diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-07-07 17:49:35 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-07 17:49:35 +0200 |
| commit | ff4e010501ff057e353c7f1d9785b5caadceade3 (patch) | |
| tree | fc012ec6770e3f78d857caab0080b641a21737e8 | |
| parent | d254ae54f3af143ff34c2657c028cda4198e9e9c (diff) | |
Avoid spurious calls to extra dissection (#1648)
If the extra callabck is not set, calling the extra dissection is only a
waste of resources...
47 files changed, 101 insertions, 105 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ee338ce76..795a7fe80 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6097,8 +6097,10 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct return(ret); } - if(ndpi_str->max_packets_to_process > 0 && flow->num_processed_pkts >= ndpi_str->max_packets_to_process) + if(ndpi_str->max_packets_to_process > 0 && flow->num_processed_pkts >= ndpi_str->max_packets_to_process) { + flow->extra_packets_func = NULL; /* To allow ndpi_extra_dissection_possible() to fail */ return(ret); /* Avoid spending too much time with this flow */ + } flow->num_processed_pkts++; @@ -8043,6 +8045,9 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp proto); #endif + if(!flow->extra_packets_func) + return(0); + switch(proto) { case NDPI_PROTOCOL_TLS: case NDPI_PROTOCOL_DTLS: @@ -8091,19 +8096,10 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp break; case NDPI_PROTOCOL_SKYPE_TEAMS: - if(flow->extra_packets_func) - return(1); - break; - case NDPI_PROTOCOL_QUIC: - if(flow->extra_packets_func) - return(1); - break; - case NDPI_PROTOCOL_KERBEROS: case NDPI_PROTOCOL_SNMP: - if(flow->extra_packets_func) - return(1); + return(1); break; case NDPI_PROTOCOL_BITTORRENT: diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index bc9a9b640..a8236d147 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 37 +Guessed flow protos: 26 -DPI Packets (TCP): 639 (6.52 pkts/flow) +DPI Packets (TCP): 427 (4.36 pkts/flow) DPI Packets (UDP): 120 (1.21 pkts/flow) Confidence Unknown : 14 (flows) Confidence Match by port : 5 (flows) diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 62e0bfa91..0067335b9 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 10 +Guessed flow protos: 8 -DPI Packets (TCP): 174 (9.16 pkts/flow) +DPI Packets (TCP): 171 (9.00 pkts/flow) DPI Packets (UDP): 36 (2.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 4 (flows) @@ -36,7 +36,7 @@ JA3 Host Stats: 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][ClearText][Confidence: DPI][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Goodput ratio: 38/49][21.81 sec][Hostname/SNI: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5452/101 21457/215 9241/81][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/114 243/339 73/112][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][ClearText][Confidence: Match by IP][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][Goodput ratio: 0/0][25.75 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 136/98 3845/3844 13075/13111 4719/4735][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56/56 56/56 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/TLS][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes][Goodput ratio: 0/0][13.28 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/TLS.Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][2 pkts/139 bytes <-> 2 pkts/112 bytes][Goodput ratio: 19/0][0.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/TLS.Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][2 pkts/139 bytes <-> 2 pkts/112 bytes][Goodput ratio: 19/0][0.03 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/166 bytes][Goodput ratio: 43/73][0.04 sec][Hostname/SNI: katalk.kakao.com][110.76.142.34][PLAIN TEXT (katalk)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/85 bytes <-> 1 pkts/144 bytes][Goodput ratio: 48/69][0.05 sec][Hostname/SNI: developers.facebook.com][31.13.68.84][PLAIN TEXT (developers)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][ClearText][Confidence: DPI][cat: SocialNetwork/6][1 pkts/80 bytes <-> 1 pkts/138 bytes][Goodput ratio: 44/68][0.04 sec][Hostname/SNI: graph.facebook.com][31.13.68.70][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index c780f7cbb..b56cb7b31 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 12 +Guessed flow protos: 10 -DPI Packets (TCP): 86 (5.73 pkts/flow) +DPI Packets (TCP): 64 (4.27 pkts/flow) DPI Packets (UDP): 6 (1.20 pkts/flow) Confidence Match by port : 4 (flows) Confidence Match by IP : 5 (flows) diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out index e93c022f0..19074272d 100644 --- a/tests/result/alexa-app.pcapng.out +++ b/tests/result/alexa-app.pcapng.out @@ -1,6 +1,6 @@ -Guessed flow protos: 68 +Guessed flow protos: 14 -DPI Packets (TCP): 1780 (14.71 pkts/flow) +DPI Packets (TCP): 850 (7.02 pkts/flow) DPI Packets (UDP): 64 (1.94 pkts/flow) DPI Packets (other): 6 (1.00 pkts/flow) Confidence Match by port : 5 (flows) diff --git a/tests/result/android.pcap.out b/tests/result/android.pcap.out index 62b8fb979..a95c8f4c6 100644 --- a/tests/result/android.pcap.out +++ b/tests/result/android.