diff options
| author | Campus <campus@ntop.org> | 2017-06-09 13:15:09 +0200 |
|---|---|---|
| committer | Campus <campus@ntop.org> | 2017-06-09 13:15:09 +0200 |
| commit | e0366a99653debd29d57aae3ac81a0559a5434fb (patch) | |
| tree | f5cc5bc8e0a443001c679e16ebb8a36480594d1e | |
| parent | 88d47399b5db59e75f1515dc34bf8416c79fb0b6 (diff) | |
improved whatsapp and wechat detection by new ip-ranges
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 21 | ||||
| -rw-r--r-- | tests/result/Viber_session.pcap.out | 5 | ||||
| -rw-r--r-- | tests/result/viber_mobile.pcap.out | 6 |
3 files changed, 23 insertions, 9 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index dd0a21ae2..077a04ff0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -74,21 +74,34 @@ static ndpi_network host_protocol_list[] = { /* WhatsApp Inc. - 169.47.35.32 - 169.47.35.63 */ + { 0x3216C6CC /* 50.22.198.204/30 */, 30, NDPI_PROTOCOL_WHATSAPP }, + { 0x4B7E2720 /* 75.126.39.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0x6CA8B460 /* 108.168.180.96/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0x9E553A00 /* 158.85.58.0/25 */, 25, NDPI_PROTOCOL_WHATSAPP }, + { 0x9E55FE40 /* 158.85.254.64/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xA93743E0 /* 169.55.67.224/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xA93764A0 /* 169.55.100.160/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xA937EBA0 /* 169.55.235.160/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xADC0A220 /* 173.192.162.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xB8AD8840 /* 184.173.136.64/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xB93CDA35 /* 185.60.218.53/32 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xC60BFB20 /* 198.11.251.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xD02B73C0 /* 208.43.115.192/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xD02B7A80 /* 208.43.122.128/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + /* WeChat - 203.205.147.171 - 203.205.147.173 - 203.205.151.162 + origin AS132203, AS132591, AS45090 */ { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, /* OpenDNS, LLC diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 11b958080..88d9589a3 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -2,18 +2,19 @@ Unknown 163 9995 7 HTTP 13 796 7 SSL_No_Cert 34 4141 1 ICMP 2 196 1 -SSL 80 7703 8 +SSL 75 7291 7 Facebook 29 3944 2 Dropbox 1 97 1 GMail 21 1891 1 Google 50 4084 5 +WhatsApp 5 412 1 Viber 4163 392492 4 Amazon 1 66 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/389 bytes <-> 5 pkts/368 bytes] 2 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/428 bytes <-> 4 pkts/264 bytes] 3 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][2 pkts/157 bytes <-> 3 pkts/255 bytes] + 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][2 pkts/157 bytes <-> 3 pkts/255 bytes] 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][14 pkts/1058 bytes <-> 9 pkts/2287 bytes] 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index e761e520c..097363152 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -4,12 +4,12 @@ HTTP 43 4771 7 BitTorrent 57 13074 27 SSL_No_Cert 36 5874 1 ICMP 3 370 2 -SSL 79 21658 7 +SSL 72 21126 6 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 Google 76 17175 8 -WhatsApp 31 6224 2 +WhatsApp 38 6756 3 Viber 10081 1413446 4 Amazon 8 528 1 @@ -18,7 +18,7 @@ Amazon 8 528 1 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][8 pkts/3893 bytes <-> 8 pkts/1945 bytes] 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/329 bytes] 5 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][4 pkts/277 bytes <-> 3 pkts/255 bytes] + 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][4 pkts/277 bytes <-> 3 pkts/255 bytes] 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][1 pkts/75 bytes <-> 1 pkts/166 bytes][Host: mail.google.com] 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] |