From 2a6f63f73c37ddf8393c6dff7bb813f434a0b776 Mon Sep 17 00:00:00 2001 From: Vladimir Kobal Date: Tue, 27 Jan 2026 18:13:01 +0100 Subject: [PATCH 1/2] Add tests for python implementation --- python/test/generate-output-files.sh | 24 + python/test/test_ja4_output.py | 48 ++ python/test/testdata/CVE-2018-6794.pcap.json | 18 + python/test/testdata/badcurveball.pcap.json | 21 + .../test/testdata/browsers-x509.pcapng.json | 59 ++ ...e-cloudflare-quic-with-secrets.pcapng.json | 40 + python/test/testdata/dhcp.pcapng.json | 1 + python/test/testdata/dhcpv6.pcap.json | 1 + .../test/testdata/gre-erspan-vxlan.pcap.json | 13 + python/test/testdata/gre-sample.pcap.json | 20 + .../testdata/http1-with-cookies.pcapng.json | 21 + python/test/testdata/http1.pcapng.json | 450 ++++++++++ .../testdata/http2-with-cookies.pcapng.json | 142 ++++ python/test/testdata/ipv6.pcapng.json | 21 + python/test/testdata/latest.pcapng.json | 112 +++ .../test/testdata/macos_tcp_flags.pcap.json | 19 + .../testdata/quic-tls-handshake.pcapng.json | 1 + .../quic-with-several-tls-frames.pcapng.json | 1 + python/test/testdata/single-packets.pcap.json | 66 ++ python/test/testdata/socks4-https.pcap.json | 13 + python/test/testdata/ssh-r.pcap.json | 64 ++ python/test/testdata/ssh-scp-1050.pcap.json | 24 + python/test/testdata/ssh.pcapng.json | 17 + python/test/testdata/ssh2-malformed.pcap.json | 20 + .../test/testdata/ssh2-moloch-crash.pcap.json | 20 + python/test/testdata/ssh2.pcapng.json | 176 ++++ python/test/testdata/sshv1.pcap.json | 20 + python/test/testdata/tcpdump-geneve.pcap.json | 20 + python/test/testdata/tls-alpn-h2.pcap.json | 21 + .../test/testdata/tls-handshake.pcapng.json | 802 ++++++++++++++++++ .../testdata/tls-non-ascii-alpn.pcapng.json | 15 + python/test/testdata/tls-sni.pcapng.json | 730 ++++++++++++++++ python/test/testdata/tls12.pcap.json | 14 + python/test/testdata/tls3.pcapng.json | 205 +++++ python/test/testdata/v6.pcap.json | 20 + 35 files changed, 3259 insertions(+) create mode 100755 python/test/generate-output-files.sh create mode 100644 python/test/test_ja4_output.py create mode 100644 python/test/testdata/CVE-2018-6794.pcap.json create mode 100644 python/test/testdata/badcurveball.pcap.json create mode 100644 python/test/testdata/browsers-x509.pcapng.json create mode 100644 python/test/testdata/chrome-cloudflare-quic-with-secrets.pcapng.json create mode 100644 python/test/testdata/dhcp.pcapng.json create mode 100644 python/test/testdata/dhcpv6.pcap.json create mode 100644 python/test/testdata/gre-erspan-vxlan.pcap.json create mode 100644 python/test/testdata/gre-sample.pcap.json create mode 100644 python/test/testdata/http1-with-cookies.pcapng.json create mode 100644 python/test/testdata/http1.pcapng.json create mode 100644 python/test/testdata/http2-with-cookies.pcapng.json create mode 100644 python/test/testdata/ipv6.pcapng.json create mode 100644 python/test/testdata/latest.pcapng.json create mode 100644 python/test/testdata/macos_tcp_flags.pcap.json create mode 100644 python/test/testdata/quic-tls-handshake.pcapng.json create mode 100644 python/test/testdata/quic-with-several-tls-frames.pcapng.json create mode 100644 python/test/testdata/single-packets.pcap.json create mode 100644 python/test/testdata/socks4-https.pcap.json create mode 100644 python/test/testdata/ssh-r.pcap.json create mode 100644 python/test/testdata/ssh-scp-1050.pcap.json create mode 100644 python/test/testdata/ssh.pcapng.json create mode 100644 python/test/testdata/ssh2-malformed.pcap.json create mode 100644 python/test/testdata/ssh2-moloch-crash.pcap.json create mode 100644 python/test/testdata/ssh2.pcapng.json create mode 100644 python/test/testdata/sshv1.pcap.json create mode 100644 python/test/testdata/tcpdump-geneve.pcap.json create mode 100644 python/test/testdata/tls-alpn-h2.pcap.json create mode 100644 python/test/testdata/tls-handshake.pcapng.json create mode 100644 python/test/testdata/tls-non-ascii-alpn.pcapng.json create mode 100644 python/test/testdata/tls-sni.pcapng.json create mode 100644 python/test/testdata/tls12.pcap.json create mode 100644 python/test/testdata/tls3.pcapng.json create mode 100644 python/test/testdata/v6.pcap.json diff --git a/python/test/generate-output-files.sh b/python/test/generate-output-files.sh new file mode 100755 index 0000000..61efd3b --- /dev/null +++ b/python/test/generate-output-files.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# This script generates output files for the JA4 Python tests. +# Run the script from its directory. + +PCAP_DIR="../../pcap" +OUT_DIR="./testdata" +JA4_SCRIPT="../ja4.py" + +mkdir -p "$OUT_DIR" + +# If arguments are given, use them as files; otherwise, use all files in $PCAP_DIR +if [ "$#" -gt 0 ]; then + PCAP_FILES=("$@") +else + PCAP_FILES=("$PCAP_DIR"/*.pcap*) +fi + +# Loop through each pcap file and generate the output +for pcap in "${PCAP_FILES[@]}"; do + base=$(basename "$pcap") + out="$OUT_DIR/${base}.json" + python3 "$JA4_SCRIPT" "$pcap" -J -f "$out" +done diff --git a/python/test/test_ja4_output.py b/python/test/test_ja4_output.py new file mode 100644 index 0000000..0f7f1a1 --- /dev/null +++ b/python/test/test_ja4_output.py @@ -0,0 +1,48 @@ +import json +import subprocess +import sys +from pathlib import Path + +import pytest + +SCRIPT_DIR = Path(__file__).resolve().parent +ROOT_DIR = SCRIPT_DIR.parent.parent + +PCAP_DIR = ROOT_DIR / "pcap" +EXPECTED_DIR = SCRIPT_DIR / "testdata" +JA4_SCRIPT = ROOT_DIR / "python" / "ja4.py" + +pcap_files = sorted(PCAP_DIR.rglob("*.pcap*")) +if not pcap_files: + pytest.fail(f"No PCAP files found in {PCAP_DIR.resolve()}") + + +def get_expected_output(pcap_file: Path): + expected_file = EXPECTED_DIR / f"{pcap_file.name}.json" + with expected_file.open() as f: + return json.load(f) + + +@pytest.mark.parametrize("pcap_file", pcap_files) +def test_ja4_output_matches_expected(pcap_file, tmp_path): + output_file = tmp_path / f"{pcap_file.name}.json" + result = subprocess.run( + [ + sys.executable, + str(JA4_SCRIPT), + str(pcap_file), + "-J", + "-f", + str(output_file), + ], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True, + ) + + assert result.returncode == 0, f"ja4.py failed: {result.stderr}" + + actual = json.loads(output_file.read_text()) + expected = get_expected_output(pcap_file) + + assert actual == expected, f"Mismatch for {pcap_file.name}" diff --git a/python/test/testdata/CVE-2018-6794.pcap.json b/python/test/testdata/CVE-2018-6794.pcap.json new file mode 100644 index 0000000..5167178 --- /dev/null +++ b/python/test/testdata/CVE-2018-6794.pcap.json @@ -0,0 +1,18 @@ +[ + { + "stream": 0, + "src": "192.168.235.136", + "dst": "192.168.235.1", + "srcport": "8089", + "dstport": "53649", + "JA4H": "ge11nn07ruru_6cd0fb54989b_000000000000_000000000000" + }, + { + "stream": 1, + "src": "192.168.235.136", + "dst": "192.168.235.1", + "srcport": "8089", + "dstport": "53656", + "JA4H": "ge11nr06ruru_cc6ec9a91856_000000000000_000000000000" + } +] \ No newline at end of file diff --git a/python/test/testdata/badcurveball.pcap.json b/python/test/testdata/badcurveball.pcap.json new file mode 100644 index 0000000..eb3ea04 --- /dev/null +++ b/python/test/testdata/badcurveball.pcap.json @@ -0,0 +1,21 @@ +[ + { + "stream": 0, + "src": "172.130.128.76", + "dst": "54.226.182.138", + "srcport": "55318", + "dstport": "443", + "client_ttl": "64", + "server_ttl": "238", + "JA4L-S": "781_238", + "JA4L-C": "2181_64", + "domain": "bad.curveballtest.com", + "JA4.1": "t00d1715h2_dd2c26892b57_8201b1be11a4", + "JA4_r.1": "t00d1715h2_,,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,ff01_27,52,25,83,53,81,54,37,3", + "JA4_o.1": "t00d1715h2_6c4ba73770eb_4848efb2a220", + "JA4_ro.1": "t00d1715h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,,_0000,0017,ff01,000a,000b,0023,0010,0005,000d,0012,0033,002d,002b,001b,0015_27,52,25,83,53,81,54,37,3", + "JA4S": "t0005h1_195_845f7282a956", + "JA4X.1": "2e9214a636bc_a373a9f83c6b_0e17604154c5", + "JA4X.2": "2e9214a636bc_2e9214a636bc_795797892f9c" + } +] \ No newline at end of file diff --git a/python/test/testdata/browsers-x509.pcapng.json b/python/test/testdata/browsers-x509.pcapng.json new file mode 100644 index 0000000..1722c33 --- /dev/null +++ b/python/test/testdata/browsers-x509.pcapng.json @@ -0,0 +1,59 @@ +[ + { + "stream": 0, + "src": "172.27.7.31", + "dst": "13.107.21.239", + "srcport": "54524", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "112", + "JA4L-S": "1907_112", + "JA4L-C": "278_128", + "domain": "edge.microsoft.com", + "JA4.1": "t00d1616h2_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0200e8047a78_8a0afe6f3afd", + "JA4_ro.1": "t00d1616h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,0000,000a,0005,000b,002b,001b,ff01,0033,4469,002d,0023,0017,0012,0010,0015_27,52,25,83,53,81,54,37", + "JA4X.1": "a373a9f83c6b_2bab15409345_0f2217ba412e", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_c34b04c10969" + }, + { + "stream": 1, + "src": "172.27.7.31", + "dst": "68.67.160.117", + "srcport": "54525", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "41", + "JA4L-S": "7166_41", + "JA4L-C": "349_128", + "domain": "nym1-ib.adnxs.com", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_548bd83a577c", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002b,4469,000b,0017,000d,0000,001b,0005,0033,ff01,0010,000a,002d,0012,0023,0015_27,52,25,83,53,81,54,37", + "JA4S": "t0007h2_195_cf25e267ce22", + "JA4X.1": "7d5dbb3783b4_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_7d5dbb3783b4_44440d41940c" + }, + { + "stream": 2, + "src": "172.27.7.31", + "dst": "103.42.133.15", + "srcport": "54603", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "229", + "JA4L-S": "2948_229", + "JA4L-C": "247_128", + "domain": "lptag.liveperson.net", + "JA4.1": "t00d1616h2_73d9d18e4e10_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,018,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_828fc7e24cd3_0069bd55eedf", + "JA4_ro.1": "t00d1616h2_018,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0000,0033,0010,0017,ff01,0012,002b,000d,000a,002d,0005,0023,000b,4469,001b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t0005h2_199_845f7282a956", + "JA4X.1": "2bab15409345_2e9214a636bc_b891c0ad6f32", + "JA4X.2": "2bab15409345_2bab15409345_2367ce7fbc5b", + "JA4X.3": "2bab15409345_2bab15409345_2030e37f3421" + } +] \ No newline at end of file diff --git a/python/test/testdata/chrome-cloudflare-quic-with-secrets.pcapng.json b/python/test/testdata/chrome-cloudflare-quic-with-secrets.pcapng.json new file mode 100644 index 0000000..6b28c65 --- /dev/null +++ b/python/test/testdata/chrome-cloudflare-quic-with-secrets.pcapng.json @@ -0,0 +1,40 @@ +[ + { + "stream": 0, + "src": "2001:db8:1::1", + "dst": "2606:4700:10::6816:826", + "srcport": "57098", + "dstport": "443", + "client_ttl": "64", + "server_ttl": "56", + "JA4L-S": "5749_56", + "JA4L-C": "149_64", + "domain": "cloudflare-quic.com", + "JA4.1": "t00d1616h2_06835249484a_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,802_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_572e68ba0241_ac2009940b69", + "JA4_ro.1": "t00d1616h2_802,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0000,0017,ff01,000a,000b,0023,0010,0005,000d,0012,0033,002d,002b,001b,4469,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581", + "JA4X.1": "a373a9f83c6b_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_44440d41940c" + }, + { + "stream": 0, + "src": "2001:db8:1::1", + "dst": "2606:4700:10::6816:826", + "srcport": "57098", + "dstport": "443", + "JA4H": "ge20nn12enus_60f823d07c94_000000000000_000000000000" + }, + { + "stream": 0, + "src": "2001:db8:1::1", + "dst": "2606:4700:10::6816:826", + "srcport": "50280", + "dstport": "443", + "client_ttl": "64", + "server_ttl": "56", + "JA4L-S": "10990_56", + "JA4L-C": "113_64" + } +] \ No newline at end of file diff --git a/python/test/testdata/dhcp.pcapng.json b/python/test/testdata/dhcp.pcapng.json new file mode 100644 index 0000000..0637a08 --- /dev/null +++ b/python/test/testdata/dhcp.pcapng.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/python/test/testdata/dhcpv6.pcap.json b/python/test/testdata/dhcpv6.pcap.json new file mode 100644 index 0000000..0637a08 --- /dev/null +++ b/python/test/testdata/dhcpv6.pcap.