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 11 +Guessed flow protos: 7 -DPI Packets (TCP): 175 (6.25 pkts/flow) +DPI Packets (TCP): 157 (5.61 pkts/flow) DPI Packets (UDP): 52 (1.68 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Match by IP : 3 (flows) diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 060b680da..66febe650 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -1,7 +1,7 @@ -Guessed flow protos: 19 +Guessed flow protos: 12 -DPI Packets (TCP): 206 (9.36 pkts/flow) -DPI Packets (UDP): 109 (2.95 pkts/flow) +DPI Packets (TCP): 161 (7.32 pkts/flow) +DPI Packets (UDP): 103 (2.78 pkts/flow) DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 5 (flows) diff --git a/tests/result/anydesk.pcap.out b/tests/result/anydesk.pcap.out index 9b75d6171..cad4f3dce 100644 --- a/tests/result/anydesk.pcap.out +++ b/tests/result/anydesk.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 1 +Guessed flow protos: 0 -DPI Packets (TCP): 28 (14.00 pkts/flow) +DPI Packets (TCP): 21 (10.50 pkts/flow) Confidence DPI : 2 (flows) AnyDesk 6963 2795460 2 diff --git a/tests/result/bittorrent_utp.pcap.out b/tests/result/bittorrent_utp.pcap.out index 0cf00658f..3ef6ad3bd 100644 --- a/tests/result/bittorrent_utp.pcap.out +++ b/tests/result/bittorrent_utp.pcap.out @@ -1,6 +1,6 @@ Guessed flow protos: 0 -DPI Packets (UDP): 25 (25.00 pkts/flow) +DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI (cache) : 1 (flows) BitTorrent 86 41489 1 diff --git a/tests/result/emotet.pcap.out b/tests/result/emotet.pcap.out index 3c3dc5365..0b6261b30 100644 --- a/tests/result/emotet.pcap.out +++ b/tests/result/emotet.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 1 +Guessed flow protos: 0 -DPI Packets (TCP): 121 (20.17 pkts/flow) +DPI Packets (TCP): 48 (8.00 pkts/flow) Confidence DPI : 6 (flows) SMTP 626 438465 1 diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out index 49eb2c5f6..41c4be456 100644 --- a/tests/result/facebook.pcap.out +++ b/tests/result/facebook.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 1 +Guessed flow protos: 0 -DPI Packets (TCP): 51 (25.50 pkts/flow) +DPI Packets (TCP): 16 (8.00 pkts/flow) Confidence DPI : 2 (flows) Facebook 60 30511 2 diff --git a/tests/result/fuzz-2006-09-29-28586.pcap.out b/tests/result/fuzz-2006-09-29-28586.pcap.out index 444943867..48464f930 100644 --- a/tests/result/fuzz-2006-09-29-28586.pcap.out +++ b/tests/result/fuzz-2006-09-29-28586.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 38 +Guessed flow protos: 35 -DPI Packets (TCP): 112 (2.87 pkts/flow) +DPI Packets (TCP): 109 (2.79 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 3 (flows) Confidence Match by port : 23 (flows) diff --git a/tests/result/fuzz-2021-10-13.pcap.out b/tests/result/fuzz-2021-10-13.pcap.out index 4cab569cb..b34c41b1c 100644 --- a/tests/result/fuzz-2021-10-13.pcap.out +++ b/tests/result/fuzz-2021-10-13.pcap.out @@ -1,4 +1,4 @@ -Guessed flow protos: 1 +Guessed flow protos: 0 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) diff --git a/tests/result/googledns_android10.pcap.out b/tests/result/googledns_android10.pcap.out index 137a9e5e6..fa6aaa9f0 100644 --- a/tests/result/googledns_android10.pcap.out +++ b/tests/result/googledns_android10.pcap.out @@ -1,6 +1,6 @@ Guessed flow protos: 2 -DPI Packets (TCP): 117 (16.71 pkts/flow) +DPI Packets (TCP): 42 (6.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 6 (flows) diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 01a5108be..261e9bb3d 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 8 +Guessed flow protos: 7 -DPI Packets (TCP): 86 (6.62 pkts/flow) +DPI Packets (TCP): 85 (6.54 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index 4fda93aa1..9d69eccc5 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 18 +Guessed flow protos: 15 -DPI Packets (TCP): 499 (16.63 pkts/flow) +DPI Packets (TCP): 360 (12.00 pkts/flow) DPI Packets (UDP): 10 (1.43 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index dcfe7f24c..d75de977a 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 6 +Guessed flow protos: 1 -DPI Packets (TCP): 393 (8.36 pkts/flow) +DPI Packets (TCP): 288 (6.13 pkts/flow) DPI Packets (UDP): 27 (2.08 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by IP : 1 (flows) diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index ac3273cf7..457b3c2fd 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 7 +Guessed flow protos: 6 -DPI Packets (TCP): 70 (17.50 pkts/flow) +DPI Packets (TCP): 29 (7.25 pkts/flow) DPI Packets (UDP): 35 (2.33 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 6 (flows) diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index a89d26933..0294f8964 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 18 +Guessed flow protos: 13 -DPI Packets (TCP): 266 (22.17 pkts/flow) +DPI Packets (TCP): 92 (7.67 pkts/flow) DPI Packets (UDP): 8 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 18 (flows) diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out index 8a255f868..3a4e142b1 100644 --- a/tests/result/ookla.pcap.out +++ b/tests/result/ookla.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 1 +Guessed flow protos: 0 -DPI Packets (TCP): 24 (12.00 pkts/flow) +DPI Packets (TCP): 16 (8.00 pkts/flow) Confidence DPI (cache) : 1 (flows) Confidence DPI : 1 (flows) diff --git a/tests/result/pinterest.pcap.out b/tests/result/pinterest.pcap.out index 746f795d7..36eda919b 100644 --- a/tests/result/pinterest.pcap.out +++ b/tests/result/pinterest.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 17 +Guessed flow protos: 16 -DPI Packets (TCP): 261 (7.05 pkts/flow) +DPI Packets (TCP): 224 (6.05 pkts/flow) Confidence Match by port : 16 (flows) Confidence DPI : 21 (flows) diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 59ed2f42a..becb50fbb 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 44 +Guessed flow protos: 43 -DPI Packets (TCP): 159 (2.52 pkts/flow) +DPI Packets (TCP): 141 (2.24 pkts/flow) DPI Packets (UDP): 201 (4.57 pkts/flow) Confidence Unknown : 34 (flows) Confidence Match by port : 2 (flows) diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 358ea2de1..a8fe90224 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 10 +Guessed flow protos: 8 -DPI Packets (TCP): 147 (7.00 pkts/flow) +DPI Packets (TCP): 75 (3.57 pkts/flow) Confidence DPI : 21 (flows) HTTP 133 96179 11 diff --git a/tests/result/safari.pcap.out b/tests/result/safari.pcap.out index 72657754c..d0f85071c 100644 --- a/tests/result/safari.pcap.out +++ b/tests/result/safari.pcap.out @@ -1,6 +1,6 @@ Guessed flow protos: 0 -DPI Packets (TCP): 421 (60.14 pkts/flow) +DPI Packets (TCP): 46 (6.57 pkts/flow) Confidence DPI : 7 (flows) TLS 6019 5570309 7 diff --git a/tests/result/signal.pcap.out b/tests/result/signal.pcap.out index 64a669fe7..c1ffb2ead 100644 --- a/tests/result/signal.pcap.out +++ b/tests/result/signal.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 3 +Guessed flow protos: 1 -DPI Packets (TCP): 110 (7.33 pkts/flow) +DPI Packets (TCP): 97 (6.47 pkts/flow) DPI Packets (UDP): 5 (1.67 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 19 (flows) @@ -32,8 +32,8 @@ JA3 Host Stats: 12 TCP 192.168.2.17:49226 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][Encrypted][Confidence: DPI][cat: Chat/9][13 pkts/1688 bytes <-> 11 pkts/3569 bytes][Goodput ratio: 48/79][9.90 sec][Hostname/SNI: textsecure-service.whispersystems.org][bytes ratio: -0.358 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/57 113/154 53/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/324 502/1506 120/473][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,30,20,0,0,0,10,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] 13 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][ClearText][Confidence: DPI][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][15.76 sec][Hostname/SNI: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 12/13][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158/4 347/16 157/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68/78 90/105 16/15][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 192.168.2.17:56996 <-> 17.248.146.144:443 [proto: 91.140/TLS.Apple][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/341 bytes <-> 4 pkts/264 bytes][Goodput ratio: 23/0][0.03 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/0 8/0 25/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/66 112/66 20/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][5 pkts/317 bytes <-> 3 pkts/221 bytes][Goodput ratio: 7/10][0.03 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 24/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63/74 89/89 14/11][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 192.168.2.17:56996 <-> 17.248.146.144:443 [proto: 91.140/TLS.Apple][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/341 bytes <-> 4 pkts/264 bytes][Goodput ratio: 23/0][0.03 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/0 