diff options
| author | Luca Deri <deri@ntop.org> | 2018-11-08 22:13:05 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2018-11-08 22:13:05 +0100 |
| commit | 8e6640605a513ab63c06315525a20b962013c0f3 (patch) | |
| tree | d79d23b37bfbc53de68e17726cddef02f78538d2 | |
| parent | 9c5a4a6d1f117dbc8e3d0d46fa2d36f1d65761b3 (diff) | |
Removed skype false positives
better STUP detection
| -rw-r--r-- | src/lib/ndpi_main.c | 8 | ||||
| -rw-r--r-- | tests/result/whatsapp_voice_and_message.pcap.out | 5 |
2 files changed, 10 insertions, 3 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7dd8777ec..c099b3a32 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3971,6 +3971,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + + if((guessed_protocol_id == 0) + && (flow->protos.stun_ssl.stun.num_binding_requests > 0) + && (flow->protos.stun_ssl.stun.num_processed_pkts > 0)) + guessed_protocol_id = NDPI_PROTOCOL_STUN; + ndpi_int_change_protocol(ndpi_struct, flow, guessed_host_protocol_id, guessed_protocol_id); @@ -3988,11 +3994,13 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st && (flow->guessed_protocol_id == NDPI_PROTOCOL_STUN)) { check_stun_export: if(flow->protos.stun_ssl.stun.num_processed_pkts > 0) { +#if 0 if(flow->protos.stun_ssl.stun.num_processed_pkts >= NDPI_MIN_NUM_STUN_DETECTION) { u_int16_t proto = (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT; ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); } else +#endif ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id); } } diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index e14163cbd..18ed7943d 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -1,5 +1,4 @@ -SkypeCallIn 9 1184 1 -STUN 35 4732 7 +STUN 44 5916 8 WhatsApp 217 22139 5 1 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][cat: Chat/9][30 pkts/2539 bytes <-> 32 pkts/3070 bytes] @@ -7,7 +6,7 @@ WhatsApp 217 22139 5 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes] 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][cat: Chat/9][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] 5 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][cat: Chat/9][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] - 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/840 bytes <-> 4 pkts/344 bytes] + 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][5 pkts/840 bytes <-> 4 pkts/344 bytes] 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] 9 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][cat: Network/14][3 pkts/504 bytes <-> 2 pkts/172 bytes] |