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/python/test/testdata/gre-erspan-vxlan.pcap.json b/python/test/testdata/gre-erspan-vxlan.pcap.json new file mode 100644 index 0000000..49c4bf8 --- /dev/null +++ b/python/test/testdata/gre-erspan-vxlan.pcap.json @@ -0,0 +1,13 @@ +[ + { + "stream": 0, + "src": "100.20.9.2", + "dst": "100.20.9.1", + "srcport": "65174", + "dstport": "80", + "client_ttl": "64", + "server_ttl": "64", + "JA4L-S": "997_64", + "JA4L-C": "953_64" + } +] \ No newline at end of file diff --git a/python/test/testdata/gre-sample.pcap.json b/python/test/testdata/gre-sample.pcap.json new file mode 100644 index 0000000..5731677 --- /dev/null +++ b/python/test/testdata/gre-sample.pcap.json @@ -0,0 +1,20 @@ +[ + { + "stream": 0, + "src": "172.27.1.66", + "dst": "66.59.109.137", + "srcport": "40264", + "dstport": "22", + "client_ttl": "255", + "server_ttl": "236", + "JA4L-S": "22952_236", + "JA4L-C": "26150_255", + "ssh_extras": { + "hassh": "5ef6678a6b060094834599ca16581b05", + "hassh_server": "6e3242d64766f4154c11858bbd654415", + "ssh_protocol_client": "SSH-2.0-OpenSSH_3.6.1p1", + "ssh_protocol_server": "SSH-1.99-OpenSSH_3.1p1", + "encryption_algorithm": "aes128-cbc" + } + } +] \ No newline at end of file diff --git a/python/test/testdata/http1-with-cookies.pcapng.json b/python/test/testdata/http1-with-cookies.pcapng.json new file mode 100644 index 0000000..0b51a7e --- /dev/null +++ b/python/test/testdata/http1-with-cookies.pcapng.json @@ -0,0 +1,21 @@ +[ + { + "stream": 0, + "src": "127.0.0.1", + "dst": "127.0.0.1", + "srcport": "61256", + "dstport": "8000", + "JA4H": "ge11cr04da00_8ddaef5d77af_280f366eaa04_c2fb0fe53442" + }, + { + "stream": 0, + "src": "127.0.0.1", + "dst": "127.0.0.1", + "srcport": "61256", + "dstport": "8000", + "client_ttl": "64", + "server_ttl": "64", + "JA4L-S": "64_64", + "JA4L-C": "20_64" + } +] \ No newline at end of file diff --git a/python/test/testdata/http1.pcapng.json b/python/test/testdata/http1.pcapng.json new file mode 100644 index 0000000..591125c --- /dev/null +++ b/python/test/testdata/http1.pcapng.json @@ -0,0 +1,450 @@ +[ + { + "stream": 0, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48456", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 1, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45042", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 2, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48458", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 3, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45044", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 4, + "src": "192.168.1.147", + "dst": "142.251.16.94", + "srcport": "56404", + "dstport": "80", + "JA4H": "he11nn05enus_6f8992deff94_000000000000_000000000000" + }, + { + "stream": 5, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48460", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 6, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45046", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 7, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48462", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 8, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45048", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 9, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48464", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 10, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45050", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 11, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48466", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 12, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48468", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 13, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45052", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 14, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48470", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 15, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45054", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 16, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48472", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 4, + "src": "142.251.16.94", + "dst": "192.168.1.147", + "srcport": "80", + "dstport": "56404", + "JA4H": "he11nn05enus_6f8992deff94_000000000000_000000000000" + }, + { + "stream": 18, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48476", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 19, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45056", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 20, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48478", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 21, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48480", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 22, + "src": "192.168.1.188", + "dst": "52.85.151.11", + "srcport": "38660", + "dstport": "80", + "JA4H": "ge11nn040000_ad0fd3707af2_000000000000_000000000000" + }, + { + "stream": 23, + "src": "192.168.1.136", + "dst": "142.251.167.94", + "srcport": "41355", + "dstport": "80", + "JA4H": "ge11nn040000_4f6f4aad0c1e_000000000000_000000000000" + }, + { + "stream": 24, + "src": "192.168.1.136", + "dst": "104.86.99.193", + "srcport": "39698", + "dstport": "80", + "JA4H": "he11nn040000_4f6f4aad0c1e_000000000000_000000000000" + }, + { + "stream": 25, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44238", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 26, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44239", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 27, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44240", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 28, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44241", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 29, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44242", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 30, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44243", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 31, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44244", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 32, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44245", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 33, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44250", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 34, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44251", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 35, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44252", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 36, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44253", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 37, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44254", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 38, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44255", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 39, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44256", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 40, + "src": "192.168.1.136", + "dst": "192.168.1.1", + "srcport": "44257", + "dstport": "41547", + "JA4H": "ge11nn050000_e1365771aae9_000000000000_000000000000" + }, + { + "stream": 41, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45058", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 42, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48482", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 43, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48484", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 44, + "src": "192.168.1.191", + "dst": "192.168.1.1", + "srcport": "48486", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 45, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45060", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 46, + "src": "192.168.1.100", + "dst": "104.18.20.64", + "srcport": "40978", + "dstport": "80", + "JA4H": "ge11nn040000_532a1ee47909_000000000000_000000000000" + }, + { + "stream": 47, + "src": "192.168.1.100", + "dst": "192.168.1.1", + "srcport": "60164", + "dstport": "41547", + "JA4H": "ge11nn030000_f8649f6808db_000000000000_000000000000" + }, + { + "stream": 48, + "src": "192.168.1.100", + "dst": "192.168.1.1", + "srcport": "60180", + "dstport": "41547", + "JA4H": "po11nn080000_6977d1188c03_000000000000_000000000000" + }, + { + "stream": 49, + "src": "192.168.1.100", + "dst": "192.168.1.1", + "srcport": "60186", + "dstport": "41547", + "JA4H": "po11nn080000_6977d1188c03_000000000000_000000000000" + }, + { + "stream": 50, + "src": "192.168.1.100", + "dst": "192.168.1.1", + "srcport": "60200", + "dstport": "41547", + "JA4H": "po11nn080000_6977d1188c03_000000000000_000000000000" + }, + { + "stream": 51, + "src": "192.168.1.118", + "dst": "192.168.1.1", + "srcport": "45062", + "dstport": "8080", + "JA4H": "po11nn050000_530ceba2075f_000000000000_000000000000" + }, + { + "stream": 52, + "src": "192.168.1.100", + "dst": "192.168.1.1", + "srcport": "60204", + "dstport": "41547", + "JA4H": "ge11nn030000_f8649f6808db_000000000000_000000000000" + }, + { + "stream": 53, + "src": "192.168.1.100", + "dst": "192.168.1.1", + "srcport": "60220", + "dstport": "41547", + "JA4H": "po11nn080000_6977d1188c03_000000000000_000000000000" + }, + { + "stream": 54, + "src": "192.168.1.100", + "dst": "192.168.1.1", + "srcport": "60222", + "dstport": "41547", + "JA4H": "po11nn080000_6977d1188c03_000000000000_000000000000" + }, + { + "stream": 55, + "src": "192.168.1.100", + "dst": "192.168.1.1", + "srcport": "60230", + "dstport": "41547", + "JA4H": "po11nn080000_6977d1188c03_000000000000_000000000000" + } +] \ No newline at end of file diff --git a/python/test/testdata/http2-with-cookies.pcapng.json b/python/test/testdata/http2-with-cookies.pcapng.json new file mode 100644 index 0000000..3da09d8 --- /dev/null +++ b/python/test/testdata/http2-with-cookies.pcapng.json @@ -0,0 +1,142 @@ +[ + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "117", + "JA4L-S": "44840_117", + "JA4L-C": "470_128", + "domain": "youtube.com", + "JA4.1": "t00d1616h2_73d9d18e4e10_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,018,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_828fc7e24cd3_ca0d6ae205f6", + "JA4_ro.1": "t00d1616h2_018,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,0012,0000,000b,4469,001b,ff01,0033,000d,0010,0005,000a,0017,002b,0023,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581", + "JA4X.1": "a373a9f83c6b_7022c563de38_2e3757343cb0", + "JA4X.2": "a373a9f83c6b_a373a9f83c6b_5d71497f7704", + "JA4X.3": "7d5dbb3783b4_a373a9f83c6b_2fbee3f04f3b" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cn19enus_cb83bf27b7a9_c7713052b7e4_348cad68b6fb" + }, + { + "stream": 0, + "src": "142.250.187.206", + "dst": "192.168.2.200", + "srcport": "443", + "dstport": "58847", + "JA4H": "ge20cn13enus_8e33b43baae9_e43af2e8abfe_015bb0ca5596" + }, + { + "stream": 0, + "src": "142.250.187.206", + "dst": "192.168.2.200", + "srcport": "443", + "dstport": "58847", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "142.250.187.206", + "dst": "192.168.2.200", + "srcport": "443", + "dstport": "58847", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + }, + { + "stream": 0, + "src": "192.168.2.200", + "dst": "142.250.187.206", + "srcport": "58847", + "dstport": "443", + "JA4H": "ge20cr18enus_40430d236f7c_10ff48fdaa11_ac323afc21f7" + } +] \ No newline at end of file diff --git a/python/test/testdata/ipv6.pcapng.json b/python/test/testdata/ipv6.pcapng.json new file mode 100644 index 0000000..33ee7cf --- /dev/null +++ b/python/test/testdata/ipv6.pcapng.json @@ -0,0 +1,21 @@ +[ + { + "stream": 0, + "src": "2001:4998:ef83:14:8000::100d", + "dst": "2606:4700::6811:d209", + "srcport": "64034", + "dstport": "443", + "client_ttl": "64", + "server_ttl": "59", + "JA4L-S": "18861_59", + "JA4L-C": "3911_64", + "domain": "www.cloudflare.com", + "JA4.1": "t00d4605h2_e9b8aa14296f_2bafe05263c3", + "JA4_r.1": "t00d4605h2_,,,,,,,,,,,,0,159,160,161,162,169,170,171,172,187,188,191,192,195,196,199,2,2,200,3,392,393,394,413,5,6,6,6,6,7,7,8,9,9_000a,000b,000d_37,39,423,81,83,25,27,166,909,9,1,3,5", + "JA4_o.1": "t00d4605h2_463625df507c_6af77b7964cc", + "JA4_ro.1": "t00d4605h2_200,196,192,188,172,162,9,7,,393,392,394,413,6,6,9,7,,,2,2,199,195,191,187,171,161,8,3,,0,,6,,,6,,169,159,,,170,160,,,5_0000,000b,000a,000d,0010_37,39,423,81,83,25,27,166,909,9,1,3,5", + "JA4S": "t0004h2_393_1428ce7b4018", + "JA4X.1": "7d5dbb3783b4_ba7ce0880c07_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_7d5dbb3783b4_41a019652939" + } +] \ No newline at end of file diff --git a/python/test/testdata/latest.pcapng.json b/python/test/testdata/latest.pcapng.json new file mode 100644 index 0000000..8144089 --- /dev/null +++ b/python/test/testdata/latest.pcapng.json @@ -0,0 +1,112 @@ +[ + { + "stream": 1, + "src": "172.16.225.48", + "dst": "34.212.93.65", + "srcport": "52936", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "227", + "JA4L-S": "33804_227", + "JA4L-C": "513_128", + "domain": "pdx-col.eum-appdynamics.com", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_4ff83ae3fc4f", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,ff01,0000,001b,0012,4469,002d,002b,000d,0010,0033,000a,0005,0017,000b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t0006h2_199_3603f09c43ba", + "JA4X.1": "a373a9f83c6b_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_a83ffcd6e6c2" + }, + { + "stream": 3, + "src": "172.16.225.48", + "dst": "13.33.165.101", + "srcport": "52937", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "245", + "JA4L-S": "7096_245", + "JA4L-C": "449_128", + "domain": "discovery.cem.cloud.us", + "JA4.1": "t00d190800_4d06a43e2d88_5027fbe6a38d", + "JA4_r.1": "t00d190800_,,,,,161,162,171,172,187,188,191,192,195,196,199,200,6,7_0005,000a,000b,000d,0017,0023,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4_o.1": "t00d190800_be9ffe69a4f5_d558bccac42c", + "JA4_ro.1": "t00d190800_196,195,200,199,188,187,192,191,162,161,172,171,7,6,,,,,_0000,0005,000a,000b,000d,0023,0017,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4S": "t000600_199_51ad275821ba", + "JA4X.1": "a373a9f83c6b_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_a83ffcd6e6c2" + }, + { + "stream": 6, + "src": "172.16.225.48", + "dst": "23.43.242.57", + "srcport": "52939", + "dstport": "80", + "JA4H": "ge11nn07enus_3e3b55d61660_000000000000_000000000000" + }, + { + "stream": 9, + "src": "172.16.225.48", + "dst": "52.249.29.248", + "srcport": "52940", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "109", + "JA4L-S": "42103_109", + "JA4L-C": "513_128", + "domain": "ping-edge.smartscreen.microsoft.com", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_7cabee5c7374", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000b,0023,002d,001b,000d,ff01,0012,0005,002b,0017,0000,0010,4469,000a,0033,0015_27,52,25,83,53,81,54,37", + "JA4X.1": "a373a9f83c6b_2bab15409345_0f2217ba412e", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_c34b04c10969" + }, + { + "stream": 10, + "src": "172.16.225.48", + "dst": "52.249.29.248", + "srcport": "52941", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "109", + "JA4L-S": "53595_109", + "JA4L-C": "487_128", + "domain": "data-edge.smartscreen.microsoft.com", + "JA4.1": "t00d1616h2_73d9d18e4e10_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,018,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_828fc7e24cd3_e87b6a2ca453", + "JA4_ro.1": "t00d1616h2_018,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,0000,000a,0033,001b,0005,ff01,000d,0017,4469,0010,002b,000b,0012,002d,0015_27,52,25,83,53,81,54,37", + "JA4X.1": "a373a9f83c6b_2bab15409345_0f2217ba412e", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_c34b04c10969" + }, + { + "stream": 5, + "src": "172.16.225.48", + "dst": "34.205.195.66", + "srcport": "52938", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "43", + "JA4L-S": "14207_43", + "JA4L-C": "188_128", + "domain": "app.slack.com", + "JA4.1": "t00d1616h2_7ea02c1142d5_811abd909fb7", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0017,001b,0023,0029,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_5f27f96077ac", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,0010,0000,000b,0023,4469,ff01,0033,000a,002d,002b,0005,0017,0012,001b,0029_27,52,25,83,53,81,54,37", + "JA4S": "t000300_65_6bbbaf601ed8" + }, + { + "stream": 6, + "src": "172.16.225.48", + "dst": "23.43.242.57", + "srcport": "52939", + "dstport": "80", + "client_ttl": "128", + "server_ttl": "57", + "JA4L-S": "3915_57", + "JA4L-C": "32_128" + } +] \ No newline at end of file diff --git a/python/test/testdata/macos_tcp_flags.pcap.json b/python/test/testdata/macos_tcp_flags.pcap.json new file mode 100644 index 0000000..c7cb752 --- /dev/null +++ b/python/test/testdata/macos_tcp_flags.pcap.json @@ -0,0 +1,19 @@ +[ + { + "stream": 0, + "src": "172.16.5.16", + "dst": "172.67.24.71", + "srcport": "61311", + "dstport": "443", + "client_ttl": "64", + "server_ttl": "63", + "JA4L-S": "17255_63", + "JA4L-C": "393_64", + "domain": "venarisecurity.com", + "JA4.1": "t00d2613h2_0096994bd7a3_d4d083ab1cc3", + "JA4_r.1": "t00d2613h2_,,,,,160,161,162,170,171,172,187,188,191,192,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,002b,002d,0033,ff01_27,52,25,83,5,53,53,81,54,37,3", + "JA4_o.1": "t00d2613h2_28a84d664ec3_59cdbd16dec2", + "JA4_ro.1": "t00d2613h2_65,66,67,196,195,188,187,162,161,393,200,199,192,191,172,171,392,7,6,,,,,160,170,_ff01,0000,0017,000d,0005,0012,0010,000b,0033,002d,002b,000a,0015_27,52,25,83,5,53,53,81,54,37,3", + "JA4S": "t000200_65_234ea6891581" + } +] \ No newline at end of file diff --git a/python/test/testdata/quic-tls-handshake.pcapng.json b/python/test/testdata/quic-tls-handshake.pcapng.json new file mode 100644 index 0000000..0637a08 --- /dev/null +++ b/python/test/testdata/quic-tls-handshake.pcapng.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/python/test/testdata/quic-with-several-tls-frames.pcapng.json b/python/test/testdata/quic-with-several-tls-frames.pcapng.json new file mode 100644 index 0000000..0637a08 --- /dev/null +++ b/python/test/testdata/quic-with-several-tls-frames.pcapng.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/python/test/testdata/single-packets.pcap.json b/python/test/testdata/single-packets.pcap.json new file mode 100644 index 0000000..eb729c3 --- /dev/null +++ b/python/test/testdata/single-packets.pcap.json @@ -0,0 +1,66 @@ +[ + { + "stream": 0, + "src": "192.168.25.150", + "dst": "74.125.24.149", + "srcport": "49677", + "dstport": "80", + "JA4H": "ge11cr06enus_8c2f9ef95269_2a79f5d9f8b3_7b4d78c057bc" + }, + { + "stream": 1, + "src": "192.168.25.150", + "dst": "118.215.80.242", + "srcport": "49654", + "dstport": "80", + "JA4H": "ge11cr07enus_45c71a3fb6ea_a25bf252eb59_43a9e3e95c85" + }, + { + "stream": 2, + "src": "192.168.25.150", + "dst": "13.115.50.210", + "srcport": "49683", + "dstport": "80", + "JA4H": "ge11nr06enus_8c2f9ef95269_000000000000_000000000000" + }, + { + "stream": 3, + "src": "192.168.25.150", + "dst": "104.89.119.175", + "srcport": "49708", + "dstport": "80", + "JA4H": "po11cr09enus_130d8cd1913c_f81c0e5c6793_90689f748de6" + }, + { + "stream": 4, + "src": "192.168.25.150", + "dst": "193.242.192.43", + "srcport": "49735", + "dstport": "80", + "JA4H": "ge11cr07enus_45c71a3fb6ea_9ee64e91aa30_109254663367" + }, + { + "stream": 5, + "src": "192.168.25.150", + "dst": "74.125.24.100", + "srcport": "49733", + "dstport": "80", + "JA4H": "ge11nr06enus_8c2f9ef95269_000000000000_000000000000" + }, + { + "stream": 6, + "src": "192.168.25.150", + "dst": "74.125.24.95", + "srcport": "49743", + "dstport": "80", + "JA4H": "ge11nr06enus_8c2f9ef95269_000000000000_000000000000" + }, + { + "stream": 7, + "src": "192.168.25.150", + "dst": "35.174.150.168", + "srcport": "49738", + "dstport": "80", + "JA4H": "ge11cr06enus_8c2f9ef95269_d23bf79698dc_c1eaa758c543" + } +] \ No newline at end of file diff --git a/python/test/testdata/socks4-https.pcap.json b/python/test/testdata/socks4-https.pcap.json new file mode 100644 index 0000000..69c2259 --- /dev/null +++ b/python/test/testdata/socks4-https.pcap.json @@ -0,0 +1,13 @@ +[ + { + "stream": 0, + "src": "10.0.0.1", + "dst": "10.0.0.2", + "srcport": "50606", + "dstport": "9901", + "client_ttl": "126", + "server_ttl": "52", + "JA4L-S": "40155_52", + "JA4L-C": "119433_126" + } +] \ No newline at end of file diff --git a/python/test/testdata/ssh-r.pcap.json b/python/test/testdata/ssh-r.pcap.json new file mode 100644 index 0000000..495af14 --- /dev/null +++ b/python/test/testdata/ssh-r.pcap.json @@ -0,0 +1,64 @@ +[ + { + "stream": 1, + "src": "192.168.1.197", + "dst": "44.212.59.210", + "srcport": "46394", + "dstport": "22", + "client_ttl": "64", + "server_ttl": "116", + "JA4L-S": "4171_116", + "JA4L-C": "2058_64", + "ssh_extras": { + "hassh": "ec9ea89c70f5fc71cf61061bff5e4740", + "hassh_server": "2307c390c7c9aba5b4c9519e72347f34", + "ssh_protocol_client": "SSH-2.0-OpenSSH_7.4", + "ssh_protocol_server": "SSH-2.0-OpenSSH_8.7", + "encryption_algorithm": "aes256-gcm@openssh.com" + }, + "JA4SSH.1": "c64s64_c6s5_c0s0" + }, + { + "stream": 2, + "src": "192.168.1.197", + "dst": "44.212.59.210", + "srcport": "46396", + "dstport": "22", + "client_ttl": "64", + "server_ttl": "116", + "JA4L-S": "3169_116", + "JA4L-C": "184_64", + "ssh_extras": { + "hassh": "ec9ea89c70f5fc71cf61061bff5e4740", + "hassh_server": "2307c390c7c9aba5b4c9519e72347f34", + "ssh_protocol_client": "SSH-2.0-OpenSSH_7.4", + "ssh_protocol_server": "SSH-2.0-OpenSSH_8.7", + "encryption_algorithm": "aes256-gcm@openssh.com" + }, + "JA4SSH.1": "c64s64_c104s96_c0s0", + "JA4SSH.2": "c76s76_c108s92_c0s0", + "JA4SSH.3": "c76s76_c106s94_c0s0", + "JA4SSH.4": "c76s76_c111s89_c0s0", + "JA4SSH.5": "c76s76_c66s65_c0s0" + }, + { + "stream": 0, + "src": "192.168.1.169", + "dst": "192.168.1.197", + "srcport": "64980", + "dstport": "22", + "client_ttl": "128", + "server_ttl": "64", + "JA4L-S": "32_64", + "JA4L-C": "4991_128", + "ssh_extras": { + "hassh": "e77c2db7432e8cfbc42a96909a84fc8e", + "hassh_server": "6832f1ce43d4397c2c0a3e2f8c94334e", + "ssh_protocol_client": "SSH-2.0-PuTTY_Release_0.74", + "ssh_protocol_server": "SSH-2.0-OpenSSH_7.4", + "encryption_algorithm": "chacha20-poly1305@openssh.com" + }, + "JA4SSH.1": "c64s64_c107s93_c0s0", + "JA4SSH.2": "c64s64_c0s0_c0s0" + } +] \ No newline at end of file diff --git a/python/test/testdata/ssh-scp-1050.pcap.json b/python/test/testdata/ssh-scp-1050.pcap.json new file mode 100644 index 0000000..37f7fa4 --- /dev/null +++ b/python/test/testdata/ssh-scp-1050.pcap.json @@ -0,0 +1,24 @@ +[ + { + "stream": 0, + "src": "192.168.1.169", + "dst": "192.168.1.197", + "srcport": "49237", + "dstport": "22", + "client_ttl": "128", + "server_ttl": "64", + "JA4L-S": "38_64", + "JA4L-C": "6615_128", + "ssh_extras": { + "hassh": "eb6d4c713c7dcaba7cfd070b095213a9", + "hassh_server": "6832f1ce43d4397c2c0a3e2f8c94334e", + "ssh_protocol_client": "SSH-2.0-WinSCP_release_5.17.10", + "ssh_protocol_server": "SSH-2.0-OpenSSH_7.4", + "encryption_algorithm": "chacha20-poly1305@openssh.com" + }, + "JA4SSH.1": "c112s1460_c52s148_c0s0", + "JA4SSH.2": "c112s1460_c13s187_c0s0", + "JA4SSH.3": "c112s1460_c0s200_c0s0", + "JA4SSH.4": "c112s1460_c0s200_c0s0" + } +] \ No newline at end of file diff --git a/python/test/testdata/ssh.pcapng.json b/python/test/testdata/ssh.pcapng.json new file mode 100644 index 0000000..470f9aa --- /dev/null +++ b/python/test/testdata/ssh.pcapng.json @@ -0,0 +1,17 @@ +[ + { + "stream": 0, + "src": "172.16.225.48", + "dst": "54.160.114.75", + "srcport": "57377", + "dstport": "22", + "ssh_extras": { + "hassh": "06046964c022c6407d15a27b12a6a4fb", + "hassh_server": "699519fdcc30cbcd093d5cd01e4b1d56", + "ssh_protocol_client": "SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5", + "ssh_protocol_server": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", + "encryption_algorithm": "chacha20-poly1305@openssh.com" + }, + "JA4SSH.1": "c36s36_c76s124_c0s0" + } +] \ No newline at end of file diff --git a/python/test/testdata/ssh2-malformed.pcap.json b/python/test/testdata/ssh2-malformed.pcap.json new file mode 100644 index 0000000..d2dc4e7 --- /dev/null +++ b/python/test/testdata/ssh2-malformed.pcap.json @@ -0,0 +1,20 @@ +[ + { + "stream": 0, + "src": "10.0.0.1", + "dst": "10.0.0.2", + "srcport": "61672", + "dstport": "22", + "client_ttl": "64", + "server_ttl": "60", + "JA4L-S": "462_60", + "JA4L-C": "6310_64", + "ssh_extras": { + "hassh": "21b457a327ce7a2d4fce5ef2c42400bd", + "hassh_server": "f430cd6761697a6a658ee1d45ed22e49", + "ssh_protocol_client": "SSH-2.0-OpenSSH_5.3", + "ssh_protocol_server": "SSH-1.99-OpenSSH_3.9p1", + "encryption_algorithm": "aes128-cbc" + } + } +] \ No newline at end of file diff --git a/python/test/testdata/ssh2-moloch-crash.pcap.json b/python/test/testdata/ssh2-moloch-crash.pcap.json new file mode 100644 index 0000000..d2dc4e7 --- /dev/null +++ b/python/test/testdata/ssh2-moloch-crash.pcap.json @@ -0,0 +1,20 @@ +[ + { + "stream": 0, + "src": "10.0.0.1", + "dst": "10.0.0.2", + "srcport": "61672", + "dstport": "22", + "client_ttl": "64", + "server_ttl": "60", + "JA4L-S": "462_60", + "JA4L-C": "6310_64", + "ssh_extras": { + "hassh": "21b457a327ce7a2d4fce5ef2c42400bd", + "hassh_server": "f430cd6761697a6a658ee1d45ed22e49", + "ssh_protocol_client": "SSH-2.0-OpenSSH_5.3", + "ssh_protocol_server": "SSH-1.99-OpenSSH_3.9p1", + "encryption_algorithm": "aes128-cbc" + } + } +] \ No newline at end of file diff --git a/python/test/testdata/ssh2.pcapng.json b/python/test/testdata/ssh2.pcapng.json new file mode 100644 index 0000000..2577819 --- /dev/null +++ b/python/test/testdata/ssh2.pcapng.json @@ -0,0 +1,176 @@ +[ + { + "stream": 5, + "src": "172.16.225.48", + "dst": "146.112.255.155", + "srcport": "57368", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "53", + "JA4L-S": "12517_53", + "JA4L-C": "414_128", + "domain": "updates.opendns.com", + "JA4.1": "t00d190800_4d06a43e2d88_5027fbe6a38d", + "JA4_r.1": "t00d190800_,,,,,161,162,171,172,187,188,191,192,195,196,199,200,6,7_0005,000a,000b,000d,0017,0023,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4_o.1": "t00d190800_be9ffe69a4f5_d558bccac42c", + "JA4_ro.1": "t00d190800_196,195,200,199,188,187,192,191,162,161,172,171,7,6,,,,,_0000,0005,000a,000b,000d,0023,0017,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4S": "t000400_199_4993ccf7354b", + "JA4X.1": "a373a9f83c6b_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_a83ffcd6e6c2" + }, + { + "stream": 8, + "src": "172.16.225.48", + "dst": "34.248.242.11", + "srcport": "57371", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "235", + "JA4L-S": "55492_235", + "JA4L-C": "234_128", + "domain": "mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com", + "JA4.1": "t00d1909h2_4d06a43e2d88_5027fbe6a38d", + "JA4_r.1": "t00d1909h2_,,,,,161,162,171,172,187,188,191,192,195,196,199,200,6,7_0005,000a,000b,000d,0017,0023,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4_o.1": "t00d1909h2_be9ffe69a4f5_4365fbc5b8ad", + "JA4_ro.1": "t00d1909h2_196,195,200,199,188,187,192,191,162,161,172,171,7,6,,,,,_0000,0005,000a,000b,000d,0023,0010,0017,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4S": "t000500_199_6471ab80eb72", + "JA4X.1": "f7a0b866a27b_30b9c68c9fc8_8f2dd91f85ae", + "JA4X.2": "f7a0b866a27b_f7a0b866a27b_b189698ac141" + }, + { + "stream": 11, + "src": "172.16.225.48", + "dst": "52.178.17.3", + "srcport": "57374", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "110", + "JA4L-S": "49308_110", + "JA4L-C": "161_128", + "domain": "self.events.data.microsoft.com", + "JA4.1": "t00d190800_4d06a43e2d88_5027fbe6a38d", + "JA4_r.1": "t00d190800_,,,,,161,162,171,172,187,188,191,192,195,196,199,200,6,7_0005,000a,000b,000d,0017,0023,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4_o.1": "t00d190800_be9ffe69a4f5_d558bccac42c", + "JA4_ro.1": "t00d190800_196,195,200,199,188,187,192,191,162,161,172,171,7,6,,,,,_0000,0005,000a,000b,000d,0023,0017,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4X.1": "a373a9f83c6b_2bab15409345_0f2217ba412e", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_c34b04c10969" + }, + { + "stream": 12, + "src": "172.16.225.48", + "dst": "204.79.197.220", + "srcport": "57375", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "119", + "JA4L-S": "3217_119", + "JA4L-C": "563_128", + "domain": "www.bing.com", + "JA4.1": "t00d1616h2_92d14b0b55fe_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,82_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_d4f7c34455ff_7bca467ce5a0", + "JA4_ro.1": "t00d1616h2_82,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,0017,0023,0033,002d,0005,0010,0012,ff01,000a,000d,000b,002b,4469,0000,0015_27,52,25,83,53,81,54,37", + "JA4X.1": "a373a9f83c6b_7022c563de38_0ce9ea683d50", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_44440d41940c" + }, + { + "stream": 13, + "src": "172.16.225.48", + "dst": "52.86.25.233", + "srcport": "57376", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "241", + "JA4L-S": "18693_241", + "JA4L-C": "236_128", + "domain": "4.sophosxl.net", + "JA4.1": "t00d1909h2_4d06a43e2d88_5027fbe6a38d", + "JA4_r.1": "t00d1909h2_,,,,,161,162,171,172,187,188,191,192,195,196,199,200,6,7_0005,000a,000b,000d,0017,0023,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4_o.1": "t00d1909h2_be9ffe69a4f5_4365fbc5b8ad", + "JA4_ro.1": "t00d1909h2_196,195,200,199,188,187,192,191,162,161,172,171,7,6,,,,,_0000,0005,000a,000b,000d,0023,0010,0017,ff01_52,53,54,25,81,3,27,83,5,4,37,39", + "JA4S": "t000200_199_344b4dce5a52", + "JA4X.1": "a373a9f83c6b_7022c563de38_7bf9a7bf7029", + "JA4X.2": "a373a9f83c6b_a373a9f83c6b_3684c5172069", + "JA4X.3": "2bab15409345_a373a9f83c6b_44ce05048d28", + "JA4X.4": "e7bc7ebc3d9e_2bab15409345_44ce05048d28" + }, + { + "stream": 15, + "src": "172.16.225.48", + "dst": "184.150.157.177", + "srcport": "57380", + "dstport": "80", + "JA4H": "ge11nn030000_9ab90a797ba7_000000000000_000000000000" + }, + { + "stream": 22, + "src": "172.16.225.48", + "dst": "184.150.157.177", + "srcport": "57396", + "dstport": "80", + "JA4H": "ge11nn030000_9ab90a797ba7_000000000000_000000000000" + }, + { + "stream": 33, + "src": "172.16.225.48", + "dst": "142.251.32.74", + "srcport": "51810", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "57", + "JA4L-S": "16192_57" + }, + { + "stream": 