Fixed a bug in the STUN dissector courtesy of Asher Yermiyahu

Fixed a bug in the NetFlow dissector that caused flows to be wrongly decoded as Netflow Updated test results for starcraft and whatsapp
author: Luca Deri <deri@ntop.org> 2015-08-03 14:35:31 +0200
committer: Luca Deri <deri@ntop.org> 2015-08-03 14:35:31 +0200
commit: 449742e69dbb7bfb34b7436e5e83549a9d5a4293 (patch)
tree: 275d13f4099511e336f291f35abb5aa6b689be4e
parent: bc786b48fae9062a9ba02f99ac35c3da56ac07a1 (diff)
4 files changed, 177 insertions, 92 deletions
diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c
index 31d679765..30bb898f2 100644
--- a/src/lib/protocols/netflow.c
+++ b/src/lib/protocols/netflow.c
@@ -30,6 +30,73 @@ extern int gettimeofday(struct timeval * tp, struct timezone * tzp);
 #define do_gettimeofday(a) gettimeofday(a, NULL)
 #endif
 
+struct flow_ver1_rec {
+  u_int32_t srcaddr;    /* Source IP Address */
+  u_int32_t dstaddr;    /* Destination IP Address */
+  u_int32_t nexthop;    /* Next hop router's IP Address */
+  u_int16_t input;      /* Input interface index */
+  u_int16_t output;     /* Output interface index */
+  u_int32_t dPkts;      /* Packets sent in Duration */
+  u_int32_t dOctets;    /* Octets sent in Duration */
+  u_int32_t first;      /* SysUptime at start of flow */
+  u_int32_t last;       /* and of last packet of the flow */
+  u_int16_t srcport;    /* TCP/UDP source port number (.e.g, FTP, Telnet, etc.,or equivalent) */
+  u_int16_t dstport;    /* TCP/UDP destination port number (.e.g, FTP, Telnet, etc.,or equivalent) */
+  u_int16_t pad;        /* pad to word boundary */
+  u_int8_t  proto;      /* IP protocol, e.g., 6=TCP, 17=UDP, etc... */
+  u_int8_t  tos;        /* IP Type-of-Service */
+  u_int8_t  pad2[7];    /* pad to word boundary */
+};
+
+struct flow_ver5_rec {
+  u_int32_t srcaddr;    /* Source IP Address */
+  u_int32_t dstaddr;    /* Destination IP Address */
+  u_int32_t nexthop;    /* Next hop router's IP Address */
+  u_int16_t input;      /* Input interface index */
+  u_int16_t output;     /* Output interface index */
+  u_int32_t dPkts;      /* Packets sent in Duration (milliseconds between 1st
+			   & last packet in this flow)*/
+  u_int32_t dOctets;    /* Octets sent in Duration (milliseconds between 1st
+			   & last packet in  this flow)*/
+  u_int32_t first;      /* SysUptime at start of flow */
+  u_int32_t last;       /* and of last packet of the flow */
+  u_int16_t srcport;    /* TCP/UDP source port number (.e.g, FTP, Telnet, etc.,or equivalent) */
+  u_int16_t dstport;    /* TCP/UDP destination port number (.e.g, FTP, Telnet, etc.,or equivalent) */
+  u_int8_t pad1;        /* pad to word boundary */
+  u_int8_t tcp_flags;   /* Cumulative OR of tcp flags */
+  u_int8_t proto;        /* IP protocol, e.g., 6=TCP, 17=UDP, etc... */
+  u_int8_t tos;         /* IP Type-of-Service */
+  u_int16_t src_as;     /* source peer/origin Autonomous System */
+  u_int16_t dst_as;     /* dst peer/origin Autonomous System */
+  u_int8_t src_mask;    /* source route's mask bits */
+  u_int8_t dst_mask;    /* destination route's mask bits */
+  u_int16_t pad2;       /* pad to word boundary */
+};
+
+struct flow_ver7_rec {
+  u_int32_t srcaddr;    /* Source IP Address */
+  u_int32_t dstaddr;    /* Destination IP Address */
+  u_int32_t nexthop;    /* Next hop router's IP Address */
+  u_int16_t input;      /* Input interface index */
+  u_int16_t output;     /* Output interface index */
+  u_int32_t dPkts;      /* Packets sent in Duration */
+  u_int32_t dOctets;    /* Octets sent in Duration */
+  u_int32_t first;      /* SysUptime at start of flow */
+  u_int32_t last;       /* and of last packet of the flow */
+  u_int16_t srcport;    /* TCP/UDP source port number (.e.g, FTP, Telnet, etc.,or equivalent) */
+  u_int16_t dstport;    /* TCP/UDP destination port number (.e.g, FTP, Telnet, etc.,or equivalent) */
+  u_int8_t  flags;      /* Shortcut mode(dest only,src only,full flows*/
+  u_int8_t  tcp_flags;  /* Cumulative OR of tcp flags */
+  u_int8_t  proto;      /* IP protocol, e.g., 6=TCP, 17=UDP, etc... */
+  u_int8_t  tos;        /* IP Type-of-Service */
+  u_int16_t dst_as;     /* dst peer/origin Autonomous System */
+  u_int16_t src_as;     /* source peer/origin Autonomous System */
+  u_int8_t  dst_mask;   /* destination route's mask bits */
+  u_int8_t  src_mask;   /* source route's mask bits */
+  u_int16_t pad2;       /* pad to word boundary */
+  u_int32_t router_sc;  /* Router which is shortcut by switch */
+};
+
 static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct *packet = &flow->packet;
@@ -41,19 +108,36 @@ static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct,
   if((packet->udp != NULL) && (payload_len >= 24)) {
     u_int16_t version = (packet->payload[0] << 8) + packet->payload[1], uptime_offset;
     u_int32_t when, *_when;
-    u_int16_t n = (packet->payload[2] << 8) + packet->payload[3];
+    u_int16_t n = (packet->payload[2] << 8) + packet->payload[3], expected_len = 0;
 
