diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2022-09-21 19:55:28 +0200 |
|---|---|---|
| committer | Toni <matzeton@googlemail.com> | 2022-09-21 20:02:23 +0200 |
| commit | c6201284d7c7599dd9217e6cee42e3b85a3056ef (patch) | |
| tree | 1d375cbad51c58fe7a2cba9df12815ff95fc51de | |
| parent | 644ad34962365fa794b8f58e01a7290496f3d6ef (diff) | |
NAT-PMP: fix metadata extraction
| -rw-r--r-- | src/lib/protocols/natpmp.c | 2 | ||||
| -rw-r--r-- | tests/pcap/natpmp.pcap | bin | 504 -> 786 bytes | |||
| -rw-r--r-- | tests/result/natpmp.pcap.out | 21 |
3 files changed, 12 insertions, 11 deletions
diff --git a/src/lib/protocols/natpmp.c b/src/lib/protocols/natpmp.c index 994ee1d6a..100ff17c0 100644 --- a/src/lib/protocols/natpmp.c +++ b/src/lib/protocols/natpmp.c @@ -150,7 +150,7 @@ static int ndpi_search_natpmp_extra(struct ndpi_detection_module_struct *ndpi_st case NATPMP_RESPONSE_TCP_MAPPING: { flow->protos.natpmp.internal_port = ntohs(get_u_int16_t(packet->payload, 8)); - flow->protos.natpmp.external_port = ntohs(get_u_int16_t(packet->payload, 12)); + flow->protos.natpmp.external_port = ntohs(get_u_int16_t(packet->payload, 10)); if (flow->protos.natpmp.internal_port == 0 || flow->protos.natpmp.external_port == 0) { ndpi_set_risk(ndpi_struct, flow, NDPI_MALFORMED_PACKET, "Port Mapping Response: Internal/External port must not 0"); diff --git a/tests/pcap/natpmp.pcap b/tests/pcap/natpmp.pcap Binary files differindex 59fcc47a9..60b546bc1 100644 --- a/tests/pcap/natpmp.pcap +++ b/tests/pcap/natpmp.pcap diff --git a/tests/result/natpmp.pcap.out b/tests/result/natpmp.pcap.out index 1b706794f..216f6a570 100644 --- a/tests/result/natpmp.pcap.out +++ b/tests/result/natpmp.pcap.out @@ -1,8 +1,8 @@ -Guessed flow protos: 3 +Guessed flow protos: 4 -DPI Packets (UDP): 7 (2.33 pkts/flow) -Confidence DPI : 3 (flows) -Num dissector calls: 3 (1.00 diss/flow) +DPI Packets (UDP): 11 (2.75 pkts/flow) +Confidence DPI : 4 (flows) +Num dissector calls: 4 (1.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -15,12 +15,13 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 6/0 (search/found) +Patricia risk mask: 8/0 (search/found) Patricia risk: 0/0 (search/found) -Patricia protocols: 6/0 (search/found) +Patricia protocols: 8/0 (search/found) -NAT-PMP 7 368 3 +NAT-PMP 11 586 4 - 1 UDP 192.168.2.100:35763 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Result: 0][Internal Port: 22000][External Port: 20216][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.2.100:59817 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/108 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][0.25 sec][Result: 0][Internal Port: 22000][External Port: 6243][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.2.100:36845 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/44 bytes -> 0 pkts/0 bytes][Goodput ratio: 4/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.128:36852 <-> 192.168.1.254:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/98 bytes <-> 2 pkts/120 bytes][Goodput ratio: 14/23][8.37 sec][Result: 0][Internal Port: 51413][External Port: 51413][External Address: 10.201.213.174][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.2.100:35763 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Result: 0][Internal Port: 22000][External Port: 20216][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.2.100:59817 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/108 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][0.25 sec][Result: 0][Internal Port: 22000][External Port: 6243][External Address: 0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.2.100:36845 -> 192.168.2.1:5351 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/44 bytes -> 0 pkts/0 bytes][Goodput ratio: 4/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |