improved wechat detection

author: Campus <campus@ntop.org> 2017-04-15 21:18:50 +0200
committer: Campus <campus@ntop.org> 2017-04-15 21:18:50 +0200
commit: 3a21152f4c7b1783a0cd6671af405d0014cf9b4b (patch)
tree: b8660398911c2ee993c022bb833d5253539d76d9
parent: b97e3ee51a9a17b837a2ed8c30e5ddabbf2d7140 (diff)
5 files changed, 147 insertions, 10 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index df3426129..d9ceb77a4 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -79,6 +79,17 @@ static ndpi_network host_protocol_list[] = {
 
    { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP },
 
+  /*
+    WeChat
+    203.205.147.171
+    203.205.147.173
+    203.205.151.162
+  */
+
+   { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT },
+   { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT },
+   { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT },
+
    /*
     OpenDNS, LLC
     origin AS36692, AS30607
@@ -8126,8 +8137,14 @@ ndpi_protocol_match host_match[] = {
   { ".steamstatic.com", 		"Steam",		NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
   { "steamcommunity-a.akamaihd.net",	"Steam",		NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
 
-  { ".wechat.com",         		"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },  
-
+  { ".wechat.com",         		"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".wechat.org",         		"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".wechatapp.com",         		"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".we.chat",         		"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".wx.",				"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".weixin.",				"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".mmsns.qpic.cn",			"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+    
   { NULL, 0 }
 };
 
diff --git a/tests/pcap/wechat.pcap b/tests/pcap/wechat.pcap
new file mode 100644
index 000000000..f731d9925
--- /dev/null
+++ b/tests/pcap/wechat.pcap
diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out
index 97b69377c..96d39ede2 100644
--- a/tests/result/KakaoTalk_talk.pcap.out
+++ b/tests/result/KakaoTalk_talk.pcap.out
@@ -1,5 +1,4 @@
 HTTP	5	280	1
-QQ	15	1727	1
 SSL_No_Cert	74	14132	2
 RTP	2991	398751	2
 SSL	5	1198	1
@@ -9,6 +8,7 @@ HTTP_Proxy	16	1838	2
 Tor	40	10538	1
 Amazon	4	396	1
 KakaoTalk_Voice	44	6196	2
+WeChat	15	1727	1
 
 	1	TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes]
 	2	TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes]
@@ -23,7 +23,7 @@ KakaoTalk_Voice	44	6196	2
 	11	TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes]
 	12	TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes]
 	13	TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes]
-	14	TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com]
+	14	TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com]
 	15	UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes]
 	16	UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes]
 	17	UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes]
diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out
index 277e25fc8..8c6781221 100644
--- a/tests/result/quickplay.pcap.out
+++ b/tests/result/quickplay.pcap.out
@@ -1,8 +1,8 @@
-QQ	12	4781	5
 Facebook	6	1740	3
 Google	2	378	1
 Amazon	2	1469	1
 QuickPlay	133	96179	11
+WeChat	12	4781	5
 
 	1	TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com]
 	2	TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com]
@@ -11,8 +11,8 @@ QuickPlay	133	96179	11
 	5	TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com]
 	6	TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com]
 	7	TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com]
-	8	TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.48/HTTP.QQ][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com]
-	9	TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.48/HTTP.QQ][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com]
+	8	TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.197/HTTP.WeChat][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com]
+	9	TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.197/HTTP.WeChat][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com]
 	10	TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com]
 	11	TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com]
 	12	TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com]
@@ -21,7 +21,7 @@ QuickPlay	133	96179	11
 	15	TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com]
 	16	TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com]
 	17	TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com]
-	18	TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.48/HTTP.QQ][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com]
+	18	TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.197/HTTP.WeChat][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com]
 	19	TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com]
-	20	TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.48/HTTP.QQ][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com]
-	21	TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.48/HTTP.QQ][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com]
+	20	TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.197/HTTP.WeChat][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com]
+	21	TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.197/HTTP.WeChat][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com]
diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out
new file mode 100644
index 000000000..b81a52377
--- /dev/null
+++ b/tests/result/wechat.pcap.out
@@ -0,0 +1,120 @@
+Unknown	1	110	1
+DNS	6	494	3
+HTTP	70	4620	8
+MDNS	116	10672	4
+NTP	1	90	1
+NetBIOS	12	1579	2
+DHCP	1	342	1
+IGMP	24	1280	4
+SSL	21	1209	3
+ICMPV6	3	218	2
+Google	128	29925	17
+LLMNR	12	944	6
+WeChat	1277	615827	51
+
+	1	UDP 192.168.1.103:33915 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com]
+	2	TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][8 pkts/469 bytes]
+	3	UDP 192.168.1.103:41759 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 2.debian.pool.ntp.org]
+	4	UDP 192.168.1.103:42589 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes][Host: ssl.gstatic.com]
+	5	UDP 192.168.1.103:43317 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com]
+	6	UDP 192.168.1.103:43705 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes][Host: webpush.web.wechat.com.lan]
+	7	TCP 203.205.158.34:443 <-> 192.168.1.103:43850 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com]
+	8	UDP 192.168.1.103:44063 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 1.debian.pool.ntp.org]
+	9	UDP [fe80::91f9:3df3:7436:6cd6]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes]
+	10	TCP 172.217.23.78:443 <-> 192.168.1.103:53220 [proto: 91.126/SSL.Google][8 pkts/583 bytes]
+	11	TCP 216.58.205.78:443 <-> 192.168.1.103:47627 [proto: 91.126/SSL.Google][7 pkts/517 bytes]
+	12	TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][6 pkts/396 bytes]
+	13	UDP 192.168.1.103:53515 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan]
+	14	TCP 192.168.1.103:54084 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes]
+	15	TCP 192.168.1.103:54058 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes]
+	16	TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com]
+	17	TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/11506 bytes][client: web.wechat.com]
+	18	TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][40 pkts/18455 bytes][client: web.wechat.com]
+	19	TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com]
+	20	TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/15082 bytes][client: web.wechat.com]
+	21	TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][27 pkts/10532 bytes][client: web.wechat.com]
+	22	TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][28 pkts/18041 bytes][client: web.wechat.com]
+	23	TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com]
+	24	TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes]
+	25	TCP 192.168.1.103:54106 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes]
+	26	TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes]
+	27	TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes]
+	28	TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4735 bytes][client: web.wechat.com]
+	29	TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com]
+	30	UDP 192.168.1.103:56367 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com]
+	31	TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][26 pkts/11518 bytes][client: web.wechat.com]
+	32	UDP 192.168.1.103:58165 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com]
+	33	TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][59 pkts/29728 bytes][client: web.wechat.com]
+	34	TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][49 pkts/24468 bytes][client: web.wechat.com]
+	35	TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][22 pkts/9520 bytes][client: web.wechat.com]
+	36	TCP 192.168.1.103:58226 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes]
+	37	UDP 192.168.1.103:59567 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes][Host: ssl.gstatic.com.lan]
+	38	TCP 192.168.1.103:58143 <-> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes]
+	39	UDP 216.58.198.46:443 <-> 192.168.1.103:57591 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com]