     switch(version) {
     case 1:
     case 5:
     case 7:
     case 9:
-      {      
-	u_int16_t num_flows = n;
+      if((n == 0) || (n > 30))
+	return;
+
+      switch(version) {
+      case 1:
+	expected_len = n * sizeof(struct flow_ver1_rec) + 16 /* header */;
+	break;
+      case 5:
+	expected_len = n * sizeof(struct flow_ver5_rec) + 24 /* header */;
+	break;
+      case 7:
+	expected_len = n * sizeof(struct flow_ver7_rec) + 24 /* header */;
+	break;
+      case 9:
+	/* We need to check the template */
+	break;
+      }
 
-	if((num_flows == 0) || (num_flows > 30))
-	  return;
+      if((expected_len > 0) && (expected_len != payload_len)) {
+	NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NETFLOW);
+	return;
       }
+
       uptime_offset = 8;
       break;
     case 10: /* IPFIX */
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index 1f84b268f..97b3efd67 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -174,8 +174,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
 
 
   if(
-     ((flow->num_stun_udp_pkts > 0) && (msg_type = 0x0800)) 
-     || ((msg_type = 0x0800) && (msg_len == 106))
+     ((flow->num_stun_udp_pkts > 0) && (msg_type == 0x0800)) 
+     || ((msg_type == 0x0800) && (msg_len == 106))
      ) {     
     *is_whatsapp = 1;
     return NDPI_IS_STUN; /* This is WhatsApp Voice */
diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out
index 8627460d6..918647cef 100644
--- a/tests/result/starcraft_battle.pcap.out
+++ b/tests/result/starcraft_battle.pcap.out
@@ -1,66 +1,65 @@
 Unknown	2	121	1
-DNS	18	1956	5
-HTTP	180	134270	2
+DNS	26	2848	7
+HTTP	450	294880	19
 SSDP	11	4984	1
 WorldOfWarcraft	9	880	1
 IGMP	2	120	1
 SSL	43	2903	13
 Google	12	1467	2
 Quic	6	475	1
-Battle.net	278	161502	19
 Starcraft	236	51494	6
 
