diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2022-09-09 20:17:17 +0200 |
|---|---|---|
| committer | Toni <matzeton@googlemail.com> | 2022-09-11 13:33:32 +0200 |
| commit | 678dd61866944eae011fa96f1c6d39d0c201858e (patch) | |
| tree | 1de68b205c17a5753869bae6a536615ca9be9a34 | |
| parent | f44413e039ed65dca73606ff01d7e3ab8a1ca2bb (diff) | |
STUN: several improvements
Add detection over TCP and fix detection over IPv6.
Rename some variables since Stun dissector is no more "udp-centric".
Stun dissector should always classified the flow as `STUN` or
`STUN/Something`.
Don't touch `flow->guessed_host_protocol_id` field, which should be
always be related to "ip-classification" only.
115 files changed, 202 insertions, 324 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index b86e66aeb..a71a01332 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1349,7 +1349,7 @@ struct ndpi_flow_struct { } kerberos_buf; struct { - u_int8_t num_udp_pkts, num_binding_requests; + u_int8_t num_pkts, num_binding_requests; u_int16_t num_processed_pkts; } stun; diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index b86313c75..d7de4e713 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1405,7 +1405,7 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, case NDPI_PROTOCOL_STUN: ndpi_serialize_start_of_block(serializer, "stun"); - ndpi_serialize_string_uint32(serializer, "num_udp_pkts", flow->stun.num_udp_pkts); + ndpi_serialize_string_uint32(serializer, "num_pkts", flow->stun.num_pkts); ndpi_serialize_string_uint32(serializer, "num_binding_requests", flow->stun.num_binding_requests); ndpi_serialize_string_uint32(serializer, "num_processed_pkts", diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index 3c463bbc6..7f5414ef0 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" /* stun.c */ -extern u_int32_t get_stun_lru_key(struct ndpi_packet_struct *packet, u_int8_t rev); +extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev); /* https://support.google.com/a/answer/1279090?hl=en */ #define HANGOUT_UDP_LOW_PORT 19302 @@ -101,8 +101,8 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, if(ndpi_struct->stun_cache == NULL) ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); - if(ndpi_struct->stun_cache && packet->iph && packet->udp) { - u_int32_t key = get_stun_lru_key(packet, !matched_src); + if(ndpi_struct->stun_cache && packet->iph) { + u_int32_t key = get_stun_lru_key(flow, !matched_src); #ifdef DEBUG_LRU printf("[LRU] ADDING %u / %u.%u\n", key, NDPI_PROTOCOL_STUN, NDPI_PROTOCOL_HANGOUT_DUO); diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index e6526e144..beec5a508 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -32,38 +32,38 @@ // #define DEBUG_STUN 1 // #define DEBUG_LRU 1 -struct stun_packet_header { - u_int16_t msg_type, msg_len; - u_int32_t cookie; - u_int8_t transaction_id[8]; -}; +#define STUN_HDR_LEN 20 /* STUN message header length, Classic-STUN (RFC 3489) and STUN (RFC 8489) both */ /* ************************************************************ */ -u_int32_t get_stun_lru_key(struct ndpi_packet_struct *packet, u_int8_t rev) { +u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) { if(rev) - return(ntohl(packet->iph->daddr) + ntohs(packet->udp->dest)); + return(ntohl(flow->s_address.v4) + ntohs(flow->s_port)); else - return(ntohl(packet->iph->saddr) + ntohs(packet->udp->source)); + return(ntohl(flow->c_address.v4) + ntohs(flow->c_port)); } /* ************************************************************ */ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int proto, u_int app_proto) { + u_int app_proto) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; ndpi_confidence_t confidence = NDPI_CONFIDENCE_DPI; + if(app_proto == NDPI_PROTOCOL_GOOGLE) + app_proto = NDPI_PROTOCOL_HANGOUT_DUO; + else if(app_proto == NDPI_PROTOCOL_FACEBOOK) + app_proto = NDPI_PROTOCOL_FACEBOOK_VOIP; + if(ndpi_struct->stun_cache == NULL) ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); if(ndpi_struct->stun_cache && packet->iph - && packet->udp && (app_proto != NDPI_PROTOCOL_UNKNOWN) ) /* Cache flow sender info */ { - u_int32_t key = get_stun_lru_key(packet, 0); + u_int32_t key = get_stun_lru_key(flow, 0); u_int16_t cached_proto; if(ndpi_lru_find_cache(ndpi_struct->stun_cache, key, @@ -71,20 +71,20 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd #ifdef DEBUG_LRU printf("[LRU] FOUND %u / %u: no need to cache %u.%u\n", key, cached_proto, proto, app_proto); #endif - if(app_proto != cached_proto || proto != NDPI_PROTOCOL_STUN) { - app_proto = cached_proto, proto = NDPI_PROTOCOL_STUN; + if(app_proto != cached_proto) { + app_proto = cached_proto; confidence = NDPI_CONFIDENCE_DPI_CACHE; } } else { - u_int32_t key_rev = get_stun_lru_key(packet, 1); + u_int32_t key_rev = get_stun_lru_key(flow, 1); if(ndpi_lru_find_cache(ndpi_struct->stun_cache, key_rev, &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) { #ifdef DEBUG_LRU printf("[LRU] FOUND %u / %u: no need to cache %u.%u\n", key_rev, cached_proto, proto, app_proto); #endif - if(app_proto != cached_proto || proto != NDPI_PROTOCOL_STUN) { - app_proto = cached_proto, proto = NDPI_PROTOCOL_STUN; + if(app_proto != cached_proto) { + app_proto = cached_proto; confidence = NDPI_CONFIDENCE_DPI_CACHE; } } else { @@ -108,7 +108,7 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd } } - ndpi_set_detected_protocol(ndpi_struct, flow, app_proto, proto, confidence); + ndpi_set_detected_protocol(ndpi_struct, flow, app_proto, NDPI_PROTOCOL_STUN, confidence); } typedef enum { @@ -118,43 +118,11 @@ typedef enum { /* ************************************************************ */ -static int is_google_ip_address(u_int32_t host) { - if( - ((host & 0xFFFF0000 /* 255.255.0.0 */) == 0x4A7D0000 /* 74.125.0.0/16 */) - || ((host & 0xFFFF0000 /* 255.255.0.0 */) == 0x42660000 /* 66.102.0.0/16 */) - ) - return(1); - else - return(0); -} - -/* ************************************************************ */ - -/* - WhatsApp - 31.13.86.48 - 31.13.92.50 - 157.240.20.51 - 157.240.21.51 - 185.60.216.51 - - Messenger - 31.13.86.5 -*/ - -static int is_messenger_ip_address(u_int32_t host) { - if(host == 0x1F0D5605 /* 31.13.86.5 */) - return(1); - else - return(0); -} - -/* ************************************************************ */ - static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const u_int8_t * payload, - const u_int16_t payload_length) { + const u_int16_t payload_length, + u_int16_t *app_proto) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t msg_type, msg_len; int rc; @@ -168,11 +136,10 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if(payload_length >= 512) { return(NDPI_IS_NOT_STUN); - } else if(payload_length < sizeof(struct stun_packet_header)) { + } else if(payload_length < STUN_HDR_LEN) { /* This looks like an invalid packet */ - if(flow->stun.num_udp_pkts > 0) { - // flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; + if(flow->stun.num_pkts > 0) { return(NDPI_IS_STUN); } else return(NDPI_IS_NOT_STUN); @@ -181,7 +148,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if((strncmp((const char*)payload, (const char*)"RSP/", 4) == 0) && (strncmp((const char*)&payload[7], (const char*)" STUN_", 6) == 0)) { NDPI_LOG_INFO(ndpi_struct, "found stun\n"); - goto udp_stun_found; + goto stun_found; } msg_type = ntohs(*((u_int16_t*)payload)); @@ -212,7 +179,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * total_len = ntohs(*((u_int16_t*) &packet->payload[11])) + 13; if(payload_length == total_len) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_DTLS; + flow->guessed_protocol_id = NDPI_PROTOCOL_DTLS; return(NDPI_IS_NOT_STUN); } } @@ -221,16 +188,9 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * return(NDPI_IS_NOT_STUN); } -#if 0 - if((flow->packet.udp->dest == htons(3480)) || - (flow->packet.udp->source == htons(3480)) - ) - printf("[STUN] Here we go\n");; -#endif - if(ndpi_struct->stun_cache && packet->iph) { /* TODO: ipv6 */ u_int16_t proto; - u_int32_t key = get_stun_lru_key(packet, 0); + u_int32_t key = get_stun_lru_key(flow, 0); int rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, 0 /* Don't remove it as it can be used for other connections */); @@ -239,7 +199,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * #endif if(!rc) { - key = get_stun_lru_key(packet, 1); + key = get_stun_lru_key(flow, 1); rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, 0 /* Don't remove it as it can be used for other connections */); @@ -253,7 +213,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * printf("[LRU] Cache FOUND %u / %u\n", key, proto); #endif - flow->guessed_host_protocol_id = proto; + *app_proto = proto; return(NDPI_IS_STUN); } else { #ifdef DEBUG_LRU @@ -269,55 +229,29 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if(msg_type == 0x01 /* Binding Request */) { flow->stun.num_binding_requests++; - if(!msg_len && flow->guessed_host_protocol_id == NDPI_PROTOCOL_GOOGLE) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; - else if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_FACEBOOK) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_FACEBOOK_VOIP; - else - flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; + flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; if(!msg_len) { - /* flow->stun.num_udp_pkts++; */ + /* flow->stun.num_pkts++; */ return(NDPI_IS_NOT_STUN); /* This to keep analyzing STUN instead of giving up */ } } - if(msg_type == 0x03 /* Allocate Request */) { - if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_FACEBOOK) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_FACEBOOK_VOIP; - } - if(!msg_len && flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return(NDPI_IS_NOT_STUN); - } - - flow->stun.num_udp_pkts++; + flow->stun.num_pkts++; if((payload[0] == 0x80 && payload_length < 512 && ((msg_len+20) <= payload_length))) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; + *app_proto = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); /* This is WhatsApp Call */ } else if((payload[0] == 0x90) && (((msg_len+11) == payload_length) || (flow->stun.num_binding_requests >= 4))) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; + *app_proto = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); /* This is WhatsApp Call */ } if(payload[0] != 0x80 && (msg_len + 20) > payload_length) return(NDPI_IS_NOT_STUN); - else { - switch(flow->guessed_protocol_id) { - case NDPI_PROTOCOL_HANGOUT_DUO: - case NDPI_PROTOCOL_FACEBOOK_VOIP: - case NDPI_PROTOCOL_SIGNAL_VOIP: - case NDPI_PROTOCOL_WHATSAPP_CALL: - /* Don't overwrite the protocol with sub-STUN protocols */ - break; - - default: - flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; - break; - } - } + + flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; if(payload_length == (msg_len+20)) { if((msg_type & 0x3EEF) <= 0x000B) /* http://www.3cx.com/blog/voip-howto/stun-details/ */ { @@ -346,7 +280,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * switch(attribute) { case 0x0103: - flow->guessed_host_protocol_id = NDPI_PROTOCOL_ZOOM; + *app_proto = NDPI_PROTOCOL_ZOOM; return(NDPI_IS_STUN); break; @@ -354,7 +288,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x4001: case 0x4002: /* These are the only messages apparently whatsapp voice can use */ - flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; + *app_proto = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); break; @@ -372,14 +306,14 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * #endif if(strstr(flow->host_server_name, "google.com") != NULL) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; + *app_proto = NDPI_PROTOCOL_HANGOUT_DUO; return(NDPI_IS_STUN); } else if(strstr(flow->host_server_name, "whispersystems.org") != NULL || (strstr(flow->host_server_name, "signal.org") != NULL)) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_SIGNAL_VOIP; + *app_proto = NDPI_PROTOCOL_SIGNAL_VOIP; return(NDPI_IS_STUN); } else if(strstr(flow->host_server_name, "facebook") != NULL) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_FACEBOOK_VOIP; + *app_proto = NDPI_PROTOCOL_FACEBOOK_VOIP; return(NDPI_IS_STUN); } } @@ -389,16 +323,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0xC057: /* Messeger */ if(msg_type == 0x0001) { if((msg_len == 100) || (msg_len == 104)) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_FACEBOOK_VOIP; + *app_proto = NDPI_PROTOCOL_FACEBOOK_VOIP; return(NDPI_IS_STUN); - } else if(msg_len == 76) { -#if 0 - if(1) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; - return(NDPI_IS_NOT_STUN); /* This case is found also with signal traffic */ - } else - return(NDPI_IS_STUN); -#endif } } break; @@ -413,7 +339,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * #ifdef DEBUG_STUN printf("==> Skype found\n"); #endif - flow->guessed_host_protocol_id = NDPI_PROTOCOL_SKYPE_TEAMS_CALL; + *app_proto = NDPI_PROTOCOL_SKYPE_TEAMS_CALL; return(NDPI_IS_STUN); } @@ -434,7 +360,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * printf("==> Skype (2) found\n"); #endif - flow->guessed_host_protocol_id = NDPI_PROTOCOL_SKYPE_TEAMS_CALL; + *app_proto = NDPI_PROTOCOL_SKYPE_TEAMS_CALL; return(NDPI_IS_STUN); break; @@ -446,13 +372,13 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * printf("==> Skype (3) found\n"); #endif - flow->guessed_host_protocol_id = NDPI_PROTOCOL_SKYPE_TEAMS_CALL; + *app_proto = NDPI_PROTOCOL_SKYPE_TEAMS_CALL; return(NDPI_IS_STUN); } break; case 0xFF03: - flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; + *app_proto = NDPI_PROTOCOL_HANGOUT_DUO; return(NDPI_IS_STUN); break; @@ -466,34 +392,27 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * offset += len + 4; } - goto udp_stun_found; + goto stun_found; } else if(msg_type == 0x0800) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; + *app_proto = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); } } - if((flow->stun.num_udp_pkts > 0) && (msg_type <= 0x00FF)) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; + if((flow->stun.num_pkts > 0) && (msg_type <= 0x00FF)) { + *app_proto = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); } else return(NDPI_IS_NOT_STUN); - udp_stun_found: +stun_found: flow->stun.num_processed_pkts++; #ifdef DEBUG_STUN printf("==>> NDPI_PROTOCOL_WHATSAPP_CALL\n"); #endif - - if(packet->iph) { /* TODO: ipv6 */ - if(is_messenger_ip_address(ntohl(packet->iph->saddr)) || is_messenger_ip_address(ntohl(packet->iph->daddr))) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_FACEBOOK_VOIP; - else if(is_google_ip_address(ntohl(packet->iph->saddr)) || is_google_ip_address(ntohl(packet->iph->daddr))) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; - } - rc = (flow->stun.num_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN; + rc = (flow->stun.num_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN; return rc; } @@ -501,17 +420,11 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; + u_int16_t app_proto; - // printf("==> %s()\n", __FUNCTION__) - NDPI_LOG_DBG(ndpi_struct, "search stun\n"); - if(packet->payload == NULL) - return; - else if(packet->iphv6 != NULL) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; - } + app_proto = flow->guessed_host_protocol_id; if(packet->tcp) { /* STUN may be encapsulated in TCP packets */ @@ -521,37 +434,21 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n * improved by checking only the STUN packet of given length */ if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload + 2, - packet->payload_packet_len - 2) == NDPI_IS_STUN) { - goto udp_stun_match; + packet->payload_packet_len - 2, &app_proto) == NDPI_IS_STUN) { + ndpi_int_stun_add_connection(ndpi_struct, flow, app_proto); + return; } } } /* UDP */ if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload, - packet->payload_packet_len) == NDPI_IS_STUN) { - udp_stun_match: - - if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_GOOGLE) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; - else if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_FACEBOOK) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_FACEBOOK_VOIP; - - if(flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) - flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; - - if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) { - flow->guessed_host_protocol_id = flow->guessed_protocol_id; - flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; - } - - ndpi_int_stun_add_connection(ndpi_struct, flow, - flow->guessed_protocol_id, - flow->guessed_host_protocol_id); + packet->payload_packet_len, &app_proto) == NDPI_IS_STUN) { + ndpi_int_stun_add_connection(ndpi_struct, flow, app_proto); return; } - if(flow->stun.num_udp_pkts >= MAX_NUM_STUN_PKTS) + if(flow->stun.num_pkts >= MAX_NUM_STUN_PKTS) NDPI_EXCLUDE_PROTO(ndpi_struct, flow); if(flow->packet_counter > 0) { @@ -566,7 +463,7 @@ void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STUN, ndpi_search_stun, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/tests/pcap/stun.pcap b/tests/pcap/stun.pcap Binary files differnew file mode 100644 index 000000000..653c09e04 --- /dev/null +++ b/tests/pcap/stun.pcap diff --git a/tests/pcap/stun_dtls.pcapng b/tests/pcap/stun_dtls.pcapng Binary files differdeleted file mode 100644 index 6500908bc..000000000 --- a/tests/pcap/stun_dtls.pcapng +++ /dev/null diff --git a/tests/pcap/stun_facebook.pcapng b/tests/pcap/stun_facebook.pcapng Binary files differdeleted file mode 100644 index bb789c71d..000000000 --- a/tests/pcap/stun_facebook.pcapng +++ /dev/null diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 7f5bfe57b..b421989d3 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -6,7 +6,7 @@ Confidence Unknown : 14 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4695 (23.83 diss/flow) +Num dissector calls: 4716 (23.94 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/443-chrome.pcap.out b/tests/result/443-chrome.pcap.out index bac508c3d..a4ffa925b 100644 --- a/tests/result/443-chrome.pcap.out +++ b/tests/result/443-chrome.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 125 (125.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/443-opvn.pcap.out b/tests/result/443-opvn.pcap.out index f31895e26..2c69313c3 100644 --- a/tests/result/443-opvn.pcap.out +++ b/tests/result/443-opvn.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/6in6tunnel.pcap.out b/tests/result/6in6tunnel.pcap.out index 9cf4f0359..5f3553ebc 100644 --- a/tests/result/6in6tunnel.pcap.out +++ b/tests/result/6in6tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 115 (115.00 diss/flow) +Num dissector calls: 117 (117.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index a01ec9e9b..32ba97bc2 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 33 (flows) -Num dissector calls: 623 (16.39 diss/flow) +Num dissector calls: 645 (16.97 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 5a5a8a5db..e378ab840 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 6 (1.20 pkts/flow) Confidence Match by port : 4 (flows) Confidence Match by IP : 5 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 865 (43.25 diss/flow) +Num dissector calls: 878 (43.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out index 19905ac01..c022dc662 100644 --- a/tests/result/Oscar.pcap.out +++ b/tests/result/Oscar.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 339 (339.00 diss/flow) +Num dissector calls: 357 (357.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out index e48382570..6d133df3f 100644 --- a/tests/result/alexa-app.pcapng.out +++ b/tests/result/alexa-app.pcapng.out @@ -6,7 +6,7 @@ DPI Packets (other): 6 (1.00 pkts/flow) Confidence Match by port : 5 (flows) Confidence Match by IP : 9 (flows) Confidence DPI : 146 (flows) -Num dissector calls: 539 (3.37 diss/flow) +Num dissector calls: 540 (3.38 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/alicloud.pcap.out b/tests/result/alicloud.pcap.out index 8122a1c33..8e8f226c1 100644 --- a/tests/result/alicloud.pcap.out +++ b/tests/result/alicloud.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 60 (4.00 pkts/flow) Confidence DPI : 15 (flows) -Num dissector calls: 1815 (121.00 diss/flow) +Num dissector calls: 1830 (122.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out index 412b48ae1..4ffff783b 100644 --- a/tests/result/amqp.pcap.out +++ b/tests/result/amqp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 9 (3.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 404 (134.67 diss/flow) +Num dissector calls: 410 (136.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 75fd6aef4..2297d0977 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 2 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 61 (flows) -Num dissector calls: 924 (13.39 diss/flow) +Num dissector calls: 930 (13.48 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/avast.pcap.out b/tests/result/avast.pcap.out index 19b1e399b..cebed7df2 100644 --- a/tests/result/avast.pcap.out +++ b/tests/result/avast.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 40 (4.00 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 1220 (122.00 diss/flow) +Num dissector calls: 1230 (123.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out index 9c661eafd..c8565a4c6 100644 --- a/tests/result/bittorrent.pcap.out +++ b/tests/result/bittorrent.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 24 (1.00 pkts/flow) Confidence DPI : 24 (flows) -Num dissector calls: 2092 (87.17 diss/flow) +Num dissector calls: 2114 (88.08 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 120/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/cassandra.pcap.out b/tests/result/cassandra.pcap.out index 496da4a5a..2f1c0d600 100644 --- a/tests/result/cassandra.pcap.out +++ b/tests/result/cassandra.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 18 (9.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 350 (175.00 diss/flow) +Num dissector calls: 356 (178.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/cloudflare-warp.pcap.out b/tests/result/cloudflare-warp.pcap.out index dc7d89a14..8a2ec2624 100644 --- a/tests/result/cloudflare-warp.pcap.out +++ b/tests/result/cloudflare-warp.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (TCP): 41 (5.12 pkts/flow) Confidence Match by IP : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 181 (22.62 diss/flow) +Num dissector calls: 185 (23.12 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index 1e2a7246e..973208f38 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (1.75 pkts/flow) DPI Packets (UDP): 12 (1.00 pkts/flow) Confidence DPI : 16 (flows) -Num dissector calls: 348 (21.75 diss/flow) +Num dissector calls: 352 (22.