diff options
| author | Luca Deri <deri@ntop.org> | 2019-07-24 00:13:07 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-07-24 00:13:07 +0200 |
| commit | 63173e7360d5acf6ef8f18a8d98edba48da0d7d6 (patch) | |
| tree | a4a9e9c5a8fc1629aa5a2e19d9a1a1ed1b2bbaf6 | |
| parent | d398b0aba68df1fbd441677f29c446d05ec0abff (diff) | |
Updated results with new dissection
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 37 | ||||
| -rw-r--r-- | tests/result/1kxun.pcap.out | 28 | ||||
| -rw-r--r-- | tests/result/hangout.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/pps.pcap.out | 92 | ||||
| -rw-r--r-- | tests/result/quickplay.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/viber.pcap.out | 5 |
8 files changed, 104 insertions, 73 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 526aeaa04..9c0356ec8 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8505,7 +8505,6 @@ ndpi_protocol_match host_match[] = { { "g.whatsapp.net", NULL, "g\\.whatsapp" TLD, "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { "v.whatsapp.net", NULL, "v\\.whatsapp" TLD, "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { "mmg.whatsapp.net", NULL, "mmg\\.whatsapp" TLD, "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "graph.facebook.com", NULL, "graph\\.facebook" TLD, "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { ".yahoo.", NULL, "\\.yahoo" TLD, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".yimg.com", NULL, "\\.yimg" TLD, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index aa2d9c7af..896b8a43c 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1666,7 +1666,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT_DUO, 0 /* can_have_a_subprotocol */, no_master, - no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_VOIP, + no_master, "GoogleHangoutDuo", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, @@ -1727,8 +1727,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMAZON_VIDEO, 0 /* can_have_a_subprotocol */, no_master, no_master, "AmazonVideo", NDPI_PROTOCOL_CATEGORY_CLOUD, - ndpi_build_default_ports(ports_a, 443, 80, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index b53bed73d..f4749b71a 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -30,6 +30,8 @@ #define MAX_NUM_STUN_PKTS 8 +// #define DEBUG_STUN 1 + struct stun_packet_header { u_int16_t msg_type, msg_len; u_int32_t cookie; @@ -46,6 +48,17 @@ typedef enum { NDPI_IS_NOT_STUN } ndpi_int_stun_t; + +static int is_google_ip_address(u_int32_t host) { + if( + ((host & 0xFFFF0000 /* 255.255.0.0 */) == 0x4A7D0000 /* 74.125.0.0/16 */) + || ((host & 0xFFFF0000 /* 255.255.0.0 */) == 0x42660000 /* 66.102.0.0/16 */) + ) + return(1); + else + return(0); +} + static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const u_int8_t * payload, @@ -87,10 +100,15 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if(msg_type == 0x01 /* Binding Request */) { flow->protos.stun_ssl.stun.num_binding_requests++; - if((msg_len == 0) && (flow->guessed_host_protocol_id == NDPI_PROTOCOL_GOOGLE)) { + if((msg_len == 0) && (flow->guessed_host_protocol_id == NDPI_PROTOCOL_GOOGLE)) { flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; } } + + if((msg_len == 0) && (flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN)) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return(NDPI_IS_NOT_STUN); + } flow->protos.stun_ssl.stun.num_udp_pkts++; @@ -199,9 +217,16 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } break; + case 0xFF03: + can_this_be_whatsapp_voice = 0; + flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; + break; + default: /* This means this STUN packet cannot be confused with whatsapp voice */ - /* printf("==> %04X\n", attribute); */ +#ifdef DEBUG_STUN + printf("==> %04X\n", attribute); +#endif can_this_be_whatsapp_voice = 0; break; } @@ -223,8 +248,14 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * udp_stun_found: if(can_this_be_whatsapp_voice) { + struct ndpi_packet_struct *packet = &flow->packet; + flow->protos.stun_ssl.stun.num_processed_pkts++; - flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_VOICE; +#ifdef DEBUG_STUN + printf("==>> NDPI_PROTOCOL_WHATSAPP_VOICE\n"); +#endif + + flow->guessed_host_protocol_id = (is_google_ip_address(ntohl(packet->iph->saddr)) || is_google_ip_address(ntohl(packet->iph->daddr))) ? NDPI_PROTOCOL_HANGOUT_DUO : NDPI_PROTOCOL_WHATSAPP_VOICE; return((flow->protos.stun_ssl.stun.num_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN); } else { /* diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 3e883d264..dd6e9f5b3 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -21,13 +21,13 @@ JA3 Host Stats: 1 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][cat: Web/5][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144][PLAIN TEXT (GET /vlive.qq)] - 2 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] - 3 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] - 4 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] - 5 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] - 6 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi][PLAIN TEXT (GET /api/movies/mp4)] - 7 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] - 8 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] + 2 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] + 3 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] + 4 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] + 5 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] + 6 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi][PLAIN TEXT (GET /api/movies/mp4)] + 7 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] + 8 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com][PLAIN TEXT (GET /video)] 9 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152][PLAIN TEXT (POST /api/proxy)] 10 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)] 11 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)] @@ -40,12 +40,12 @@ JA3 Host Stats: 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 19 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 20 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 21 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi][PLAIN TEXT (GET /api/videos/10410.j)] + 21 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi][PLAIN TEXT (GET /api/videos/10410.j)] 22 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 23 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi][PLAIN TEXT (GET /api/videos/10410.j)] + 23 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi][PLAIN TEXT (GET /api/videos/10410.j)] 24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 64.119/SSL_No_Cert.Facebook][cat: SocialNetwork/6][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] 25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] - 26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com][PLAIN TEXT (GET /api/videos/alsolikes/10410)] + 26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com][PLAIN TEXT (GET /api/videos/alsolikes/10410)] 27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145][PLAIN TEXT (GET /vlive.qq)] 28 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] 29 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] @@ -71,12 +71,12 @@ JA3 Host Stats: 49 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes] 50 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][PLAIN TEXT (MSFT 5.07)] 51 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][PLAIN TEXT (MSFT 5.07)] - 52 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] + 52 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Media/1][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] 53 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( FDEDCOEBFC)] - 54 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] + 54 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Media/1][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] 55 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][cat: Chat/9][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] - 56 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] - 57 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 56 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Media/1][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 57 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.137/DNS.GenericProtocol][cat: Media/1][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] 58 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] 59 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes -> 0 pkts/0 bytes] 60 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out index a50232b5e..a7789954e 100644 --- a/tests/result/hangout.pcap.out +++ b/tests/result/hangout.pcap.out @@ -1,3 +1,3 @@ -GoogleHangout 