diff options
| author | Campus <campus@ntop.org> | 2015-12-24 00:16:33 +0100 |
|---|---|---|
| committer | Campus <campus@ntop.org> | 2015-12-24 00:16:33 +0100 |
| commit | bfded9087579b10fd5d9464e1661c4ebe1d766e8 (patch) | |
| tree | c81042e42b470dfbd75f57292772b97bfeec1cd8 | |
| parent | 237de95285a0129f1b86fdfe9519e6e14302abc9 (diff) | |
added OCS service and related pcap for testing
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 16 | ||||
| -rw-r--r-- | tests/pcap/ocs.pcap | bin | 0 -> 82545 bytes | |||
| -rw-r--r-- | tests/result/ocs.pcap.out | 30 |
4 files changed, 46 insertions, 3 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 2bfa42d68..7a2b2ff15 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -203,7 +203,7 @@ #define NDPI_PROTOCOL_TEREDO 214 #define NDPI_PROTOCOL_HEP 216 /* Sipcapture.org QXIP BV */ #define NDPI_PROTOCOL_UBNTAC2 217 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */ -#define NDPI_PROTOCOL_MS_LYNC 218 +#define NDPI_PROTOCOL_MS_LYNC 219 @@ -266,6 +266,7 @@ #define NDPI_SERVICE_INSTAGRAM 211 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> */ #define NDPI_SERVICE_MICROSOFT 212 #define NDPI_SERVICE_HOTSPOT_SHIELD 215 +#define NDPI_SERVICE_OCS 218 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_MS_LYNC diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 26a07c680..64af6a6f9 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -33,6 +33,13 @@ typedef struct { /* ****************************************************** */ static ndpi_network host_protocol_list[] = { + + /* + OCS GO (Orange Cinéma Séries) + 178.248.208.0/21 + */ + { 0xB2F8D000 /* 178.248.208.0 */, 21, NDPI_SERVICE_OCS }, + /* Citrix GotoMeeting (AS16815, AS21866) 216.115.208.0/20 @@ -7369,7 +7376,7 @@ ndpi_protocol_match host_match[] = { { "wikimediafoundation.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_ACCEPTABLE }, { ".whatsapp.net", "WhatsApp", NDPI_SERVICE_WHATSAPP, NDPI_PROTOCOL_ACCEPTABLE }, { ".yahoo.", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yimg.com", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yimg.com", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_ACCEPTABLE }, { "yahooapis.", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_ACCEPTABLE }, { "youtube.", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_FUN }, { ".googlevideo.com", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_FUN }, @@ -7388,7 +7395,7 @@ ndpi_protocol_match host_match[] = { { "quickplay.com", "QuickPlay", NDPI_SERVICE_QUICKPLAY, NDPI_PROTOCOL_FUN }, { "tim.com.br", "TIM", NDPI_SERVICE_TIM, NDPI_PROTOCOL_ACCEPTABLE }, { "tim.it", "TIM", NDPI_SERVICE_TIM, NDPI_PROTOCOL_ACCEPTABLE }, - { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_FUN}, + { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ { "feelinsonice.appspot.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_FUN }, @@ -7423,6 +7430,11 @@ ndpi_protocol_match host_match[] = { { ".anchorfree.", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { "hotspotshield.com", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ocsdomain.com", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_FUN }, + { "ocs.fr", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_FUN }, + { NULL, 0 } }; diff --git a/tests/pcap/ocs.pcap b/tests/pcap/ocs.pcap Binary files differnew file mode 100644 index 000000000..53b8e75db --- /dev/null +++ b/tests/pcap/ocs.pcap diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out new file mode 100644 index 000000000..8f3129150 --- /dev/null +++ b/tests/result/ocs.pcap.out @@ -0,0 +1,30 @@ +Unknown 2 120 1 +DNS 3 214 3 +SSL 45 5771 3 +Skype 19 1379 3 +Google 14 2349 3 +OCS 863 57552 7 + + 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] + 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] + 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91/SSL][13 pkts/1448 bytes] + 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] + 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][SSL client: settings.crashlytics.com] + 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] + 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91/SSL][12 pkts/1608 bytes] + 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] + 9 UDP 192.168.180.2:2589 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes][Host: ocs.labgency.ws] + 10 UDP 192.168.180.2:3621 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com] + 11 UDP 192.168.180.2:11793 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes][Host: play.googleapis.com] + 12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][SSL client: ocs.labgency.ws] + 13 TCP 192.168.180.2:46166 <-> 137.135.131.52:5122 [proto: 125/Skype][6 pkts/360 bytes] + 14 TCP 192.168.180.2:53356 <-> 137.135.129.206:80 [proto: 7.125/HTTP.Skype][6 pkts/479 bytes] + 15 UDP 192.168.180.2:24245 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr] + 16 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws] + 17 UDP 192.168.180.2:40097 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com] + 18 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][SSL client: mtalk.google.com] + 19 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7.125/HTTP.Skype][7 pkts/540 bytes] + + +Undetected flows: + 1 TCP 192.168.180.2:47699 <-> 64.233.184.188:5228 [proto: 0/Unknown][2 pkts/120 bytes] |