default/result/dlt_ppp.pcap.out
@@ -24,8 +24,8 @@ QUIC	1	1230	1
 
 Acceptable                       1 1230          1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 193.167.0.252            	 1      
 
 

diff --git a/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out b/tests/cfgs/default/result/dns2tcp_tunnel.pcap.out
@@ -24,8 +24,8 @@ TLS	50	8960	1
 
 Safe                            50 8960          1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.20.211           	 1      
 
 

diff --git a/tests/cfgs/default/result/dns_doh.pcap.out b/tests/cfgs/default/result/dns_doh.pcap.out
@@ -24,8 +24,8 @@ DoH_DoT	142	20362	1
 
 Acceptable                     142 20362         1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 172.20.10.4              	 1      
 
 

diff --git a/tests/cfgs/default/result/dns_dot.pcap.out b/tests/cfgs/default/result/dns_dot.pcap.out
@@ -24,8 +24,8 @@ DoH_DoT	24	5869	1
 
 Acceptable                      24 5869          1            
 
-JA3 Host Stats: 
-		 IP Address                  	 # JA3C     
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
 	1	 192.168.1.185            	 1