19 2774 1 +GoogleHangoutDuo 19 2774 1 - 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201/GoogleHangout][cat: VoIP/10][19 pkts/2774 bytes -> 0 pkts/0 bytes][PLAIN TEXT (BmMSSYwdxAOW3)] + 1 UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201/GoogleHangoutDuo][cat: VoIP/10][19 pkts/2774 bytes -> 0 pkts/0 bytes][PLAIN TEXT (BmMSSYwdxAOW3)] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 903571a05..0c92f26c7 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -4,70 +4,70 @@ SSDP 63 17143 10 Google 2 1093 1 GenericProtocol 1429 1780307 49 - 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][PLAIN TEXT (GET /preimage/20160506/f0/1)] - 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][PLAIN TEXT (GET /preimage/20160506/f0/1)] - 3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/downloade)] + 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][PLAIN TEXT (GET /preimage/20160506/f0/1)] + 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][PLAIN TEXT (GET /preimage/20160506/f0/1)] + 3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/downloade)] 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][PLAIN TEXT (GET /videos/v)] 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7/HTTP][cat: Web/5][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com][PLAIN TEXT (POST /bc2 HTTP/1.1)] 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] - 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com][PLAIN TEXT (GET /vi/500494600/562)] - 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] + 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com][PLAIN TEXT (GET /vi/500494600/562)] + 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] - 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)] - 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com][PLAIN TEXT (GET /20160625/a)] - 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] - 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] - 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] - 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] - 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (180932301)] + 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)] + 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com][PLAIN TEXT (GET /20160625/a)] + 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] + 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] + 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] + 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] + 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (180932301)] 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com][PLAIN TEXT (33fd HTTP/1.1)] - 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /2efc)] - 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (180932301)] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com][PLAIN TEXT (33fd HTTP/1.1)] + 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /2efc)] + 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (180932301)] 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66][PLAIN TEXT (GET /videos/v)] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com][PLAIN TEXT (GET /mkt.gif)] - 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com][PLAIN TEXT (1467353167221)] - 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (channelid)] - 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/downloadh)] - 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] - 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] - 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] - 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] - 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com][PLAIN TEXT (GET /mkt.gif)] + 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com][PLAIN TEXT (1467353167221)] + 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (channelid)] + 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/downloadh)] + 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] + 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] + 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] + 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] + 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com][PLAIN TEXT (GET /pca3)] - 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com][PLAIN TEXT (GET /ocsp/MEkwRzBFMEMwQ)] 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][PLAIN TEXT (584748ac9)] - 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /ccs HTTP/1.1)] - 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] - 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /ccs HTTP/1.1)] + 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] + 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] 43 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] - 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /2efc)] - 45 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 46 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /2efc)] + 45 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 46 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com][PLAIN TEXT (GET /andc)] - 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)] + 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)] 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][PLAIN TEXT (GET /comMagicanApi/composite/ap)] - 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com][PLAIN TEXT (GET /cityjson HTTP/1.1)] + 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com][PLAIN TEXT (GET /cityjson HTTP/1.1)] 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][PLAIN TEXT (GET /comMagicanApi/index.php/To)] - 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)] + 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)] 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /k HTTP/1.1)] - 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] - 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] - 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (5.2.15.2240)] - 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/Q)] - 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (9.0.8112.16421)] - 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] + 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /k HTTP/1.1)] + 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] + 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] + 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (5.2.15.2240)] + 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/Q)] + 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (9.0.8112.16421)] + 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( HTTP/1.1)] 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 302 Found)] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index d49f58767..83465b705 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -9,8 +9,8 @@ Amazon 2 1469 1 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] 4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] 5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 6 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] - 7 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] + 6 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] + 7 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Media/1][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] 8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] 9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] 10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com][PLAIN TEXT (GET /vstb/playlist)] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index de2dcf7dc..f333e24cd 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -1,10 +1,11 @@ DNS 8 1267 4 MDNS 4 412 1 ICMP 2 3028 1 -SSL 31 8597 3 +SSL 12 824 2 ICMPV6 2 140 1 Facebook 2 281 1 Google 32 9133 3 +GenericProtocol 19 7773 1 Viber 268 99524 9 Amazon 71 24849 3 @@ -19,7 +20,7 @@ JA3 Host Stats: 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes] 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][TLSv1.2][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/SSL.Amazon][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/SSL][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][server: y.ssl.fastly.net][JA3S: 860fcf58fd757e26aa8911e5eaff6b53][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91.137/SSL.GenericProtocol][cat: Media/1][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][server: y.ssl.fastly.net][JA3S: 860fcf58fd757e26aa8911e5eaff6b53][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/SSL.Amazon][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: VoIP/10][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: VoIP/10][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] |