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/corba.pcap.out b/tests/result/corba.pcap.out index 2a88825ed..546f5761b 100644 --- a/tests/result/corba.pcap.out +++ b/tests/result/corba.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (4.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 225 (75.00 diss/flow) +Num dissector calls: 228 (76.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/drda_db2.pcap.out b/tests/result/drda_db2.pcap.out index 2e2c938a9..8be052737 100644 --- a/tests/result/drda_db2.pcap.out +++ b/tests/result/drda_db2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 88 (88.00 diss/flow) +Num dissector calls: 89 (89.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/emotet.pcap.out b/tests/result/emotet.pcap.out index da15b7e1f..0b8856c57 100644 --- a/tests/result/emotet.pcap.out +++ b/tests/result/emotet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 48 (8.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 201 (33.50 diss/flow) +Num dissector calls: 203 (33.83 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fastcgi.pcap.out b/tests/result/fastcgi.pcap.out index ab1c8723d..c61b86238 100644 --- a/tests/result/fastcgi.pcap.out +++ b/tests/result/fastcgi.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 155 (155.00 diss/flow) +Num dissector calls: 157 (157.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fix.pcap.out b/tests/result/fix.pcap.out index 8a49a4801..c4daa013b 100644 --- a/tests/result/fix.pcap.out +++ b/tests/result/fix.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (1.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1092 (91.00 diss/flow) +Num dissector calls: 1104 (92.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fix2.pcap.out b/tests/result/fix2.pcap.out index ca851c8b8..4012cb781 100644 --- a/tests/result/fix2.pcap.out +++ b/tests/result/fix2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 182 (91.00 diss/flow) +Num dissector calls: 184 (92.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/ftp-start-tls.pcap.out b/tests/result/ftp-start-tls.pcap.out index 63b2c093e..5ba77ec48 100644 --- a/tests/result/ftp-start-tls.pcap.out +++ b/tests/result/ftp-start-tls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 17 (17.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 154 (154.00 diss/flow) +Num dissector calls: 156 (156.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/ftp.pcap.out b/tests/result/ftp.pcap.out index 9b6209608..9655f9af3 100644 --- a/tests/result/ftp.pcap.out +++ b/tests/result/ftp.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 49 (16.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 642 (214.00 diss/flow) +Num dissector calls: 663 (221.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/ftp_failed.pcap.out b/tests/result/ftp_failed.pcap.out index 1f4ddf9d2..76ba0d332 100644 --- a/tests/result/ftp_failed.pcap.out +++ b/tests/result/ftp_failed.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 153 (153.00 diss/flow) +Num dissector calls: 155 (155.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out index 1a9265e2c..040327c43 100644 --- a/tests/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5389 (21.47 diss/flow) +Num dissector calls: 5411 (21.56 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2006-09-29-28586.pcap.out b/tests/result/fuzz-2006-09-29-28586.pcap.out index 7c7bd9e92..293042169 100644 --- a/tests/result/fuzz-2006-09-29-28586.pcap.out +++ b/tests/result/fuzz-2006-09-29-28586.pcap.out @@ -6,7 +6,7 @@ Confidence Unknown : 3 (flows) Confidence Match by port : 24 (flows) Confidence Match by IP : 2 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 1015 (25.38 diss/flow) +Num dissector calls: 1025 (25.62 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2021-10-13.pcap.out b/tests/result/fuzz-2021-10-13.pcap.out index 93d79914c..e69af4cbe 100644 --- a/tests/result/fuzz-2021-10-13.pcap.out +++ b/tests/result/fuzz-2021-10-13.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 123 (123.00 diss/flow) +Num dissector calls: 124 (124.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/genshin-impact.pcap.out b/tests/result/genshin-impact.pcap.out index 3713af753..6cb479fb9 100644 --- a/tests/result/genshin-impact.pcap.out +++ b/tests/result/genshin-impact.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (4.00 pkts/flow) DPI Packets (UDP): 3 (1.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 517 (86.17 diss/flow) +Num dissector calls: 520 (86.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/gnutella.pcap.out b/tests/result/gnutella.pcap.out index 12841112d..72314d0b1 100644 --- a/tests/result/gnutella.pcap.out +++ b/tests/result/gnutella.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 595 (flows) Confidence Match by port : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 163 (flows) -Num dissector calls: 64781 (85.24 diss/flow) +Num dissector calls: 64833 (85.31 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index c2d0c9a97..4692f9caa 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 28 (28.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 215 (215.00 diss/flow) +Num dissector calls: 222 (222.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/h323-overflow.pcap.out b/tests/result/h323-overflow.pcap.out index 50c894f1e..373e39d91 100644 --- a/tests/result/h323-overflow.pcap.out +++ b/tests/result/h323-overflow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 125 (125.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/h323.pcap.out b/tests/result/h323.pcap.out index 5fc80bb1a..2f072d2e5 100644 --- a/tests/result/h323.pcap.out +++ b/tests/result/h323.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 127 (63.50 diss/flow) +Num dissector calls: 128 (64.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/hpvirtgrp.pcap.out b/tests/result/hpvirtgrp.pcap.out index a4728d1d1..196b468b3 100644 --- a/tests/result/hpvirtgrp.pcap.out +++ b/tests/result/hpvirtgrp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 37 (4.11 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 999 (111.00 diss/flow) +Num dissector calls: 1008 (112.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 54855a5dd..1e96fc77e 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 134 (8.93 diss/flow) +Num dissector calls: 138 (9.20 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/imap-starttls.pcap.out b/tests/result/imap-starttls.pcap.out index 3122ddbe6..f54f8635f 100644 --- a/tests/result/imap-starttls.pcap.out +++ b/tests/result/imap-starttls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 19 (19.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 204 (204.00 diss/flow) +Num dissector calls: 208 (208.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/imap.pcap.out b/tests/result/imap.pcap.out index e003e21eb..8e4c02b32 100644 --- a/tests/result/imap.pcap.out +++ b/tests/result/imap.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 204 (204.00 diss/flow) +Num dissector calls: 208 (208.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index a88879c17..6cae4ebca 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1836 (48.32 diss/flow) +Num dissector calls: 1909 (50.24 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/irc.pcap.out b/tests/result/irc.pcap.out index 5231dc786..507c13047 100644 --- a/tests/result/irc.pcap.out +++ b/tests/result/irc.