-	1	TCP 80.239.186.21:80 <-> 192.168.1.100:3516 [proto: 7.213/HTTP.Battle.net][12 pkts/3680 bytes][Host: eu.launcher.battle.net]
-	2	TCP 80.239.186.26:80 <-> 192.168.1.100:3518 [proto: 7.213/HTTP.Battle.net][10 pkts/1226 bytes][Host: nydus.battle.net]
-	3	TCP 80.239.186.21:80 <-> 192.168.1.100:3522 [proto: 7.213/HTTP.Battle.net][11 pkts/3620 bytes][Host: eu.launcher.battle.net]
-	4	TCP 80.239.186.26:80 <-> 192.168.1.100:3524 [proto: 7.213/HTTP.Battle.net][10 pkts/1214 bytes][Host: nydus.battle.net]
-	5	TCP 80.239.186.40:80 <-> 192.168.1.100:3526 [proto: 7.213/HTTP.Battle.net][11 pkts/3686 bytes][Host: eu.battle.net]
-	6	TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 214/Starcraft][13 pkts/902 bytes]
+	1	TCP 80.239.186.21:80 <-> 192.168.1.100:3516 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net]
+	2	TCP 80.239.186.26:80 <-> 192.168.1.100:3518 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net]
+	3	TCP 80.239.186.21:80 <-> 192.168.1.100:3522 [proto: 7/HTTP][11 pkts/3620 bytes][Host: eu.launcher.battle.net]
+	4	TCP 80.239.186.26:80 <-> 192.168.1.100:3524 [proto: 7/HTTP][10 pkts/1214 bytes][Host: nydus.battle.net]
+	5	TCP 80.239.186.40:80 <-> 192.168.1.100:3526 [proto: 7/HTTP][11 pkts/3686 bytes][Host: eu.battle.net]
+	6	TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][13 pkts/902 bytes]
 	7	UDP 239.255.255.250:1900 <-> 192.168.1.254:38605 [proto: 12/SSDP][11 pkts/4984 bytes]
-	8	UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5.213/DNS.Battle.net][4 pkts/336 bytes][Host: nydus.battle.net]
+	8	UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/336 bytes][Host: nydus.battle.net]
 	9	UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/417 bytes][Host: 254.1.168.192.in-addr.arpa]
 	10	UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/455 bytes][Host: 22.40.194.173.in-addr.arpa]
 	11	TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][3 pkts/168 bytes]
 	12	TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][4 pkts/228 bytes]
-	13	UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 214/Starcraft][2 pkts/104 bytes]
+	13	UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][2 pkts/104 bytes]
 	14	TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91/SSL][2 pkts/121 bytes]
-	15	TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][29 pkts/25105 bytes][Host: bnetcmsus-a.akamaihd.net]
-	16	TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
-	17	TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net]
+	15	TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25105 bytes][Host: bnetcmsus-a.akamaihd.net]
+	16	TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
+	17	TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes]
 	18	TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes]
 	19	TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
 	20	TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
 	21	TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
 	22	TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
-	23	TCP 80.239.186.26:80 <-> 192.168.1.100:3515 [proto: 7.213/HTTP.Battle.net][10 pkts/1224 bytes][Host: nydus.battle.net]
-	24	TCP 80.239.186.21:80 <-> 192.168.1.100:3519 [proto: 7.213/HTTP.Battle.net][9 pkts/979 bytes][Host: eu.launcher.battle.net]
-	25	TCP 80.239.186.26:80 <-> 192.168.1.100:3521 [proto: 7.213/HTTP.Battle.net][10 pkts/1224 bytes][Host: nydus.battle.net]
-	26	TCP 80.239.186.26:80 <-> 192.168.1.100:3523 [proto: 7.213/HTTP.Battle.net][10 pkts/1208 bytes][Host: nydus.battle.net]
-	27	TCP 80.239.186.40:80 <-> 192.168.1.100:3525 [proto: 7.213/HTTP.Battle.net][12 pkts/3933 bytes][Host: eu.battle.net]
+	23	TCP 80.239.186.26:80 <-> 192.168.1.100:3515 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net]
+	24	TCP 80.239.186.21:80 <-> 192.168.1.100:3519 [proto: 7/HTTP][9 pkts/979 bytes][Host: eu.launcher.battle.net]
+	25	TCP 80.239.186.26:80 <-> 192.168.1.100:3521 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net]
+	26	TCP 80.239.186.26:80 <-> 192.168.1.100:3523 [proto: 7/HTTP][10 pkts/1208 bytes][Host: nydus.battle.net]
+	27	TCP 80.239.186.40:80 <-> 192.168.1.100:3525 [proto: 7/HTTP][12 pkts/3933 bytes][Host: eu.battle.net]
 	28	TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes]
 	29	TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes]
 	30	TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][179 pkts/134204 bytes][Host: llnw.blizzard.com]
 	31	UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/Quic][6 pkts/475 bytes]
-	32	UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5.213/DNS.Battle.net][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net]
+	32	UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net]
 	33	UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa]
 	34	UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/210 bytes][Host: 40.186.239.80.in-addr.arpa]
 	35	UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/442 bytes][Host: llnw.blizzard.com]
 	36	TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][9 pkts/1299 bytes][Host: www.google-analytics.com]
 	37	TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91/SSL][3 pkts/234 bytes]
 	38	IGMP 224.0.0.22:0 <-> 192.168.1.107:0 [proto: 82/IGMP][2 pkts/120 bytes]
-	39	TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 214/Starcraft][215 pkts/50178 bytes]
-	40	UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 214/Starcraft][2 pkts/103 bytes]
-	41	UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 214/Starcraft][2 pkts/103 bytes]
-	42	TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][41 pkts/37433 bytes][Host: bnetcmsus-a.akamaihd.net]
-	43	TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
-	44	TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
-	45	TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net]
+	39	TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][215 pkts/50178 bytes]
+	40	UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][2 pkts/103 bytes]
+	41	UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][2 pkts/103 bytes]
+	42	TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][41 pkts/37433 bytes][Host: bnetcmsus-a.akamaihd.net]
+	43	TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
+	44	TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
+	45	TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes]
 	46	TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
 	47	TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
 	48	TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
 	49	TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
 	50	TCP 12.129.222.54:80 <-> 192.168.1.100:3512 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com]
-	51	UDP 62.115.246.51:1119 <-> 192.168.1.100:53146 [proto: 214/Starcraft][2 pkts/104 bytes]
+	51	UDP 62.115.246.51:1119 <-> 192.168.1.100:53146 [proto: 213/Starcraft][2 pkts/104 bytes]
 