8/0 25/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/66 112/66 20/0][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][5 pkts/317 bytes <-> 3 pkts/221 bytes][Goodput ratio: 7/10][0.03 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 24/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63/74 89/89 14/11][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.2.17:56263 <-> 192.168.2.1:53 [proto: 5.39/DNS.Signal][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/97 bytes <-> 1 pkts/193 bytes][Goodput ratio: 56/78][0.03 sec][Hostname/SNI: textsecure-service.whispersystems.org][54.175.47.110][PLAIN TEXT (textsecure)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 192.168.2.17:60793 <-> 192.168.2.1:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.04 sec][Hostname/SNI: e673.dsce9.akamaiedge.net][23.57.24.16][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 ICMP 192.168.2.17:0 -> 192.168.2.1:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index b4a364802..aa52ce445 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,7 +1,7 @@ -Guessed flow protos: 125 +Guessed flow protos: 97 -DPI Packets (TCP): 1771 (18.26 pkts/flow) -DPI Packets (UDP): 366 (1.92 pkts/flow) +DPI Packets (TCP): 1691 (17.43 pkts/flow) +DPI Packets (UDP): 337 (1.76 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 61 (flows) Confidence Match by port : 27 (flows) diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 793ed03e8..f99c8130b 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,7 +1,7 @@ -Guessed flow protos: 96 +Guessed flow protos: 72 -DPI Packets (TCP): 1240 (16.32 pkts/flow) -DPI Packets (UDP): 310 (1.67 pkts/flow) +DPI Packets (TCP): 1168 (15.37 pkts/flow) +DPI Packets (UDP): 288 (1.55 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 45 (flows) Confidence Match by port : 22 (flows) diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out index e6ac87cc1..703cde00b 100644 --- a/tests/result/snapchat.pcap.out +++ b/tests/result/snapchat.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 3 +Guessed flow protos: 0 -DPI Packets (TCP): 56 (18.67 pkts/flow) +DPI Packets (TCP): 18 (6.00 pkts/flow) Confidence DPI : 3 (flows) Google 22 2879 1 diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 2df1b8b52..45ee80271 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 24 +Guessed flow protos: 16 -DPI Packets (TCP): 182 (4.79 pkts/flow) +DPI Packets (TCP): 166 (4.37 pkts/flow) DPI Packets (UDP): 36 (2.77 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 8 (flows) diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index 8da00bc36..7a4c51573 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 23 +Guessed flow protos: 4 -DPI Packets (TCP): 793 (18.88 pkts/flow) +DPI Packets (TCP): 494 (11.76 pkts/flow) DPI Packets (UDP): 87 (2.17 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) diff --git a/tests/result/telegram.pcap.out b/tests/result/telegram.pcap.out index 2cc204a70..a37afc138 100644 --- a/tests/result/telegram.pcap.out +++ b/tests/result/telegram.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 6 +Guessed flow protos: 5 -DPI Packets (UDP): 105 (2.19 pkts/flow) +DPI Packets (UDP): 93 (1.94 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 46 (flows) diff --git a/tests/result/telnet.pcap.out b/tests/result/telnet.pcap.out index a091b3500..103c29bae 100644 --- a/tests/result/telnet.pcap.out +++ b/tests/result/telnet.pcap.out @@ -1,6 +1,6 @@ Guessed flow protos: 0 -DPI Packets (TCP): 81 (81.00 pkts/flow) +DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence DPI : 1 (flows) Telnet 87 7418 1 diff --git a/tests/result/tls-appdata.pcap.out b/tests/result/tls-appdata.pcap.out index ae356b073..1255d2137 100644 --- a/tests/result/tls-appdata.pcap.out +++ b/tests/result/tls-appdata.pcap.out @@ -1,6 +1,6 @@ Guessed flow protos: 1 -DPI Packets (TCP): 87 (43.50 pkts/flow) +DPI Packets (TCP): 20 (10.00 pkts/flow) Confidence DPI : 2 (flows) Facebook 6 789 1 diff --git a/tests/result/tls_alert.pcap.out b/tests/result/tls_alert.pcap.out index 172c206c8..e9f0cc6a0 100644 --- a/tests/result/tls_alert.pcap.out +++ b/tests/result/tls_alert.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 2 +Guessed flow protos: 1 -DPI Packets (TCP): 18 (9.00 pkts/flow) +DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) TLS 7 533 1 diff --git a/tests/result/tls_certificate_too_long.pcap.out b/tests/result/tls_certificate_too_long.pcap.out index 7da4b4cd9..a8f9af328 100644 --- a/tests/result/tls_certificate_too_long.pcap.out +++ b/tests/result/tls_certificate_too_long.