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 159 (159.00 diss/flow) +Num dissector calls: 162 (162.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/jabber.pcap.out b/tests/result/jabber.pcap.out index 26b0a17da..aa12bf143 100644 --- a/tests/result/jabber.pcap.out +++ b/tests/result/jabber.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 74 (6.17 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1424 (118.67 diss/flow) +Num dissector calls: 1454 (121.17 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/kerberos.pcap.out b/tests/result/kerberos.pcap.out index 3e71e49e6..fa238a906 100644 --- a/tests/result/kerberos.pcap.out +++ b/tests/result/kerberos.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (2.14 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 23 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 3966 (110.17 diss/flow) +Num dissector calls: 4021 (111.69 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/kismet.pcap.out b/tests/result/kismet.pcap.out index fd766859f..52118b611 100644 --- a/tests/result/kismet.pcap.out +++ b/tests/result/kismet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 124 (124.00 diss/flow) +Num dissector calls: 125 (125.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/lisp_registration.pcap.out b/tests/result/lisp_registration.pcap.out index 3dc8afd65..c8d684964 100644 --- a/tests/result/lisp_registration.pcap.out +++ b/tests/result/lisp_registration.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (4.00 pkts/flow) DPI Packets (UDP): 2 (1.00 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 200 (50.00 diss/flow) +Num dissector calls: 202 (50.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/log4j-webapp-exploit.pcap.out b/tests/result/log4j-webapp-exploit.pcap.out index 89c5eb555..6a20b2ecf 100644 --- a/tests/result/log4j-webapp-exploit.pcap.out +++ b/tests/result/log4j-webapp-exploit.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 63 (9.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 450 (64.29 diss/flow) +Num dissector calls: 467 (66.71 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/memcached.cap.out b/tests/result/memcached.cap.out index 64666e4c2..5097b76dd 100644 --- a/tests/result/memcached.cap.out +++ b/tests/result/memcached.cap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/monero.pcap.out b/tests/result/monero.pcap.out index e6216f4fb..3eba6a7a4 100644 --- a/tests/result/monero.pcap.out +++ b/tests/result/monero.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 62 (31.00 diss/flow) +Num dissector calls: 64 (32.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/mongo_false_positive.pcapng.out b/tests/result/mongo_false_positive.pcapng.out index 1aaf222ab..13dd4780f 100644 --- a/tests/result/mongo_false_positive.pcapng.out +++ b/tests/result/mongo_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (26.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 410 (410.00 diss/flow) +Num dissector calls: 432 (432.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/mongodb.pcap.out b/tests/result/mongodb.pcap.out index 317a50850..53a59227c 100644 --- a/tests/result/mongodb.pcap.out +++ b/tests/result/mongodb.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 27 (3.38 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 114 (14.25 diss/flow) +Num dissector calls: 115 (14.38 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out index 44f6c50ca..a975fbfef 100644 --- a/tests/result/mssql_tds.pcap.out +++ b/tests/result/mssql_tds.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 18 (1.50 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 289 (24.08 diss/flow) +Num dissector calls: 296 (24.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/nats.pcap.out b/tests/result/nats.pcap.out index 3893f113a..d2a83201d 100644 --- a/tests/result/nats.pcap.out +++ b/tests/result/nats.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (5.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 22 (11.00 diss/flow) +Num dissector calls: 24 (12.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/nest_log_sink.pcap.out b/tests/result/nest_log_sink.pcap.out index 7cf3e6357..a37136a5c 100644 --- a/tests/result/nest_log_sink.pcap.out +++ b/tests/result/nest_log_sink.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 130 (10.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 13 (flows) -Num dissector calls: 1873 (133.79 diss/flow) +Num dissector calls: 1897 (135.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/netbios.pcap.out b/tests/result/netbios.pcap.out index 4718b088a..49910808d 100644 --- a/tests/result/netbios.pcap.out +++ b/tests/result/netbios.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 14 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 14 (flows) -Num dissector calls: 139 (9.27 diss/flow) +Num dissector calls: 140 (9.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/nntp.pcap.out b/tests/result/nntp.pcap.out index 7379b1127..a37e35edd 100644 --- a/tests/result/nntp.pcap.out +++ b/tests/result/nntp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 132 (132.00 diss/flow) +Num dissector calls: 134 (134.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out index 89c6fc8d7..639db6587 100644 --- a/tests/result/ookla.pcap.out +++ b/tests/result/ookla.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 16 (8.00 pkts/flow) Confidence DPI (cache) : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 112 (56.00 diss/flow) +Num dissector calls: 113 (56.50 diss/flow) LRU cache ookla: 3/1/1 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index 123184132..51824e6a9 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 391 (130.33 diss/flow) +Num dissector calls: 393 (131.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/oracle12.pcapng.out b/tests/result/oracle12.pcapng.out index 123bdc561..aa1492c60 100644 --- a/tests/result/oracle12.pcapng.out +++ b/tests/result/oracle12.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 20 (20.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 291 (291.00 diss/flow) +Num dissector calls: 302 (302.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/pgsql.pcap.out b/tests/result/pgsql.pcap.out index a29847399..5b5ae5003 100644 --- a/tests/result/pgsql.pcap.out +++ b/tests/result/pgsql.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 252 (126.00 diss/flow) +Num dissector calls: 254 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/pop3.pcap.out b/tests/result/pop3.pcap.out index 0c9126de6..2c2dc81ac 100644 --- a/tests/result/pop3.pcap.out +++ b/tests/result/pop3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 180 (180.00 diss/flow) +Num dissector calls: 183 (183.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/pop3_stls.pcap.out b/tests/result/pop3_stls.pcap.out index 9448ac394..f5a4ec6f5 100644 --- a/tests/result/pop3_stls.pcap.out +++ b/tests/result/pop3_stls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 18 (18.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 232 (232.00 diss/flow) +Num dissector calls: 238 (238.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/pptp.pcap.out b/tests/result/pptp.pcap.out index 8377b612c..7e2d67837 100644 --- a/tests/result/pptp.pcap.out +++ b/tests/result/pptp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 50 (50.00 diss/flow) +Num dissector calls: 51 (51.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/radius_false_positive.pcapng.out b/tests/result/radius_false_positive.pcapng.out index 66ad56e23..13b56e5e0 100644 --- a/tests/result/radius_false_positive.pcapng.out +++ b/tests/result/radius_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 10 (10.