+	40	UDP 192.168.1.100:57401 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: mcztmpkc]
+	41	TCP 95.101.34.33:80 <-> 192.168.1.103:34996 [proto: 7/HTTP][9 pkts/594 bytes]
+	42	TCP 95.101.34.33:80 <-> 192.168.1.103:35000 [proto: 7/HTTP][9 pkts/594 bytes]
+	43	UDP [fe80::7a92:9cff:fe0f:a88e]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes]
+	44	TCP 192.168.1.103:54205 <-> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes]
+	45	ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes]
+	46	UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50440 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz]
+	47	TCP 192.168.1.103:52020 <-> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes]
+	48	UDP 172.217.23.67:443 <-> 192.168.1.103:35601 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com]
+	49	TCP 172.217.22.14:443 <-> 192.168.1.103:38657 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com]
+	50	UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: iphonedimonica]
+	51	UDP 192.168.1.103:37578 <-> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes]
+	52	TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes]
+	53	UDP 192.168.1.103:42074 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes][Host: ssl.gstatic.com.lan]
+	54	UDP 192.168.1.103:42856 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes][Host: 1.debian.pool.ntp.org.lan]
+	55	ICMPV6 [::]:0 <-> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes]
+	56	TCP 203.205.158.34:443 <-> 192.168.1.103:43851 [proto: 91/SSL][9 pkts/524 bytes]
+	57	UDP 192.168.1.103:44346 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan]
+	58	UDP 192.168.1.103:45366 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com]
+	59	UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com]
+	60	UDP 172.217.23.67:443 <-> 192.168.1.103:51507 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com]
+	61	UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/366 bytes][Host: safebrowsing.googleusercontent.com]
+	62	TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][3 pkts/198 bytes]
+	63	TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][41 pkts/26587 bytes][client: web.wechat.com]
+	64	TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4537 bytes][client: web.wechat.com]
+	65	TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes]
+	66	TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][39 pkts/25723 bytes][client: web.wechat.com]
+	67	TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][44 pkts/19995 bytes][client: web.wechat.com]
+	68	TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][54 pkts/36453 bytes][client: web.wechat.com]
+	69	TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][86 pkts/65999 bytes][client: web.wechat.com]
+	70	TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][96 pkts/63642 bytes][client: web.wechat.com]
+	71	TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes]
+	72	TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/9761 bytes][client: web.wechat.com]
+	73	TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][73 pkts/44045 bytes][client: web.wechat.com]
+	74	TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][36 pkts/14963 bytes][client: web.wechat.com]
+	75	TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/30965 bytes][client: web.wechat.com]
+	76	TCP 192.168.1.103:54183 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes]
+	77	UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/302 bytes][Host: docs.google.com]
+	78	TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes]
+	79	TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][17 pkts/1146 bytes]
+	80	TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com]
+	81	TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/354 bytes]
+	82	UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/465 bytes][Host: web.wechat.com]
+	83	UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com]
+	84	UDP 192.168.1.100:49832 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: cansaqcq]
+	85	UDP 192.168.1.100:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes]
+	86	UDP 192.168.1.100:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes]
+	87	UDP 192.168.1.100:54124 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: lbjamwptxz]
+	88	IGMP 224.0.0.1:0 <-> 192.168.1.254:0 [proto: 82/IGMP][4 pkts/200 bytes]
+	89	IGMP 224.0.0.22:0 <-> 192.168.1.100:0 [proto: 82/IGMP][15 pkts/810 bytes]
+	90	IGMP 224.0.0.22:0 <-> 192.168.1.103:0 [proto: 82/IGMP][4 pkts/216 bytes]
+	91	IGMP 224.0.0.22:0 <-> 192.168.1.108:0 [proto: 82/IGMP][1 pkts/54 bytes]
+	92	TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][20 pkts/1320 bytes]
+	93	TCP 95.101.34.33:80 <-> 192.168.1.103:34999 [proto: 7/HTTP][9 pkts/594 bytes]
+	94	TCP 95.101.34.33:80 <-> 192.168.1.103:34981 [proto: 7/HTTP][9 pkts/594 bytes]
+	95	TCP 95.101.34.34:80 <-> 192.168.1.103:39207 [proto: 7/HTTP][9 pkts/594 bytes]
+	96	TCP 95.101.34.34:80 <-> 192.168.1.103:39195 [proto: 7/HTTP][8 pkts/528 bytes]
+	97	TCP 95.101.34.34:80 <-> 192.168.1.103:39231 [proto: 7/HTTP][9 pkts/594 bytes]
+	98	UDP 192.168.1.103:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes]
+	99	UDP 192.168.1.100:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes]
+	100	UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/610 bytes][Host: res.wx.qq.com]
+	101	UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:49195 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq]
+	102	UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50577 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc]
+
+
+Undetected flows:
+	1	0 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::16]:0 [proto: 0/Unknown][1 pkts/110 bytes]
author	Campus <campus@ntop.org>	2017-04-15 21:18:50 +0200
committer	Campus <campus@ntop.org>	2017-04-15 21:18:50 +0200
commit	3a21152f4c7b1783a0cd6671af405d0014cf9b4b (patch)
tree	b8660398911c2ee993c022bb833d5253539d76d9
parent	b97e3ee51a9a17b837a2ed8c30e5ddabbf2d7140 (diff)