 
 Undetected flows:
diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out
index 81b5d2fa6..5ed7616e3 100644
--- a/tests/result/whatsapp_login_call.pcap.out
+++ b/tests/result/whatsapp_login_call.pcap.out
@@ -1,71 +1,73 @@
+Unknown	662	83338	2
 HTTP	11	726	3
 MDNS	8	952	4
 DHCP	10	3420	1
-STUN	129	18572	17
+STUN	141	19604	18
 ICMP	10	700	1
 SSL	8	589	2
 DropBox	4	2176	1
-NetFlow	12	1032	1
 Apple	127	28102	20
 WhatsApp	182	25154	2
 AppleiTunes	85	28087	2
 Spotify	3	258	1
-WhatsAppVoice	662	83338	2
 
 	1	UDP fe80::da30:62ff:fe56:1c:5353 <-> ff02::fb:5353 [proto: 8/MDNS][2 pkts/258 bytes]
 	2	UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/DropBox][4 pkts/2176 bytes]
 	3	ICMP 192.168.2.4:0 <-> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes]
-	4	UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][198 pkts/30418 bytes]
-	5	UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78/STUN][5 pkts/676 bytes]
-	6	UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com]
-	7	UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	8	UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes]
-	9	TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	10	TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	11	TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	12	TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	13	TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	14	TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	15	TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com]
-	16	TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes]
-	17	UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	18	UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	19	UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	20	UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	21	UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	22	UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	23	UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	24	UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 78/STUN][24 pkts/4825 bytes]
-	25	UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	26	UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	27	UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	28	UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	29	UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 78/STUN][20 pkts/2993 bytes]
-	30	UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78/STUN][5 pkts/676 bytes]
-	31	TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes]
-	32	TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes]
-	33	UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes]
-	34	UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes]
-	35	TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes]
-	36	UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes]
-	37	UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net]
-	38	UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 128/NetFlow][12 pkts/1032 bytes]
-	39	TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes]
-	40	TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	41	TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	42	TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	43	TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	44	TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	45	TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com]
-	46	TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	47	TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	48	TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	49	TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
-	50	TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes]
-	51	TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com]
-	52	TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes]
-	53	TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes]
-	54	UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
-	55	UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
-	56	TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes]
-	57	UDP fe80::c42c:3ff:fe60:6a64:5353 <-> ff02::fb:5353 [proto: 8/MDNS][2 pkts/258 bytes]
+	4	UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78/STUN][5 pkts/676 bytes]
+	5	UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com]
+	6	UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	7	UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes]
+	8	TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	9	TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	10	TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	11	TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	12	TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	13	TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	14	TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com]
+	15	TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes]
+	16	UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	17	UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	18	UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	19	UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	20	UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	21	UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	22	UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	23	UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 78/STUN][24 pkts/4825 bytes]
+	24	UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	25	UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	26	UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	27	UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	28	UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 78/STUN][20 pkts/2993 bytes]
+	29	UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78/STUN][5 pkts/676 bytes]
+	30	TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes]
+	31	TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes]
+	32	UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes]
+	33	TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes]
+	34	UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes]
+	35	UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net]
+	36	UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes]
+	37	TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes]
+	38	TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	39	TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	40	TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	41	TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	42	TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	43	TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com]
+	44	TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	45	TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	46	TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	47	TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+	48	TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes]
+	49	TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com]
+	50	TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes]
+	51	TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes]
+	52	UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
+	53	UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
+	54	TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes]
+	55	UDP fe80::c42c:3ff:fe60:6a64:5353 <-> ff02::fb:5353 [proto: 8/MDNS][2 pkts/258 bytes]
+
+
+Undetected flows:
+	1	UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 0/Unknown][198 pkts/30418 bytes]
+	2	UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 0/Unknown][464 pkts/52920 bytes]
author	Luca Deri <deri@ntop.org>	2015-08-03 14:35:31 +0200
committer	Luca Deri <deri@ntop.org>	2015-08-03 14:35:31 +0200
commit	449742e69dbb7bfb34b7436e5e83549a9d5a4293 (patch)
tree	275d13f4099511e336f291f35abb5aa6b689be4e
parent	bc786b48fae9062a9ba02f99ac35c3da56ac07a1 (diff)