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 177 (177.00 diss/flow) +Num dissector calls: 195 (195.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/reasm_crash_anon.pcapng.out b/tests/result/reasm_crash_anon.pcapng.out index c5793e535..8b29f5f63 100644 --- a/tests/result/reasm_crash_anon.pcapng.out +++ b/tests/result/reasm_crash_anon.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 324 (324.00 diss/flow) +Num dissector calls: 340 (340.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/reasm_segv_anon.pcapng.out b/tests/result/reasm_segv_anon.pcapng.out index 7b6e9ccfc..c96f9bc9a 100644 --- a/tests/result/reasm_segv_anon.pcapng.out +++ b/tests/result/reasm_segv_anon.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 260 (260.00 diss/flow) +Num dissector calls: 270 (270.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/rsh.pcap.out b/tests/result/rsh.pcap.out index 7af79a1bd..f291c6fe3 100644 --- a/tests/result/rsh.pcap.out +++ b/tests/result/rsh.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 304 (152.00 diss/flow) +Num dissector calls: 308 (154.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/rsync.pcap.out b/tests/result/rsync.pcap.out index 6022e884a..9b67ca3ce 100644 --- a/tests/result/rsync.pcap.out +++ b/tests/result/rsync.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 173 (173.00 diss/flow) +Num dissector calls: 176 (176.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/rtmp.pcap.out b/tests/result/rtmp.pcap.out index 61ceb4f01..9934edb5e 100644 --- a/tests/result/rtmp.pcap.out +++ b/tests/result/rtmp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 155 (155.00 diss/flow) +Num dissector calls: 157 (157.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 10aebf475..573398679 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 61 (flows) Confidence Match by port : 27 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 204 (flows) -Num dissector calls: 28950 (98.81 diss/flow) +Num dissector calls: 29336 (100.12 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index e1146bf0e..7bb12a5e7 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 45 (flows) Confidence Match by port : 22 (flows) Confidence DPI : 200 (flows) -Num dissector calls: 24024 (89.98 diss/flow) +Num dissector calls: 24281 (90.94 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/smb_frags.pcap.out b/tests/result/smb_frags.pcap.out index 135ff13ae..2abc72d6d 100644 --- a/tests/result/smb_frags.pcap.out +++ b/tests/result/smb_frags.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 155 (155.00 diss/flow) +Num dissector calls: 157 (157.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/smbv1.pcap.out b/tests/result/smbv1.pcap.out index 56ebf93c9..ba6c677ea 100644 --- a/tests/result/smbv1.pcap.out +++ b/tests/result/smbv1.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 157 (157.00 diss/flow) +Num dissector calls: 159 (159.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/smpp_in_general.pcap.out b/tests/result/smpp_in_general.pcap.out index c4c9d5571..f45478d53 100644 --- a/tests/result/smpp_in_general.pcap.out +++ b/tests/result/smpp_in_general.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 89 (89.00 diss/flow) +Num dissector calls: 90 (90.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/smtp-starttls.pcap.out b/tests/result/smtp-starttls.pcap.out index d7a29394e..2365e20e6 100644 --- a/tests/result/smtp-starttls.pcap.out +++ b/tests/result/smtp-starttls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 152 (76.00 diss/flow) +Num dissector calls: 154 (77.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/smtp.pcap.out b/tests/result/smtp.pcap.out index 1be1de89b..5c529e573 100644 --- a/tests/result/smtp.pcap.out +++ b/tests/result/smtp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 198 (198.00 diss/flow) +Num dissector calls: 202 (202.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/soap.pcap.out b/tests/result/soap.pcap.out index baf4978e9..325046967 100644 --- a/tests/result/soap.pcap.out +++ b/tests/result/soap.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 20 (6.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 381 (127.00 diss/flow) +Num dissector calls: 387 (129.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/socks-http-example.pcap.out b/tests/result/socks-http-example.pcap.out index 4a7a2552f..203f4d2be 100644 --- a/tests/result/socks-http-example.pcap.out +++ b/tests/result/socks-http-example.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 29 (9.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 482 (160.67 diss/flow) +Num dissector calls: 491 (163.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index c18766832..ec1731658 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 8 (flows) Confidence Match by IP : 5 (flows) Confidence DPI : 39 (flows) -Num dissector calls: 1493 (28.71 diss/flow) +Num dissector calls: 1500 (28.85 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/stun.pcap.out b/tests/result/stun.pcap.out new file mode 100644 index 000000000..94691ea1b --- /dev/null +++ b/tests/result/stun.pcap.out @@ -0,0 +1,30 @@ +Guessed flow protos: 0 + +DPI Packets (TCP): 4 (4.00 pkts/flow) +DPI Packets (UDP): 13 (4.33 pkts/flow) +Confidence DPI : 4 (flows) +Num dissector calls: 570 (142.50 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 4/20/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 1/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 6/0 (search/found) +Patricia risk: 2/0 (search/found) +Patricia protocols: 14/6 (search/found) + +STUN 62 7620 2 +GoogleHangoutDuo 33 6292 1 +FacebookVoip 75 10554 1 + + 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][ClearText][Confidence: DPI][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 78.201/STUN.GoogleHangoutDuo][ClearText][Confidence: DPI][cat: VoIP/10][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] + 3 UDP [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603]:56880 <-> [2a38:e156:8167:a333:face:b00c::24d9]:3478 [proto: 78/STUN][ClearText][Confidence: DPI][cat: Network/14][21 pkts/1722 bytes <-> 21 pkts/2226 bytes][Goodput ratio: 24/41][191.49 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/2 9451/9451 10358/10358 2441/2441][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][PLAIN TEXT (WOBTrOXR)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][ClearText][Confidence: DPI][cat: Network/14][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/stun_dtls.pcapng.out b/tests/result/stun_dtls.pcapng.out deleted file mode 100644 index a8563bb96..000000000 --- a/tests/result/stun_dtls.pcapng.out +++ /dev/null @@ -1,24 +0,0 @@ -Guessed flow protos: 0 - -DPI Packets (UDP): 4 (4.00 pkts/flow) -Confidence DPI : 1 (flows) -Num dissector calls: 138 (138.00 diss/flow) -LRU cache ookla: 0/0/0 (insert/search/found) -LRU cache bittorrent: 0/0/0 (insert/search/found) -LRU cache zoom: 0/0/0 (insert/search/found) -LRU cache stun: 2/2/0 (insert/search/found) -LRU cache tls_cert: 0/0/0 (insert/search/found) -LRU cache mining: 0/0/0 (insert/search/found) -LRU cache msteams: 0/0/0 (insert/search/found) -Automa host: 0/0 (search/found) -Automa domain: 0/0 (search/found) -Automa tls cert: 0/0 (search/found) -Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) -Patricia risk: 0/0 (search/found) -Patricia protocols: 4/3 (search/found) - -GoogleHangoutDuo 