36, + "src": "172.16.225.48", + "dst": "142.251.41.46", + "srcport": "61861", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "57", + "JA4L-S": "5389_57", + "JA4L-C": "169_128" + }, + { + "stream": 14, + "src": "172.16.225.48", + "dst": "54.160.114.75", + "srcport": "57377", + "dstport": "22", + "client_ttl": "128", + "server_ttl": "50", + "JA4L-S": "12897_50", + "JA4L-C": "2645_128", + "ssh_extras": { + "hassh": "06046964c022c6407d15a27b12a6a4fb", + "hassh_server": "699519fdcc30cbcd093d5cd01e4b1d56", + "ssh_protocol_client": "SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5", + "ssh_protocol_server": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", + "encryption_algorithm": "chacha20-poly1305@openssh.com" + }, + "JA4SSH.1": "c36s36_c76s124_c0s0", + "JA4SSH.2": "c36s36_c0s0_c0s0" + }, + { + "stream": 15, + "src": "172.16.225.48", + "dst": "184.150.157.177", + "srcport": "57380", + "dstport": "80", + "client_ttl": "128", + "server_ttl": "58", + "JA4L-S": "6252_58", + "JA4L-C": "45_128" + }, + { + "stream": 22, + "src": "172.16.225.48", + "dst": "184.150.157.177", + "srcport": "57396", + "dstport": "80", + "client_ttl": "128", + "server_ttl": "58", + "JA4L-S": "4272_58", + "JA4L-C": "50_128" + } +] \ No newline at end of file diff --git a/python/test/testdata/sshv1.pcap.json b/python/test/testdata/sshv1.pcap.json new file mode 100644 index 0000000..fbaeb48 --- /dev/null +++ b/python/test/testdata/sshv1.pcap.json @@ -0,0 +1,20 @@ +[ + { + "stream": 0, + "src": "3ffe:507:0:1:200:86ff:fe05:80da", + "dst": "3ffe:501:410:0:2c0:dfff:fe47:33e", + "srcport": "1022", + "dstport": "22", + "client_ttl": "64", + "server_ttl": "61", + "JA4L-S": "28494_61", + "JA4L-C": "39940_64", + "ssh_extras": { + "hassh": "", + "hassh_server": "", + "ssh_protocol_client": "SSH-1.5-1.2.26", + "ssh_protocol_server": "SSH-1.5-1.2.26", + "encryption_algorithm": "" + } + } +] \ No newline at end of file diff --git a/python/test/testdata/tcpdump-geneve.pcap.json b/python/test/testdata/tcpdump-geneve.pcap.json new file mode 100644 index 0000000..4252d2b --- /dev/null +++ b/python/test/testdata/tcpdump-geneve.pcap.json @@ -0,0 +1,20 @@ +[ + { + "stream": 0, + "src": "20.0.0.2", + "dst": "20.0.0.1", + "srcport": "51225", + "dstport": "22", + "client_ttl": "64", + "server_ttl": "64", + "JA4L-S": "24_64", + "JA4L-C": "3418_64", + "ssh_extras": { + "hassh": "21b457a327ce7a2d4fce5ef2c42400bd", + "hassh_server": "ce3c327f37ea2ec21f317fbc3fd1ea43", + "ssh_protocol_client": "SSH-2.0-OpenSSH_5.3", + "ssh_protocol_server": "SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1", + "encryption_algorithm": "aes128-ctr" + } + } +] \ No newline at end of file diff --git a/python/test/testdata/tls-alpn-h2.pcap.json b/python/test/testdata/tls-alpn-h2.pcap.json new file mode 100644 index 0000000..33ee7cf --- /dev/null +++ b/python/test/testdata/tls-alpn-h2.pcap.json @@ -0,0 +1,21 @@ +[ + { + "stream": 0, + "src": "2001:4998:ef83:14:8000::100d", + "dst": "2606:4700::6811:d209", + "srcport": "64034", + "dstport": "443", + "client_ttl": "64", + "server_ttl": "59", + "JA4L-S": "18861_59", + "JA4L-C": "3911_64", + "domain": "www.cloudflare.com", + "JA4.1": "t00d4605h2_e9b8aa14296f_2bafe05263c3", + "JA4_r.1": "t00d4605h2_,,,,,,,,,,,,0,159,160,161,162,169,170,171,172,187,188,191,192,195,196,199,2,2,200,3,392,393,394,413,5,6,6,6,6,7,7,8,9,9_000a,000b,000d_37,39,423,81,83,25,27,166,909,9,1,3,5", + "JA4_o.1": "t00d4605h2_463625df507c_6af77b7964cc", + "JA4_ro.1": "t00d4605h2_200,196,192,188,172,162,9,7,,393,392,394,413,6,6,9,7,,,2,2,199,195,191,187,171,161,8,3,,0,,6,,,6,,169,159,,,170,160,,,5_0000,000b,000a,000d,0010_37,39,423,81,83,25,27,166,909,9,1,3,5", + "JA4S": "t0004h2_393_1428ce7b4018", + "JA4X.1": "7d5dbb3783b4_ba7ce0880c07_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_7d5dbb3783b4_41a019652939" + } +] \ No newline at end of file diff --git a/python/test/testdata/tls-handshake.pcapng.json b/python/test/testdata/tls-handshake.pcapng.json new file mode 100644 index 0000000..26d5cc2 --- /dev/null +++ b/python/test/testdata/tls-handshake.pcapng.json @@ -0,0 +1,802 @@ +[ + { + "stream": 5, + "src": "192.168.1.168", + "dst": "192.241.241.147", + "srcport": "50122", + "dstport": "443", + "domain": "lp-push-server-452.lastpass.com", + "JA4.1": "t00d1616h1_73d9d18e4e10_bed3546ee6f4", + "JA4_r.1": "t00d1616h1_,,018,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h1_828fc7e24cd3_89403d34d704", + "JA4_ro.1": "t00d1616h1_018,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,0033,0000,ff01,002b,0023,002d,0005,0012,000b,0017,4469,0010,001b,000a,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000300_200_bec8bdbaef8a", + "JA4X.1": "a373a9f83c6b_2bab15409345_5a6862e71bea", + "JA4X.2": "0b479b1b5763_a373a9f83c6b_2fbee3f04f3b" + }, + { + "stream": 33, + "src": "192.168.1.168", + "dst": "23.218.218.147", + "srcport": "50157", + "dstport": "443", + "domain": "statics-marketingsites-eus-ms-com.akamaized.net", + "JA4.1": "t00d1616h2_6307a8b4e18c_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_09a40e5600a4_15ef7e1f7aa9", + "JA4_ro.1": "t00d1616h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,ff01,002b,0000,4469,001b,000b,0012,0005,000d,0017,002d,0010,000a,0023,0015_27,52,25,83,53,81,54,37", + "JA4S": "t0006h1_195_9bd66850b8f2", + "JA4X.1": "a373a9f83c6b_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_a83ffcd6e6c2" + }, + { + "stream": 34, + "src": "192.168.1.168", + "dst": "23.218.218.171", + "srcport": "50158", + "dstport": "443", + "domain": "img-prod-cms-rt-microsoft-com.akamaized.net", + "JA4.1": "t00d1616h2_9d59fcccb793_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,578,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0e3e4812791b_1e75d5233100", + "JA4_ro.1": "t00d1616h2_578,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,0012,001b,000b,002d,0017,002b,0005,0023,000a,4469,000d,ff01,0033,0000,0015_27,52,25,83,53,81,54,37", + "JA4S": "t0006h2_195_9bd66850b8f2", + "JA4X.1": "a373a9f83c6b_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_a83ffcd6e6c2" + }, + { + "stream": 40, + "src": "192.168.1.168", + "dst": "13.107.237.40", + "srcport": "50164", + "dstport": "443", + "domain": "wcpstatic.microsoft.com", + "JA4.1": "t00d1616h2_06835249484a_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,802_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_572e68ba0241_798d2f271f6f", + "JA4_ro.1": "t00d1616h2_802,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000b,0005,0000,0017,000a,0033,002b,0012,000d,ff01,0010,0023,002d,001b,4469,0015_27,52,25,83,53,81,54,37", + "JA4S": "t0006h2_199_46cf7c3c6b8f", + "JA4X.1": "a373a9f83c6b_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_a83ffcd6e6c2", + "JA4X.3": "7d5dbb3783b4_7d5dbb3783b4_f269f029c206" + }, + { + "stream": 43, + "src": "192.168.1.168", + "dst": "40.126.24.84", + "srcport": "50167", + "dstport": "443", + "domain": "login.live.com", + "JA4.1": "t00d1616h2_73d9d18e4e10_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,018,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_828fc7e24cd3_8af5184c75f5", + "JA4_ro.1": "t00d1616h2_018,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000b,0033,0000,ff01,000a,002d,0023,0012,000d,4469,0017,002b,001b,0005,0010,0015_27,52,25,83,53,81,54,37", + "JA4X.1": "a373a9f83c6b_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_44440d41940c" + }, + { + "stream": 46, + "src": "192.168.1.168", + "dst": "3.223.179.120", + "srcport": "50170", + "dstport": "443", + "domain": "target.microsoft.com", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_610f21c992f2", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,ff01,001b,0023,0000,0033,000a,000b,0005,0010,000d,0012,002d,4469,002b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t0004h2_199_1428ce7b4018", + "JA4X.1": "a373a9f83c6b_2bab15409345_7bf9a7bf7029", + "JA4X.2": "7d5dbb3783b4_a373a9f83c6b_a83ffcd6e6c2", + "JA4X.3": "7d5dbb3783b4_7d5dbb3783b4_f269f029c206" + }, + { + "stream": 0, + "src": "192.168.1.168", + "dst": "142.251.16.94", + "srcport": "50112", + "dstport": "443", + "domain": "clientservices.googleapis.com", + "JA4.1": "t00d1616h2_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0200e8047a78_2fc760fab8bb", + "JA4_ro.1": "t00d1616h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_ff01,0033,002d,0005,4469,000d,0010,0023,001b,002b,0000,0012,000a,0017,000b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 1, + "src": "192.168.1.168", + "dst": "142.251.163.147", + "srcport": "50113", + "dstport": "443", + "domain": "www.google.com", + "JA4.1": "t00d1616h2_06835249484a_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,802_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_572e68ba0241_16a20564e4a6", + "JA4_ro.1": "t00d1616h2_802,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,0017,ff01,0010,000d,002b,0005,0023,0033,0000,0012,000b,000a,4469,002d,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 2, + "src": "192.168.1.168", + "dst": "172.253.122.84", + "srcport": "50114", + "dstport": "443", + "domain": "accounts.google.com", + "JA4.1": "t00d1616h2_a4a0f159df49_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,242,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_a70fd968ce15_e559b0da29d0", + "JA4_ro.1": "t00d1616h2_242,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,0000,0033,0010,4469,0017,002d,000d,0005,0023,0012,002b,ff01,000b,000a,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 3, + "src": "192.168.1.168", + "dst": "142.251.16.95", + "srcport": "50115", + "dstport": "443", + "domain": "www.googleapis.com", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_0557d6d97bf7", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,0000,ff01,0010,4469,001b,002d,002b,0023,000d,0012,000b,0033,000a,0017,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 4, + "src": "192.168.1.168", + "dst": "104.112.30.74", + "srcport": "50116", + "dstport": "443", + "domain": "lastpass.com", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_c528162cda70", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_ff01,0005,002b,001b,000a,0033,000b,000d,0000,002d,0023,0012,0017,0010,4469,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 6, + "src": "192.168.1.168", + "dst": "142.251.163.188", + "srcport": "50123", + "dstport": "5228", + "domain": "mtalk.google.com", + "JA4.1": "t00d161400_4109672baa2e_81116c3a4ed4", + "JA4_r.1": "t00d161400_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d161400_0200e8047a78_f23aaf66726d", + "JA4_ro.1": "t00d161400_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,002b,001b,0000,0012,002d,000d,000a,0005,0023,0017,ff01,000b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 7, + "src": "192.168.1.168", + "dst": "172.253.122.94", + "srcport": "50126", + "dstport": "443", + "domain": "www.gstatic.com", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_e670d63b8984", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,000b,ff01,0033,0017,001b,000a,4469,002b,0012,002d,0010,0023,000d,0000,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 8, + "src": "192.168.1.168", + "dst": "142.251.16.100", + "srcport": "50127", + "dstport": "443", + "domain": "ogs.google.com", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_69b3a448b66d", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,000d,ff01,000b,002d,4469,0010,0017,002b,0012,0033,000a,0005,0000,0023,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 9, + "src": "192.168.1.168", + "dst": "142.251.111.101", + "srcport": "50128", + "dstport": "443", + "domain": "aa.google.com", + "JA4.1": "t00d1616h2_4124bb9c93d9_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,026,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_9a2f5ecdd7aa_66406454524c", + "JA4_ro.1": "t00d1616h2_026,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,002d,0033,0010,001b,002b,0005,000a,000d,ff01,0000,0012,0017,4469,000b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 10, + "src": "192.168.1.168", + "dst": "142.251.163.95", + "srcport": "50130", + "dstport": "443", + "domain": "safebrowsing.googleapis.com", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_eb0606475d5b", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,4469,000d,0000,0017,0033,002b,0012,ff01,0023,002d,000b,001b,0005,000a,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 11, + "src": "192.168.1.168", + "dst": "31.13.66.35", + "srcport": "50131", + "dstport": "443", + "domain": "www.facebook.com", + "JA4.1": "t00d1616h2_a4a0f159df49_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,242,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_a70fd968ce15_a5b11a3e561b", + "JA4_ro.1": "t00d1616h2_242,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,4469,0017,002d,000a,000b,ff01,000d,0023,002b,001b,0005,0000,0010,0012,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 12, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50134", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_9130eaf0760a", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,ff01,0012,002d,001b,000a,0000,0017,0023,0033,0005,002b,0010,000b,4469,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 13, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50132", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_fd81d2c25fc3", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,0010,000d,0017,4469,0000,001b,0023,0012,0005,000a,000b,ff01,002d,002b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 14, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50135", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_906cedfb752f", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,0023,000b,0017,0000,002d,002b,0033,000d,0005,0010,4469,ff01,000a,0012,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 15, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50133", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0200e8047a78_72b3a495f80c", + "JA4_ro.1": "t00d1616h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000a,0033,0000,000b,4469,0005,000d,0017,002d,002b,ff01,001b,0023,0010,0012,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 16, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50136", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_1232493564c0_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,794_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_390f8e2ebadd_670c37f08900", + "JA4_ro.1": "t00d1616h2_794,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,0010,000a,002b,4469,0000,0033,0017,001b,0023,000d,0012,ff01,0005,000b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 17, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50137", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_5738aa05c719", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,0005,000b,4469,0017,0012,ff01,000d,0010,001b,000a,0033,002b,002d,0000,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 18, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50139", + "dstport": "443", + "domain": "scontent-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_9d59fcccb793_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,578,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0e3e4812791b_14d2c97ac0d7", + "JA4_ro.1": "t00d1616h2_578,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,ff01,000a,002b,001b,4469,000b,0010,0023,0033,0005,000d,002d,0012,0000,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 19, + "src": "192.168.1.168", + "dst": "31.13.66.2", + "srcport": "50140", + "dstport": "443", + "domain": "gateway.facebook.com", + "JA4.1": "t00d1616h1_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h1_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h1_0200e8047a78_f7150114d838", + "JA4_ro.1": "t00d1616h1_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,4469,0010,000a,002b,0033,001b,0017,0023,000b,0000,0005,ff01,002d,000d,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 20, + "src": "192.168.1.168", + "dst": "157.240.241.1", + "srcport": "50142", + "dstport": "443", + "domain": "scontent-lga3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_1232493564c0_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,794_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_390f8e2ebadd_d13963cf6322", + "JA4_ro.1": "t00d1616h2_794,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002b,0017,002d,0005,4469,000d,0012,0023,000a,001b,ff01,0033,000b,0000,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 21, + "src": "192.168.1.168", + "dst": "157.240.14.19", + "srcport": "50141", + "dstport": "443", + "domain": "scontent-mia3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_c6caae0df2a3", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0000,002b,000d,0010,002d,001b,000b,0023,ff01,0017,0012,0033,0005,4469,000a,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 22, + "src": "192.168.1.168", + "dst": "208.255.115.145", + "srcport": "50143", + "dstport": "443", + "domain": "scontent.fewr1-6.fna.fbcdn.net", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_9d334f2534f6", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_4469,000b,0033,002b,ff01,0000,0017,0023,001b,002d,000a,0010,0012,000d,0005,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 23, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50145", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_9d48320b88ee", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,0010,0012,002b,0005,001b,0017,000d,4469,0033,0000,000b,ff01,0023,000a,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 24, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50146", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_2492b4cc2c88", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,000d,0023,001b,0005,002d,000b,0017,ff01,002b,4469,0033,000a,0000,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 25, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50144", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_ceefb737daed", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,0010,0000,0033,001b,0012,000d,0023,0005,ff01,000b,002d,000a,002b,4469,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 26, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50147", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_4124bb9c93d9_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,026,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_9a2f5ecdd7aa_39017488afb6", + "JA4_ro.1": "t00d1616h2_026,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,0000,000b,000a,0023,0012,002b,002d,000d,ff01,0017,4469,0005,0033,001b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 27, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50148", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_4124bb9c93d9_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,026,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_9a2f5ecdd7aa_b98c92ff41fe", + "JA4_ro.1": "t00d1616h2_026,65,66,67,195,199,196,200,393,392,171,172,6,7,,_4469,000d,0017,0023,002b,0005,0010,002d,001b,0000,0012,000b,000a,0033,ff01,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 28, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50149", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_267b3aae5f67_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,130,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8282cc1561ee_bcbb1ceeb308", + "JA4_ro.1": "t00d1616h2_130,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000a,ff01,0010,002b,000b,0000,4469,0017,0012,000d,002d,0033,0023,001b,0005,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 29, + "src": "192.168.1.168", + "dst": "142.251.163.95", + "srcport": "50151", + "dstport": "443", + "domain": "content-autofill.googleapis.com", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_49eedbd2eea8", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,0010,0000,0005,0033,ff01,4469,002d,0012,000d,001b,0017,000a,002b,000b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + }, + { + "stream": 30, + "src": "192.168.1.168", + "dst": "157.240.229.17", + "srcport": "50152", + "dstport": "443", + "domain": "edge-chat.facebook.com", + "JA4.1": "t00d1616h1_4124bb9c93d9_bed3546ee6f4", + "JA4_r.1": "t00d1616h1_,,026,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h1_9a2f5ecdd7aa_7a52b4f1d573", + "JA4_ro.1": "t00d1616h1_026,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,0000,0023,000d,0017,0005,0010,0012,ff01,002b,001b,000b,000a,0033,4469,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 31, + "src": "192.168.1.168", + "dst": "157.240.229.17", + "srcport": "50153", + "dstport": "443", + "domain": "edge-chat.facebook.com", + "JA4.1": "t00d1617h1_06835249484a_a5cb12758aa4", + "JA4_r.1": "t00d1617h1_,,171,172,195,196,199,200,392,393,6,65,66,67,7,802_0005,000a,000b,000d,0012,0015,0017,001b,0023,0029,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1617h1_572e68ba0241_c1502c9f74cb", + "JA4_ro.1": "t00d1617h1_802,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0000,0017,0005,002b,0012,0023,000a,0033,0010,002d,001b,4469,000b,000d,ff01,0015,0029_27,52,25,83,53,81,54,37", + "JA4S": "t000300_65_0ee26285a86f" + }, + { + "stream": 32, + "src": "192.168.1.168", + "dst": "23.50.125.163", + "srcport": "50155", + "dstport": "443", + "domain": "www.microsoft.com", + "JA4.1": "t00d1616h2_92d14b0b55fe_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,82_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_d4f7c34455ff_8124b0d5bee2", + "JA4_ro.1": "t00d1616h2_82,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,0005,000b,0000,001b,0023,002d,000d,ff01,4469,002b,0017,0010,0012,000a,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 35, + "src": "192.168.1.168", + "dst": "23.212.251.12", + "srcport": "50160", + "dstport": "443", + "domain": "cdn-dynmedia-1.microsoft.com", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_2da15b9b255a", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,000b,0005,0000,000d,ff01,4469,0012,0017,002b,001b,002d,000a,0033,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 36, + "src": "192.168.1.168", + "dst": "23.212.251.12", + "srcport": "50162", + "dstport": "443", + "domain": "cdn-dynmedia-1.microsoft.com", + "JA4.1": "t00d1616h2_6307a8b4e18c_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_09a40e5600a4_a253dbabe7a2", + "JA4_ro.1": "t00d1616h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,0023,000a,000b,0000,0005,ff01,4469,002b,0017,001b,002d,000d,0033,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 37, + "src": "192.168.1.168", + "dst": "23.212.251.12", + "srcport": "50161", + "dstport": "443", + "domain": "cdn-dynmedia-1.microsoft.com", + "JA4.1": "t00d1616h2_92d14b0b55fe_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,82_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_d4f7c34455ff_1388c893a486", + "JA4_ro.1": "t00d1616h2_82,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000a,0012,002b,ff01,0000,0017,000d,000b,002d,001b,4469,0010,0033,0023,0005,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 38, + "src": "192.168.1.168", + "dst": "13.107.237.40", + "srcport": "50159", + "dstport": "443", + "domain": "mem.gfx.ms", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_69a5b7ced5c7", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,001b,0033,002d,4469,000a,000d,0012,ff01,000b,0023,002b,0000,0017,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250", + "JA4.2": "t00d1615h2_3d6d7dc826de_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_4f3397ca584e_5fa93c695689", + "JA4_ro.2": "t00d1615h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,001b,0033,002d,4469,000a,000d,0012,ff01,000b,0023,002b,0000,0017,0010_27,52,25,83,53,81,54,37" + }, + { + "stream": 39, + "src": "192.168.1.168", + "dst": "18.67.65.105", + "srcport": "50163", + "dstport": "443", + "domain": "via.placeholder.com", + "JA4.1": "t00d1616h2_e54801c2e950_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_229fbafadc6d_a1f5eff5fd8b", + "JA4_ro.1": "t00d1616h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,002b,4469,0012,0023,002d,0000,000b,0033,000a,0005,0017,ff01,001b,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 41, + "src": "192.168.1.168", + "dst": "13.107.238.40", + "srcport": "50165", + "dstport": "443", + "domain": "js.monitor.azure.com", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_5b66e173035f", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,000d,001b,002b,0000,4469,0023,ff01,0033,000a,0017,002d,000b,0010,0005,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250", + "JA4.2": "t00d1615h2_3d6d7dc826de_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_4f3397ca584e_ec4845452946", + "JA4_ro.2": "t00d1615h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,000d,001b,002b,0000,4469,0023,ff01,0033,000a,0017,002d,000b,0010,0005_27,52,25,83,53,81,54,37" + }, + { + "stream": 42, + "src": "192.168.1.168", + "dst": "13.107.237.40", + "srcport": "50166", + "dstport": "443", + "domain": "mem.gfx.ms", + "JA4.1": "t00d1616h2_e54801c2e950_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_229fbafadc6d_5c57d7d34ca4", + "JA4_ro.1": "t00d1616h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,001b,000b,0012,0010,002b,ff01,0033,0005,0000,0023,000a,002d,4469,000d,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250", + "JA4.2": "t00d1615h2_e54801c2e950_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_229fbafadc6d_910416100b12", + "JA4_ro.2": "t00d1615h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,001b,000b,0012,0010,002b,ff01,0033,0005,0000,0023,000a,002d,4469,000d_27,52,25,83,53,81,54,37" + }, + { + "stream": 44, + "src": "192.168.1.168", + "dst": "13.107.238.40", + "srcport": "50168", + "dstport": "443", + "domain": "logincdn.msauth.net", + "JA4.1": "t00d1616h2_92d14b0b55fe_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,82_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_d4f7c34455ff_f7f9b3ff40de", + "JA4_ro.1": "t00d1616h2_82,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002b,001b,000a,0033,0012,0005,000d,0000,002d,0017,0010,ff01,4469,000b,0023,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250", + "JA4.2": "t00d1615h2_92d14b0b55fe_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,82_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_d4f7c34455ff_cef006b50a55", + "JA4_ro.2": "t00d1615h2_82,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002b,001b,000a,0033,0012,0005,000d,0000,002d,0017,0010,ff01,4469,000b,0023_27,52,25,83,53,81,54,37" + }, + { + "stream": 45, + "src": "192.168.1.168", + "dst": "13.107.237.40", + "srcport": "50169", + "dstport": "443", + "domain": "mem.gfx.ms", + "JA4.1": "t00d1616h2_6307a8b4e18c_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_09a40e5600a4_3cfec2a9591f", + "JA4_ro.1": "t00d1616h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,ff01,0023,002b,002d,000d,0005,001b,000a,4469,0010,0000,0033,000b,0012,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250", + "JA4.2": "t00d1615h2_6307a8b4e18c_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_09a40e5600a4_b65077d6af85", + "JA4_ro.2": "t00d1615h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,ff01,0023,002b,002d,000d,0005,001b,000a,4469,0010,0000,0033,000b,0012_27,52,25,83,53,81,54,37" + }, + { + "stream": 47, + "src": "192.168.1.168", + "dst": "23.55.200.211", + "srcport": "50172", + "dstport": "443", + "domain": "www.apple.com", + "JA4.1": "t00d1616h2_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0200e8047a78_7dacaec9656d", + "JA4_ro.1": "t00d1616h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,0005,002d,4469,0012,ff01,0023,0017,000a,0000,0033,0010,000b,001b,002b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 48, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50175", + "dstport": "443", + "domain": "is1-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_e54801c2e950_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_229fbafadc6d_3ecba0861e51", + "JA4_ro.1": "t00d1616h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,000a,0005,4469,0033,002d,0017,0012,000b,001b,0023,ff01,002b,000d,0000,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 49, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50174", + "dstport": "443", + "domain": "is1-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_1595299e0424", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000a,0000,0033,0023,0017,002d,4469,001b,0010,ff01,000d,0012,002b,0005,000b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 50, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50177", + "dstport": "443", + "domain": "is2-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_9d59fcccb793_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,578,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0e3e4812791b_f162ffa569aa", + "JA4_ro.1": "t00d1616h2_578,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,4469,002b,002d,0000,0005,000a,ff01,001b,0017,0010,0033,000b,0012,000d,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 51, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50176", + "dstport": "443", + "domain": "is2-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_267b3aae5f67_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,130,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8282cc1561ee_6f6e7aeeeaff", + "JA4_ro.1": "t00d1616h2_130,65,66,67,195,199,196,200,393,392,171,172,6,7,,_4469,000a,001b,000b,0000,0023,000d,0017,002b,0033,ff01,002d,0005,0012,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 52, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50178", + "dstport": "443", + "domain": "is2-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0200e8047a78_504535a8f093", + "JA4_ro.1": "t00d1616h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,0023,0005,001b,0000,002d,0017,4469,000b,000d,0012,ff01,000a,002b,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 53, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50180", + "dstport": "443", + "domain": "is3-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_73d9d18e4e10_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,018,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_828fc7e24cd3_41b37e45f393", + "JA4_ro.1": "t00d1616h2_018,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,0017,0023,0012,0000,002b,002d,000a,000b,ff01,000d,0033,4469,0005,001b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 54, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50182", + "dstport": "443", + "domain": "is3-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_11ffca9cd0b3", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,0010,000a,000b,002b,000d,001b,002d,4469,0023,0033,0000,ff01,0012,0017,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 55, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50181", + "dstport": "443", + "domain": "is3-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_e54801c2e950_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_229fbafadc6d_b26e58a385ad", + "JA4_ro.1": "t00d1616h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,0012,002b,000a,000b,ff01,0005,000d,0023,001b,0033,0017,4469,0000,002d,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 56, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50179", + "dstport": "443", + "domain": "is2-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_1232493564c0_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,794_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_390f8e2ebadd_29f6b1a8b311", + "JA4_ro.1": "t00d1616h2_794,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,0023,ff01,0000,000b,0017,0033,000a,002b,0005,000d,0012,4469,001b,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 57, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50183", + "dstport": "443", + "domain": "is5-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_6307a8b4e18c_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_09a40e5600a4_7d5766b8de50", + "JA4_ro.1": "t00d1616h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,0000,0010,0023,0017,002d,4469,000a,0005,ff01,001b,002b,000b,000d,0012,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_66_a56c5b993250" + }, + { + "stream": 58, + "src": "192.168.1.168", + "dst": "172.253.63.95", + "srcport": "50184", + "dstport": "443", + "domain": "content-autofill.googleapis.com", + "JA4.1": "t00d1616h2_267b3aae5f67_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,130,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8282cc1561ee_675811c43dd5", + "JA4_ro.1": "t00d1616h2_130,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0000,0033,000d,0023,000b,ff01,000a,001b,4469,0012,002d,0010,0005,002b,0017,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + } +] \ No newline at end of file diff --git a/python/test/testdata/tls-non-ascii-alpn.pcapng.json b/python/test/testdata/tls-non-ascii-alpn.pcapng.json new file mode 100644 index 0000000..1a54030 --- /dev/null +++ b/python/test/testdata/tls-non-ascii-alpn.pcapng.json @@ -0,0 +1,15 @@ +[ + { + "stream": 0, + "src": "192.168.1.168", + "dst": "142.251.16.94", + "srcport": "50112", + "dstport": "443", + "domain": "clientservices.googleapis.com", + "JA4.1": "t00d161699_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d161699_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d161699_0200e8047a78_2fc760fab8bb", + "JA4_ro.1": "t00d161699_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_ff01,0033,002d,0005,4469,000d,0010,0023,001b,002b,0000,0012,000a,0017,000b,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_234ea6891581" + } +] \ No newline at end of file diff --git a/python/test/testdata/tls-sni.pcapng.json b/python/test/testdata/tls-sni.pcapng.json new file mode 100644 index 0000000..5b7dac8 --- /dev/null +++ b/python/test/testdata/tls-sni.pcapng.json @@ -0,0 +1,730 @@ +[ + { + "stream": 0, + "src": "192.168.1.168", + "dst": "142.251.16.94", + "srcport": "50112", + "dstport": "443", + "domain": "clientservices.googleapis.com", + "JA4.1": "t00d1616h2_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0200e8047a78_2fc760fab8bb", + "JA4_ro.1": "t00d1616h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_ff01,0033,002d,0005,4469,000d,0010,0023,001b,002b,0000,0012,000a,0017,000b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 1, + "src": "192.168.1.168", + "dst": "142.251.163.147", + "srcport": "50113", + "dstport": "443", + "domain": "www.google.com", + "JA4.1": "t00d1616h2_06835249484a_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,802_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_572e68ba0241_16a20564e4a6", + "JA4_ro.1": "t00d1616h2_802,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,0017,ff01,0010,000d,002b,0005,0023,0033,0000,0012,000b,000a,4469,002d,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 2, + "src": "192.168.1.168", + "dst": "172.253.122.84", + "srcport": "50114", + "dstport": "443", + "domain": "accounts.google.com", + "JA4.1": "t00d1616h2_a4a0f159df49_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,242,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_a70fd968ce15_e559b0da29d0", + "JA4_ro.1": "t00d1616h2_242,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,0000,0033,0010,4469,0017,002d,000d,0005,0023,0012,002b,ff01,000b,000a,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 3, + "src": "192.168.1.168", + "dst": "142.251.16.95", + "srcport": "50115", + "dstport": "443", + "domain": "www.googleapis.com", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_0557d6d97bf7", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,0000,ff01,0010,4469,001b,002d,002b,0023,000d,0012,000b,0033,000a,0017,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 4, + "src": "192.168.1.168", + "dst": "104.112.30.74", + "srcport": "50116", + "dstport": "443", + "domain": "lastpass.com", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_c528162cda70", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_ff01,0005,002b,001b,000a,0033,000b,000d,0000,002d,0023,0012,0017,0010,4469,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 5, + "src": "192.168.1.168", + "dst": "192.241.241.147", + "srcport": "50122", + "dstport": "443", + "domain": "lp-push-server-452.lastpass.com", + "JA4.1": "t00d1616h1_73d9d18e4e10_bed3546ee6f4", + "JA4_r.1": "t00d1616h1_,,018,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h1_828fc7e24cd3_89403d34d704", + "JA4_ro.1": "t00d1616h1_018,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,0033,0000,ff01,002b,0023,002d,0005,0012,000b,0017,4469,0010,001b,000a,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 6, + "src": "192.168.1.168", + "dst": "142.251.163.188", + "srcport": "50123", + "dstport": "5228", + "domain": "mtalk.google.com", + "JA4.1": "t00d161400_4109672baa2e_81116c3a4ed4", + "JA4_r.1": "t00d161400_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d161400_0200e8047a78_f23aaf66726d", + "JA4_ro.1": "t00d161400_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,002b,001b,0000,0012,002d,000d,000a,0005,0023,0017,ff01,000b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 7, + "src": "192.168.1.168", + "dst": "172.253.122.94", + "srcport": "50126", + "dstport": "443", + "domain": "www.gstatic.com", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_e670d63b8984", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,000b,ff01,0033,0017,001b,000a,4469,002b,0012,002d,0010,0023,000d,0000,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 8, + "src": "192.168.1.168", + "dst": "142.251.16.100", + "srcport": "50127", + "dstport": "443", + "domain": "ogs.google.com", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_69b3a448b66d", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,000d,ff01,000b,002d,4469,0010,0017,002b,0012,0033,000a,0005,0000,0023,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 9, + "src": "192.168.1.168", + "dst": "142.251.111.101", + "srcport": "50128", + "dstport": "443", + "domain": "aa.google.com", + "JA4.1": "t00d1616h2_4124bb9c93d9_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,026,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_9a2f5ecdd7aa_66406454524c", + "JA4_ro.1": "t00d1616h2_026,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,002d,0033,0010,001b,002b,0005,000a,000d,ff01,0000,0012,0017,4469,000b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 10, + "src": "192.168.1.168", + "dst": "142.251.163.95", + "srcport": "50130", + "dstport": "443", + "domain": "safebrowsing.googleapis.com", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_eb0606475d5b", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,4469,000d,0000,0017,0033,002b,0012,ff01,0023,002d,000b,001b,0005,000a,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 11, + "src": "192.168.1.168", + "dst": "31.13.66.35", + "srcport": "50131", + "dstport": "443", + "domain": "www.facebook.com", + "JA4.1": "t00d1616h2_a4a0f159df49_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,242,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_a70fd968ce15_a5b11a3e561b", + "JA4_ro.1": "t00d1616h2_242,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,4469,0017,002d,000a,000b,ff01,000d,0023,002b,001b,0005,0000,0010,0012,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 12, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50134", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_9130eaf0760a", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,ff01,0012,002d,001b,000a,0000,0017,0023,0033,0005,002b,0010,000b,4469,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 13, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50132", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_fd81d2c25fc3", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,0010,000d,0017,4469,0000,001b,0023,0012,0005,000a,000b,ff01,002d,002b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 14, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50135", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_906cedfb752f", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,0023,000b,0017,0000,002d,002b,0033,000d,0005,0010,4469,ff01,000a,0012,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 15, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50133", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0200e8047a78_72b3a495f80c", + "JA4_ro.1": "t00d1616h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000a,0033,0000,000b,4469,0005,000d,0017,002d,002b,ff01,001b,0023,0010,0012,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 16, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50136", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_1232493564c0_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,794_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_390f8e2ebadd_670c37f08900", + "JA4_ro.1": "t00d1616h2_794,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,0010,000a,002b,4469,0000,0033,0017,001b,0023,000d,0012,ff01,0005,000b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 17, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50137", + "dstport": "443", + "domain": "static.xx.fbcdn.net", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_5738aa05c719", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,0005,000b,4469,0017,0012,ff01,000d,0010,001b,000a,0033,002b,002d,0000,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 18, + "src": "192.168.1.168", + "dst": "157.240.229.1", + "srcport": "50139", + "dstport": "443", + "domain": "scontent-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_9d59fcccb793_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,578,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0e3e4812791b_14d2c97ac0d7", + "JA4_ro.1": "t00d1616h2_578,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,ff01,000a,002b,001b,4469,000b,0010,0023,0033,0005,000d,002d,0012,0000,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 19, + "src": "192.168.1.168", + "dst": "31.13.66.2", + "srcport": "50140", + "dstport": "443", + "domain": "gateway.facebook.com", + "JA4.1": "t00d1616h1_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h1_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h1_0200e8047a78_f7150114d838", + "JA4_ro.1": "t00d1616h1_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,4469,0010,000a,002b,0033,001b,0017,0023,000b,0000,0005,ff01,002d,000d,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 20, + "src": "192.168.1.168", + "dst": "157.240.241.1", + "srcport": "50142", + "dstport": "443", + "domain": "scontent-lga3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_1232493564c0_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,794_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_390f8e2ebadd_d13963cf6322", + "JA4_ro.1": "t00d1616h2_794,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002b,0017,002d,0005,4469,000d,0012,0023,000a,001b,ff01,0033,000b,0000,0010,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 21, + "src": "192.168.1.168", + "dst": "157.240.14.19", + "srcport": "50141", + "dstport": "443", + "domain": "scontent-mia3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_c6caae0df2a3", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0000,002b,000d,0010,002d,001b,000b,0023,ff01,0017,0012,0033,0005,4469,000a,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 22, + "src": "192.168.1.168", + "dst": "208.255.115.145", + "srcport": "50143", + "dstport": "443", + "domain": "scontent.fewr1-6.fna.fbcdn.net", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_9d334f2534f6", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_4469,000b,0033,002b,ff01,0000,0017,0023,001b,002d,000a,0010,0012,000d,0005,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 23, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50145", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_9d48320b88ee", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,0010,0012,002b,0005,001b,0017,000d,4469,0033,0000,000b,ff01,0023,000a,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 24, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50146", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_2492b4cc2c88", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,000d,0023,001b,0005,002d,000b,0017,ff01,002b,4469,0033,000a,0000,0010,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 25, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50144", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_ceefb737daed", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,0010,0000,0033,001b,0012,000d,0023,0005,ff01,000b,002d,000a,002b,4469,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 26, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50147", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_4124bb9c93d9_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,026,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_9a2f5ecdd7aa_39017488afb6", + "JA4_ro.1": "t00d1616h2_026,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,0000,000b,000a,0023,0012,002b,002d,000d,ff01,0017,4469,0005,0033,001b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 27, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50148", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_4124bb9c93d9_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,026,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_9a2f5ecdd7aa_b98c92ff41fe", + "JA4_ro.1": "t00d1616h2_026,65,66,67,195,199,196,200,393,392,171,172,6,7,,_4469,000d,0017,0023,002b,0005,0010,002d,001b,0000,0012,000b,000a,0033,ff01,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 28, + "src": "192.168.1.168", + "dst": "157.240.229.2", + "srcport": "50149", + "dstport": "443", + "domain": "video-iad3-2.xx.fbcdn.net", + "JA4.1": "t00d1616h2_267b3aae5f67_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,130,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8282cc1561ee_bcbb1ceeb308", + "JA4_ro.1": "t00d1616h2_130,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000a,ff01,0010,002b,000b,0000,4469,0017,0012,000d,002d,0033,0023,001b,0005,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 29, + "src": "192.168.1.168", + "dst": "142.251.163.95", + "srcport": "50151", + "dstport": "443", + "domain": "content-autofill.googleapis.com", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_49eedbd2eea8", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,0010,0000,0005,0033,ff01,4469,002d,0012,000d,001b,0017,000a,002b,000b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 30, + "src": "192.168.1.168", + "dst": "157.240.229.17", + "srcport": "50152", + "dstport": "443", + "domain": "edge-chat.facebook.com", + "JA4.1": "t00d1616h1_4124bb9c93d9_bed3546ee6f4", + "JA4_r.1": "t00d1616h1_,,026,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h1_9a2f5ecdd7aa_7a52b4f1d573", + "JA4_ro.1": "t00d1616h1_026,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,0000,0023,000d,0017,0005,0010,0012,ff01,002b,001b,000b,000a,0033,4469,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 31, + "src": "192.168.1.168", + "dst": "157.240.229.17", + "srcport": "50153", + "dstport": "443", + "domain": "edge-chat.facebook.com", + "JA4.1": "t00d1617h1_06835249484a_a5cb12758aa4", + "JA4_r.1": "t00d1617h1_,,171,172,195,196,199,200,392,393,6,65,66,67,7,802_0005,000a,000b,000d,0012,0015,0017,001b,0023,0029,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1617h1_572e68ba0241_c1502c9f74cb", + "JA4_ro.1": "t00d1617h1_802,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0000,0017,0005,002b,0012,0023,000a,0033,0010,002d,001b,4469,000b,000d,ff01,0015,0029_27,52,25,83,53,81,54,37" + }, + { + "stream": 32, + "src": "192.168.1.168", + "dst": "23.50.125.163", + "srcport": "50155", + "dstport": "443", + "domain": "www.microsoft.com", + "JA4.1": "t00d1616h2_92d14b0b55fe_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,82_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_d4f7c34455ff_8124b0d5bee2", + "JA4_ro.1": "t00d1616h2_82,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,0005,000b,0000,001b,0023,002d,000d,ff01,4469,002b,0017,0010,0012,000a,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 33, + "src": "192.168.1.168", + "dst": "23.218.218.147", + "srcport": "50157", + "dstport": "443", + "domain": "statics-marketingsites-eus-ms-com.akamaized.net", + "JA4.1": "t00d1616h2_6307a8b4e18c_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_09a40e5600a4_15ef7e1f7aa9", + "JA4_ro.1": "t00d1616h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,ff01,002b,0000,4469,001b,000b,0012,0005,000d,0017,002d,0010,000a,0023,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 34, + "src": "192.168.1.168", + "dst": "23.218.218.171", + "srcport": "50158", + "dstport": "443", + "domain": "img-prod-cms-rt-microsoft-com.akamaized.net", + "JA4.1": "t00d1616h2_9d59fcccb793_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,578,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0e3e4812791b_1e75d5233100", + "JA4_ro.1": "t00d1616h2_578,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,0012,001b,000b,002d,0017,002b,0005,0023,000a,4469,000d,ff01,0033,0000,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 35, + "src": "192.168.1.168", + "dst": "23.212.251.12", + "srcport": "50160", + "dstport": "443", + "domain": "cdn-dynmedia-1.microsoft.com", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_2da15b9b255a", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,000b,0005,0000,000d,ff01,4469,0012,0017,002b,001b,002d,000a,0033,0010,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 36, + "src": "192.168.1.168", + "dst": "23.212.251.12", + "srcport": "50162", + "dstport": "443", + "domain": "cdn-dynmedia-1.microsoft.com", + "JA4.1": "t00d1616h2_6307a8b4e18c_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_09a40e5600a4_a253dbabe7a2", + "JA4_ro.1": "t00d1616h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,0023,000a,000b,0000,0005,ff01,4469,002b,0017,001b,002d,000d,0033,0010,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 37, + "src": "192.168.1.168", + "dst": "23.212.251.12", + "srcport": "50161", + "dstport": "443", + "domain": "cdn-dynmedia-1.microsoft.com", + "JA4.1": "t00d1616h2_92d14b0b55fe_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,82_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_d4f7c34455ff_1388c893a486", + "JA4_ro.1": "t00d1616h2_82,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000a,0012,002b,ff01,0000,0017,000d,000b,002d,001b,4469,0010,0033,0023,0005,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 38, + "src": "192.168.1.168", + "dst": "13.107.237.40", + "srcport": "50159", + "dstport": "443", + "domain": "mem.gfx.ms", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_69a5b7ced5c7", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,001b,0033,002d,4469,000a,000d,0012,ff01,000b,0023,002b,0000,0017,0010,0015_27,52,25,83,53,81,54,37", + "JA4.2": "t00d1615h2_3d6d7dc826de_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_4f3397ca584e_5fa93c695689", + "JA4_ro.2": "t00d1615h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,001b,0033,002d,4469,000a,000d,0012,ff01,000b,0023,002b,0000,0017,0010_27,52,25,83,53,81,54,37" + }, + { + "stream": 39, + "src": "192.168.1.168", + "dst": "18.67.65.105", + "srcport": "50163", + "dstport": "443", + "domain": "via.placeholder.com", + "JA4.1": "t00d1616h2_e54801c2e950_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_229fbafadc6d_a1f5eff5fd8b", + "JA4_ro.1": "t00d1616h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,002b,4469,0012,0023,002d,0000,000b,0033,000a,0005,0017,ff01,001b,0010,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 40, + "src": "192.168.1.168", + "dst": "13.107.237.40", + "srcport": "50164", + "dstport": "443", + "domain": "wcpstatic.microsoft.com", + "JA4.1": "t00d1616h2_06835249484a_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,802_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_572e68ba0241_798d2f271f6f", + "JA4_ro.1": "t00d1616h2_802,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000b,0005,0000,0017,000a,0033,002b,0012,000d,ff01,0010,0023,002d,001b,4469,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 41, + "src": "192.168.1.168", + "dst": "13.107.238.40", + "srcport": "50165", + "dstport": "443", + "domain": "js.monitor.azure.com", + "JA4.1": "t00d1616h2_3d6d7dc826de_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_4f3397ca584e_5b66e173035f", + "JA4_ro.1": "t00d1616h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,000d,001b,002b,0000,4469,0023,ff01,0033,000a,0017,002d,000b,0010,0005,0015_27,52,25,83,53,81,54,37", + "JA4.2": "t00d1615h2_3d6d7dc826de_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,171,172,195,196,199,200,250,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_4f3397ca584e_ec4845452946", + "JA4_ro.2": "t00d1615h2_250,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,000d,001b,002b,0000,4469,0023,ff01,0033,000a,0017,002d,000b,0010,0005_27,52,25,83,53,81,54,37" + }, + { + "stream": 42, + "src": "192.168.1.168", + "dst": "13.107.237.40", + "srcport": "50166", + "dstport": "443", + "domain": "mem.gfx.ms", + "JA4.1": "t00d1616h2_e54801c2e950_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_229fbafadc6d_5c57d7d34ca4", + "JA4_ro.1": "t00d1616h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,001b,000b,0012,0010,002b,ff01,0033,0005,0000,0023,000a,002d,4469,000d,0015_27,52,25,83,53,81,54,37", + "JA4.2": "t00d1615h2_e54801c2e950_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_229fbafadc6d_910416100b12", + "JA4_ro.2": "t00d1615h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,001b,000b,0012,0010,002b,ff01,0033,0005,0000,0023,000a,002d,4469,000d_27,52,25,83,53,81,54,37" + }, + { + "stream": 43, + "src": "192.168.1.168", + "dst": "40.126.24.84", + "srcport": "50167", + "dstport": "443", + "domain": "login.live.com", + "JA4.1": "t00d1616h2_73d9d18e4e10_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,018,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_828fc7e24cd3_8af5184c75f5", + "JA4_ro.1": "t00d1616h2_018,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000b,0033,0000,ff01,000a,002d,0023,0012,000d,4469,0017,002b,001b,0005,0010,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 44, + "src": "192.168.1.168", + "dst": "13.107.238.40", + "srcport": "50168", + "dstport": "443", + "domain": "logincdn.msauth.net", + "JA4.1": "t00d1616h2_92d14b0b55fe_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,82_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_d4f7c34455ff_f7f9b3ff40de", + "JA4_ro.1": "t00d1616h2_82,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002b,001b,000a,0033,0012,0005,000d,0000,002d,0017,0010,ff01,4469,000b,0023,0015_27,52,25,83,53,81,54,37", + "JA4.2": "t00d1615h2_92d14b0b55fe_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,82_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_d4f7c34455ff_cef006b50a55", + "JA4_ro.2": "t00d1615h2_82,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002b,001b,000a,0033,0012,0005,000d,0000,002d,0017,0010,ff01,4469,000b,0023_27,52,25,83,53,81,54,37" + }, + { + "stream": 45, + "src": "192.168.1.168", + "dst": "13.107.237.40", + "srcport": "50169", + "dstport": "443", + "domain": "mem.gfx.ms", + "JA4.1": "t00d1616h2_6307a8b4e18c_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_09a40e5600a4_3cfec2a9591f", + "JA4_ro.1": "t00d1616h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,ff01,0023,002b,002d,000d,0005,001b,000a,4469,0010,0000,0033,000b,0012,0015_27,52,25,83,53,81,54,37", + "JA4.2": "t00d1615h2_6307a8b4e18c_3020f1a04d4a", + "JA4_r.2": "t00d1615h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.2": "t00d1615h2_09a40e5600a4_b65077d6af85", + "JA4_ro.2": "t00d1615h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,ff01,0023,002b,002d,000d,0005,001b,000a,4469,0010,0000,0033,000b,0012_27,52,25,83,53,81,54,37" + }, + { + "stream": 46, + "src": "192.168.1.168", + "dst": "3.223.179.120", + "srcport": "50170", + "dstport": "443", + "domain": "target.microsoft.com", + "JA4.1": "t00d1616h2_c4e216e269f4_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,354,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_00d8772d9166_610f21c992f2", + "JA4_ro.1": "t00d1616h2_354,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0017,ff01,001b,0023,0000,0033,000a,000b,0005,0010,000d,0012,002d,4469,002b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 47, + "src": "192.168.1.168", + "dst": "23.55.200.211", + "srcport": "50172", + "dstport": "443", + "domain": "www.apple.com", + "JA4.1": "t00d1616h2_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0200e8047a78_7dacaec9656d", + "JA4_ro.1": "t00d1616h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,0005,002d,4469,0012,ff01,0023,0017,000a,0000,0033,0010,000b,001b,002b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 48, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50175", + "dstport": "443", + "domain": "is1-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_e54801c2e950_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_229fbafadc6d_3ecba0861e51", + "JA4_ro.1": "t00d1616h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,000a,0005,4469,0033,002d,0017,0012,000b,001b,0023,ff01,002b,000d,0000,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 49, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50174", + "dstport": "443", + "domain": "is1-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_1595299e0424", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000a,0000,0033,0023,0017,002d,4469,001b,0010,ff01,000d,0012,002b,0005,000b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 50, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50177", + "dstport": "443", + "domain": "is2-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_9d59fcccb793_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,578,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0e3e4812791b_f162ffa569aa", + "JA4_ro.1": "t00d1616h2_578,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,4469,002b,002d,0000,0005,000a,ff01,001b,0017,0010,0033,000b,0012,000d,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 51, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50176", + "dstport": "443", + "domain": "is2-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_267b3aae5f67_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,130,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8282cc1561ee_6f6e7aeeeaff", + "JA4_ro.1": "t00d1616h2_130,65,66,67,195,199,196,200,393,392,171,172,6,7,,_4469,000a,001b,000b,0000,0023,000d,0017,002b,0033,ff01,002d,0005,0012,0010,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 52, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50178", + "dstport": "443", + "domain": "is2-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_4109672baa2e_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,690,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0200e8047a78_504535a8f093", + "JA4_ro.1": "t00d1616h2_690,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,0023,0005,001b,0000,002d,0017,4469,000b,000d,0012,ff01,000a,002b,0010,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 53, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50180", + "dstport": "443", + "domain": "is3-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_73d9d18e4e10_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,018,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_828fc7e24cd3_41b37e45f393", + "JA4_ro.1": "t00d1616h2_018,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,0017,0023,0012,0000,002b,002d,000a,000b,ff01,000d,0033,4469,0005,001b,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 54, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50182", + "dstport": "443", + "domain": "is3-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_11ffca9cd0b3", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0005,0010,000a,000b,002b,000d,001b,002d,4469,0023,0033,0000,ff01,0012,0017,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 55, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50181", + "dstport": "443", + "domain": "is3-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_e54801c2e950_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_229fbafadc6d_b26e58a385ad", + "JA4_ro.1": "t00d1616h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0010,0012,002b,000a,000b,ff01,0005,000d,0023,001b,0033,0017,4469,0000,002d,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 56, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50179", + "dstport": "443", + "domain": "is2-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_1232493564c0_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,794_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_390f8e2ebadd_29f6b1a8b311", + "JA4_ro.1": "t00d1616h2_794,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,0023,ff01,0000,000b,0017,0033,000a,002b,0005,000d,0012,4469,001b,0010,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 57, + "src": "192.168.1.168", + "dst": "23.62.168.26", + "srcport": "50183", + "dstport": "443", + "domain": "is5-ssl.mzstatic.com", + "JA4.1": "t00d1616h2_6307a8b4e18c_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,466,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_09a40e5600a4_7d5766b8de50", + "JA4_ro.1": "t00d1616h2_466,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,0000,0010,0023,0017,002d,4469,000a,0005,ff01,001b,002b,000b,000d,0012,0015_27,52,25,83,53,81,54,37" + }, + { + "stream": 58, + "src": "192.168.1.168", + "dst": "172.253.63.95", + "srcport": "50184", + "dstport": "443", + "domain": "content-autofill.googleapis.com", + "JA4.1": "t00d1616h2_267b3aae5f67_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,130,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8282cc1561ee_675811c43dd5", + "JA4_ro.1": "t00d1616h2_130,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0000,0033,000d,0023,000b,ff01,000a,001b,4469,0012,002d,0010,0005,002b,0017,0015_27,52,25,83,53,81,54,37" + } +] \ No newline at end of file diff --git a/python/test/testdata/tls12.pcap.json b/python/test/testdata/tls12.pcap.json new file mode 100644 index 0000000..27d2a2e --- /dev/null +++ b/python/test/testdata/tls12.pcap.json @@ -0,0 +1,14 @@ +[ + { + "stream": 0, + "src": "192.168.133.129", + "dst": "34.117.237.239", + "srcport": "36372", + "dstport": "443", + "domain": "contile.services.mozilla.com", + "JA4.1": "t00d1715h2_bc725f95a748_107db796aee2", + "JA4_r.1": "t00d1715h2_,,161,162,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0015,0017,001c,0022,0023,002b,002d,0033,ff01_27,83,39,52,53,54,25,81,37,5,3", + "JA4_o.1": "t00d1715h2_1410090ed828_d1cf8c39e7fc", + "JA4_ro.1": "t00d1715h2_65,67,66,195,199,393,392,196,200,162,161,171,172,6,7,,_0000,0017,ff01,000a,000b,0023,0010,0005,0022,0033,002b,000d,002d,001c,0015_27,83,39,52,53,54,25,81,37,5,3" + } +] \ No newline at end of file diff --git a/python/test/testdata/tls3.pcapng.json b/python/test/testdata/tls3.pcapng.json new file mode 100644 index 0000000..df75bdf --- /dev/null +++ b/python/test/testdata/tls3.pcapng.json @@ -0,0 +1,205 @@ +[ + { + "stream": 8, + "src": "192.168.1.169", + "dst": "23.222.12.9", + "srcport": "63249", + "dstport": "80", + "JA4H": "ge11nn07enus_3e3b55d61660_000000000000_000000000000" + }, + { + "stream": 21, + "src": "192.168.1.169", + "dst": "172.253.122.95", + "srcport": "62481", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "59", + "JA4L-S": "4213_59", + "JA4L-C": "59_128" + }, + { + "stream": 23, + "src": "192.168.1.169", + "dst": "151.101.1.229", + "srcport": "49791", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "58", + "JA4L-S": "4455_58", + "JA4L-C": "40_128" + }, + { + "stream": 22, + "src": "192.168.1.169", + "dst": "104.21.234.234", + "srcport": "61732", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "57", + "JA4L-S": "5580_57", + "JA4L-C": "336_128" + }, + { + "stream": 24, + "src": "192.168.1.169", + "dst": "104.17.24.14", + "srcport": "56684", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "57", + "JA4L-S": "3590_57", + "JA4L-C": "59_128" + }, + { + "stream": 25, + "src": "192.168.1.169", + "dst": "104.21.234.234", + "srcport": "61884", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "57", + "JA4L-S": "3583_57" + }, + { + "stream": 28, + "src": "192.168.1.169", + "dst": "142.251.111.94", + "srcport": "58117", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "58", + "JA4L-S": "3298_58", + "JA4L-C": "45_128" + }, + { + "stream": 7, + "src": "192.168.1.169", + "dst": "54.190.49.36", + "srcport": "63248", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "35", + "JA4L-S": "34615_35", + "JA4L-C": "86_128", + "domain": "darksail.ai", + "JA4.1": "t00d1616h2_267b3aae5f67_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,130,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8282cc1561ee_aad8bc8031e1", + "JA4_ro.1": "t00d1616h2_130,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0023,0033,ff01,000a,0012,0005,0017,4469,0000,001b,000d,002d,000b,002b,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 8, + "src": "192.168.1.169", + "dst": "23.222.12.9", + "srcport": "63249", + "dstport": "80", + "client_ttl": "128", + "server_ttl": "57", + "JA4L-S": "3181_57", + "JA4L-C": "14_128" + }, + { + "stream": 9, + "src": "192.168.1.169", + "dst": "54.190.49.36", + "srcport": "63250", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "35", + "JA4L-S": "36549_35", + "JA4L-C": "64_128", + "domain": "darksail.ai", + "JA4.1": "t00d1616h2_9d59fcccb793_811abd909fb7", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,578,6,65,66,67,7_0005,000a,000b,000d,0012,0017,001b,0023,0029,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_0e3e4812791b_3ddd440f4dca", + "JA4_ro.1": "t00d1616h2_578,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0033,000a,0005,000d,0012,0000,0010,002b,0023,001b,0017,002d,ff01,4469,000b,0029_27,52,25,83,53,81,54,37", + "JA4S": "t000300_65_0ee26285a86f" + }, + { + "stream": 10, + "src": "192.168.1.169", + "dst": "54.190.49.36", + "srcport": "63251", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "38", + "JA4L-S": "34691_38", + "JA4L-C": "78_128", + "domain": "darksail.ai", + "JA4.1": "t00d1616h2_3588272722ae_811abd909fb7", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,914_0005,000a,000b,000d,0012,0017,001b,0023,0029,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_81d927908543_b8663ba4b82d", + "JA4_ro.1": "t00d1616h2_914,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,000b,ff01,0017,0010,0005,002b,4469,0000,0012,000d,001b,000a,0023,0033,0029_27,52,25,83,53,81,54,37", + "JA4S": "t000300_65_0ee26285a86f" + }, + { + "stream": 11, + "src": "192.168.1.169", + "dst": "104.21.234.234", + "srcport": "63252", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "57", + "JA4L-S": "2442_57", + "JA4L-C": "66_128", + "domain": "rsms.me", + "JA4.1": "t00d1616h2_7ea02c1142d5_811abd909fb7", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0017,001b,0023,0029,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_16af819020a4", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_001b,000a,4469,0023,002b,0033,000d,000b,ff01,002d,0000,0017,0005,0010,0012,0029_27,52,25,83,53,81,54,37", + "JA4S": "t000300_65_6bbbaf601ed8" + }, + { + "stream": 12, + "src": "192.168.1.169", + "dst": "54.190.49.36", + "srcport": "63253", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "35", + "JA4L-S": "36498_35", + "JA4L-C": "360_128", + "domain": "darksail.ai", + "JA4.1": "t00d1616h2_4057d54ba945_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,906_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_faec7b756048_56655901e76b", + "JA4_ro.1": "t00d1616h2_906,65,66,67,195,199,196,200,393,392,171,172,6,7,,_002d,000b,ff01,0023,000a,0000,001b,4469,0017,000d,002b,0012,0005,0033,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 13, + "src": "192.168.1.169", + "dst": "54.190.49.36", + "srcport": "63254", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "32", + "JA4L-S": "33515_32", + "JA4L-C": "71_128", + "domain": "darksail.ai", + "JA4.1": "t00d1616h2_e54801c2e950_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,138,171,172,195,196,199,200,392,393,6,65,66,67,7_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_229fbafadc6d_543d524ceca5", + "JA4_ro.1": "t00d1616h2_138,65,66,67,195,199,196,200,393,392,171,172,6,7,,_000d,001b,000b,4469,0023,0005,ff01,002d,0000,0012,0017,000a,0033,002b,0010,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + }, + { + "stream": 14, + "src": "192.168.1.169", + "dst": "54.190.49.36", + "srcport": "63255", + "dstport": "443", + "client_ttl": "128", + "server_ttl": "33", + "JA4L-S": "33738_33", + "JA4L-C": "53_128", + "domain": "darksail.ai", + "JA4.1": "t00d1616h2_7ea02c1142d5_bed3546ee6f4", + "JA4_r.1": "t00d1616h2_,,171,172,195,196,199,200,392,393,6,65,66,67,7,70_0005,000a,000b,000d,0012,0015,0017,001b,0023,002b,002d,0033,4469,ff01_27,52,25,83,53,81,54,37", + "JA4_o.1": "t00d1616h2_8b75d945926f_4e8b0e5efbb3", + "JA4_ro.1": "t00d1616h2_70,65,66,67,195,199,196,200,393,392,171,172,6,7,,_0012,001b,0023,0010,000b,0005,002b,0033,ff01,000d,002d,0017,4469,0000,000a,0015_27,52,25,83,53,81,54,37", + "JA4S": "t000200_65_a56c5b993250" + } +] \ No newline at end of file diff --git a/python/test/testdata/v6.pcap.json b/python/test/testdata/v6.pcap.json new file mode 100644 index 0000000..fbaeb48 --- /dev/null +++ b/python/test/testdata/v6.pcap.json @@ -0,0 +1,20 @@ +[ + { + "stream": 0, + "src": "3ffe:507:0:1:200:86ff:fe05:80da", + "dst": "3ffe:501:410:0:2c0:dfff:fe47:33e", + "srcport": "1022", + "dstport": "22", + "client_ttl": "64", + "server_ttl": "61", + "JA4L-S": "28494_61", + "JA4L-C": "39940_64", + "ssh_extras": { + "hassh": "", + "hassh_server": "", + "ssh_protocol_client": "SSH-1.5-1.2.26", + "ssh_protocol_server": "SSH-1.5-1.2.26", + "encryption_algorithm": "" + } + } +] \ No newline at end of file From 1016ecff7a8f71adc0dfa63cffaa0a8b7806e4dc Mon Sep 17 00:00:00 2001 From: Vladimir Kobal Date: Tue, 27 Jan 2026 20:30:11 +0100 Subject: [PATCH 2/2] Add python test to github actions --- .github/workflows/python-test.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/python-test.yml diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml new file mode 100644 index 0000000..9b760ed --- /dev/null +++ b/.github/workflows/python-test.yml @@ -0,0 +1,31 @@ +name: Python - Test + +on: + push: + paths: + - '.github/workflows/python-test.yml' + - 'python/**' + pull_request: + paths: + - '.github/workflows/python-test.yml' + - 'python/**' + +jobs: + run-python-tests: + name: Run Python tests + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install required packages + run: | + sudo add-apt-repository ppa:wireshark-dev/stable + sudo apt update + sudo apt upgrade -y + sudo apt -y install \ + tshark \ + python3-pytest + + - name: Run tests + run: pytest + working-directory: python/test