33 6292 1 - - 1 UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 78.201/STUN.GoogleHangoutDuo][ClearText][Confidence: DPI][cat: VoIP/10][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/stun_facebook.pcapng.out b/tests/result/stun_facebook.pcapng.out deleted file mode 100644 index 405ff0b2b..000000000 --- a/tests/result/stun_facebook.pcapng.out +++ /dev/null @@ -1,24 +0,0 @@ -Guessed flow protos: 0 - -DPI Packets (UDP): 2 (2.00 pkts/flow) -Confidence DPI : 1 (flows) -Num dissector calls: 104 (104.00 diss/flow) -LRU cache ookla: 0/0/0 (insert/search/found) -LRU cache bittorrent: 0/0/0 (insert/search/found) -LRU cache zoom: 0/0/0 (insert/search/found) -LRU cache stun: 2/2/0 (insert/search/found) -LRU cache tls_cert: 0/0/0 (insert/search/found) -LRU cache mining: 0/0/0 (insert/search/found) -LRU cache msteams: 0/0/0 (insert/search/found) -Automa host: 0/0 (search/found) -Automa domain: 0/0 (search/found) -Automa tls cert: 0/0 (search/found) -Automa risk mask: 1/0 (search/found) -Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) -Patricia risk: 0/0 (search/found) -Patricia protocols: 4/3 (search/found) - -FacebookVoip 75 10554 1 - - 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][ClearText][Confidence: DPI][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/stun_signal.pcapng.out b/tests/result/stun_signal.pcapng.out index 2809c5151..589b59c00 100644 --- a/tests/result/stun_signal.pcapng.out +++ b/tests/result/stun_signal.pcapng.out @@ -3,13 +3,12 @@ Guessed flow protos: 1 DPI Packets (UDP): 60 (2.86 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) -Confidence DPI (cache) : 2 (flows) -Confidence DPI : 20 (flows) -Num dissector calls: 1870 (81.30 diss/flow) +Confidence DPI : 22 (flows) +Num dissector calls: 1868 (81.22 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) -LRU cache stun: 12/122/28 (insert/search/found) +LRU cache stun: 12/124/28 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) @@ -35,8 +34,8 @@ SignalVoip 193 23756 11 6 UDP 192.168.12.169:39950 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][ClearText][Confidence: DPI][cat: VoIP/10][11 pkts/1282 bytes <-> 11 pkts/1290 bytes][Goodput ratio: 64/64][30.98 sec][bytes ratio: -0.003 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 3757/3735 10023/10021 4493/4510][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 117/117 162/134 48/13][PLAIN TEXT (ovaKDk)][Plen Bins: 22,18,31,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.12.169:37970 <-> 35.158.122.211:3478 [proto: 78.269/STUN.SignalVoip][ClearText][Confidence: DPI][cat: VoIP/10][10 pkts/1196 bytes <-> 10 pkts/1164 bytes][Goodput ratio: 65/64][22.74 sec][bytes ratio: 0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 1760/2672 10017/10018 3250/3952][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 120/116 158/134 45/13][PLAIN TEXT (BSFWxqj)][Plen Bins: 20,20,30,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 ICMP 35.158.122.211:0 <-> 192.168.12.169:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Network/14][17 pkts/1578 bytes <-> 2 pkts/276 bytes][Goodput ratio: 55/69][22.73 sec][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1052/0 7992/0 2154/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][PLAIN TEXT (braaHWB)][Plen Bins: 0,89,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.12.169:39950 -> 35.158.183.167:443 [proto: 78.265/STUN.AmazonAWS][ClearText][Confidence: DPI (cache)][cat: Cloud/13][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 37/0 1416/0 7961/0 2721/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 UDP 192.168.12.169:43068 -> 35.158.183.167:443 [proto: 78.265/STUN.AmazonAWS][ClearText][Confidence: DPI (cache)][cat: Cloud/13][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 60/0 1419/0 7937/0 2708/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.12.169:39950 -> 35.158.183.167:443 [proto: 78.265/STUN.AmazonAWS][ClearText][Confidence: DPI][cat: Cloud/13][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 37/0 1416/0 7961/0 2721/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.12.169:43068 -> 35.158.183.167:443 [proto: 78.265/STUN.AmazonAWS][ClearText][Confidence: DPI][cat: Cloud/13][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 60/0 1419/0 7937/0 2708/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.169:39518 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][ClearText][Confidence: DPI][cat: VoIP/10][4 pkts/448 bytes <-> 4 pkts/504 bytes][Goodput ratio: 62/67][4.85 sec][Hostname/SNI: signal.org][bytes ratio: -0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 23/30 1612/1611 4762/4754 2228/2222][Pkt Len c2s/s2c min/avg/max/stddev: 62/110 112/126 158/134 46/10][PLAIN TEXT (GBLsrHn)][Plen Bins: 25,0,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.12.169:47204 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][ClearText][Confidence: DPI][cat: VoIP/10][4 pkts/448 bytes <-> 4 pkts/504 bytes][Goodput ratio: 62/67][4.85 sec][bytes ratio: -0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 41/42 1612/1612 4721/4721 2198/2199][Pkt Len c2s/s2c min/avg/max/stddev: 62/110 112/126 158/134 46/10][PLAIN TEXT (nYAy610)][Plen Bins: 25,0,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 192.168.12.169:37970 -> 35.158.122.211:443 [proto: 78.265/STUN.AmazonAWS][ClearText][Confidence: DPI][cat: Cloud/13][14 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][15.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 984/0 7992/0 2186/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (braaHWB)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/syslog.pcap.out b/tests/result/syslog.pcap.out index 030e21ad7..b8e7e719b 100644 --- a/tests/result/syslog.pcap.out +++ b/tests/result/syslog.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 10 (5.00 pkts/flow) DPI Packets (UDP): 20 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 21 (flows) -Num dissector calls: 62 (2.82 diss/flow) +Num dissector calls: 63 (2.86 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index d67105ecb..df857d4c3 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 602 (7.25 diss/flow) +Num dissector calls: 604 (7.28 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/telnet.pcap.out b/tests/result/telnet.pcap.out index 7829a0f89..2c011590d 100644 --- a/tests/result/telnet.pcap.out +++ b/tests/result/telnet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 154 (154.00 diss/flow) +Num dissector calls: 156 (156.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/threema.pcap.out b/tests/result/threema.pcap.out index e2fbcd500..fe1af29d8 100644 --- a/tests/result/threema.pcap.out +++ b/tests/result/threema.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 66 (11.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 4 (flows) -Num dissector calls: 1262 (210.33 diss/flow) +Num dissector calls: 1290 (215.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out index 6a3a5e775..ef79d20f0 100644 --- a/tests/result/tinc.pcap.out +++ b/tests/result/tinc.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 19 (9.50 pkts/flow) DPI Packets (UDP): 2 (1.00 pkts/flow) Confidence DPI (cache) : 2 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 530 (132.50 diss/flow) +Num dissector calls: 538 (134.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tls-appdata.pcap.out b/tests/result/tls-appdata.pcap.out index 8c2251921..e3e8ad90a 100644 --- a/tests/result/tls-appdata.pcap.out +++ b/tests/result/tls-appdata.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 17 (8.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 127 (63.50 diss/flow) +Num dissector calls: 128 (64.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tls_certificate_too_long.pcap.out b/tests/result/tls_certificate_too_long.pcap.out index a58410838..f6ec0338b 100644 --- a/tests/result/tls_certificate_too_long.pcap.out +++ b/tests/result/tls_certificate_too_long.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 33 (flows) -Num dissector calls: 602 (17.20 diss/flow) +Num dissector calls: 611 (17.46 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tls_false_positives.pcapng.out b/tests/result/tls_false_positives.pcapng.out index cfabceb1b..03d95edde 100644 --- a/tests/result/tls_false_positives.pcapng.out +++ b/tests/result/tls_false_positives.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 30 (30.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 410 (410.00 diss/flow) +Num dissector calls: 439 (439.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tls_invalid_reads.pcap.out b/tests/result/tls_invalid_reads.pcap.out index 41a7404da..cf4cfa36f 100644 --- a/tests/result/tls_invalid_reads.pcap.out +++ b/tests/result/tls_invalid_reads.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 10 (3.33 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 127 (42.33 diss/flow) +Num dissector calls: 128 (42.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tls_missing_ch_frag.pcap.out b/tests/result/tls_missing_ch_frag.pcap.out index 5bf00a2b3..a358b36af 100644 --- a/tests/result/tls_missing_ch_frag.pcap.out +++ b/tests/result/tls_missing_ch_frag.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/ultrasurf.pcap.out b/tests/result/ultrasurf.pcap.out index f4e655e5c..5c9d30954 100644 --- a/tests/result/ultrasurf.pcap.out +++ b/tests/result/ultrasurf.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 13 (4.33 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 125 (41.67 diss/flow) +Num dissector calls: 126 (42.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index ea850623c..2e8656c04 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 525 (18.10 diss/flow) +Num dissector calls: 543 (18.72 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out index 930a11db5..47439842c 100644 --- a/tests/result/vnc.pcap.out +++ b/tests/result/vnc.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (5.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 264 (132.00 diss/flow) +Num dissector calls: 268 (134.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/wa_video.pcap.out b/tests/result/wa_video.pcap.out index 7ee5851d7..0a572a30f 100644 --- a/tests/result/wa_video.pcap.out +++ b/tests/result/wa_video.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 33 (33.00 pkts/flow) DPI Packets (UDP): 13 (1.00 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 13 (flows) -Num dissector calls: 518 (37.00 diss/flow) +Num dissector calls: 536 (38.29 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/wa_voice.pcap.out b/tests/result/wa_voice.pcap.out index e8b2c8b92..1a66d6585 100644 --- a/tests/result/wa_voice.pcap.out +++ b/tests/result/wa_voice.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 33 (1.57 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 27 (flows) -Num dissector calls: 446 (15.93 diss/flow) +Num dissector calls: 448 (16.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 490282528..663e9b6dc 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 9 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 383 (11.61 diss/flow) +Num dissector calls: 386 (11.70 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/websocket.pcap.out b/tests/result/websocket.pcap.out index 3535cf891..4414763a5 100644 --- a/tests/result/websocket.pcap.out +++ b/tests/result/websocket.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 107 (107.00 diss/flow) +Num dissector calls: 108 (108.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 36d190ce9..1347dace2 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Match by port : 17 (flows) Confidence Match by IP : 8 (flows) Confidence DPI : 78 (flows) -Num dissector calls: 318 (3.09 diss/flow) +Num dissector calls: 319 (3.10 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/whatsapp.pcap.out b/tests/result/whatsapp.pcap.out index c535ae320..608a88251 100644 --- a/tests/result/whatsapp.pcap.out +++ b/tests/result/whatsapp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 344 (4.00 pkts/flow) Confidence DPI : 86 (flows) -Num dissector calls: 12728 (148.00 diss/flow) +Num dissector calls: 12900 (150.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 517952f8f..81e175d8b 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence Match by IP : 16 (flows) Confidence DPI : 37 (flows) -Num dissector calls: 331 (5.81 diss/flow) +Num dissector calls: 333 (5.84 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 4eaa234b1..3936fac49 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 17 (5.67 pkts/flow) DPI Packets (UDP): 7 (1.17 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 303 (33.67 diss/flow) +Num dissector calls: 305 (33.89 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index d5445ae4f..a660a68ae 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 20 (4.00 pkts/flow) DPI Packets (UDP): 8 (1.00 pkts/flow) Confidence DPI : 13 (flows) -Num dissector calls: 488 (37.54 diss/flow) +Num dissector calls: 493 (37.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/whois.pcapng.out b/tests/result/whois.pcapng.out index 6861c4a84..7783a8d03 100644 --- a/tests/result/whois.pcapng.out +++ b/tests/result/whois.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 16 (5.33 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 186 (62.00 diss/flow) +Num dissector calls: 189 (63.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/wow.pcap.out b/tests/result/wow.pcap.out index f03ac56d5..e59622961 100644 --- a/tests/result/wow.pcap.out +++ b/tests/result/wow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 36 (7.20 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 130 (26.00 diss/flow) +Num dissector calls: 133 (26.60 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/xiaomi.pcap.out b/tests/result/xiaomi.pcap.out index bfa7dc8f1..91eabb504 100644 --- a/tests/result/xiaomi.pcap.out +++ b/tests/result/xiaomi.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 19 (2.71 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 711 (101.57 diss/flow) +Num dissector calls: 717 (102.43 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/z3950.pcapng.out b/tests/result/z3950.pcapng.out index 46299fe08..8cf600c66 100644 --- a/tests/result/z3950.pcapng.out +++ b/tests/result/z3950.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 471 (235.50 diss/flow) +Num dissector calls: 484 (242.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/zcash.pcap.out b/tests/result/zcash.pcap.out index 1ae1de644..249a2c9cc 100644 --- a/tests/result/zcash.pcap.out +++ b/tests/result/zcash.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 31 (31.00 diss/flow) +Num dissector calls: 32 (32.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index 7c1ce7536..af7eccfe5 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 25 (1.47 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 31 (flows) -Num dissector calls: 815 (24.70 diss/flow) +Num dissector calls: 820 (24.85 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 8/0/0 (insert/search/found) |