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 8 +Guessed flow protos: 5 -DPI Packets (TCP): 220 (13.75 pkts/flow) +DPI Packets (TCP): 120 (7.50 pkts/flow) DPI Packets (UDP): 33 (1.94 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Unknown : 1 (flows) diff --git a/tests/result/tumblr.pcap.out b/tests/result/tumblr.pcap.out index 1fe6bfeb0..3a38e36cd 100644 --- a/tests/result/tumblr.pcap.out +++ b/tests/result/tumblr.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 34 +Guessed flow protos: 32 -DPI Packets (TCP): 586 (12.47 pkts/flow) +DPI Packets (TCP): 237 (5.04 pkts/flow) Confidence Match by port : 28 (flows) Confidence DPI : 19 (flows) diff --git a/tests/result/tunnelbear.pcap.out b/tests/result/tunnelbear.pcap.out index 3e329e42e..d2bd8a86e 100644 --- a/tests/result/tunnelbear.pcap.out +++ b/tests/result/tunnelbear.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 10 +Guessed flow protos: 3 -DPI Packets (TCP): 255 (12.14 pkts/flow) +DPI Packets (TCP): 125 (5.95 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 20 (flows) diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 05a5d085f..2cae4412b 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 8 +Guessed flow protos: 5 -DPI Packets (TCP): 181 (13.92 pkts/flow) +DPI Packets (TCP): 151 (11.62 pkts/flow) DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 4 (flows) diff --git a/tests/result/wa_voice.pcap.out b/tests/result/wa_voice.pcap.out index 011ec265f..a4c3d80bb 100644 --- a/tests/result/wa_voice.pcap.out +++ b/tests/result/wa_voice.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 4 +Guessed flow protos: 3 -DPI Packets (TCP): 27 (4.50 pkts/flow) +DPI Packets (TCP): 20 (3.33 pkts/flow) DPI Packets (UDP): 33 (1.57 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) @@ -41,7 +41,7 @@ JA3 Host Stats: 14 UDP 192.168.2.12:64716 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][4 pkts/671 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][9.04 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP [fe80::414:409d:8afd:9f05]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][5 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.2.12:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][Confidence: DPI][cat: Network/14][5 pkts/544 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][32.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (airplay)][Plen Bins: 0,80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 17.171.47.85:443 <-> 192.168.2.12:50502 [proto: 91.140/TLS.Apple][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/271 bytes <-> 4 pkts/271 bytes][Goodput ratio: 11/11][0.28 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 94/0 278/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/68 97/97 18/18][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 17.171.47.85:443 <-> 192.168.2.12:50502 [proto: 91.140/TLS.Apple][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/271 bytes <-> 4 pkts/271 bytes][Goodput ratio: 11/11][0.28 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 94/0 278/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/68 97/97 18/18][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 ICMP 192.168.2.12:0 -> 91.252.56.51:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.92 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 UDP 192.168.2.12:55296 <-> 192.168.2.1:53 [proto: 5.242/DNS.WhatsAppFiles][ClearText][Confidence: DPI][cat: Download/7][1 pkts/89 bytes <-> 1 pkts/105 bytes][Goodput ratio: 52/59][0.03 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][31.13.86.51][PLAIN TEXT (whatsapp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP 192.168.2.12:60549 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][ClearText][Confidence: DPI][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/117 bytes][Goodput ratio: 44/64][0.04 sec][Hostname/SNI: pps.whatsapp.net][157.240.20.52][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index de6a537a7..0a4703759 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 11 +Guessed flow protos: 10 -DPI Packets (TCP): 215 (6.72 pkts/flow) +DPI Packets (TCP): 208 (6.50 pkts/flow) DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 9 (flows) diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index bae4234fd..15ae9de2a 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 26 +Guessed flow protos: 17 -DPI Packets (TCP): 515 (9.36 pkts/flow) +DPI Packets (TCP): 395 (7.18 pkts/flow) DPI Packets (UDP): 17 (8.50 pkts/flow) Confidence Match by port : 1 (flows) Confidence Match by IP : 3 (flows) @@ -71,7 +71,7 @@ JA3 Host Stats: 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][Encrypted][Confidence: DPI][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/TLS.Webex][Encrypted][Confidence: DPI][cat: VoIP/10][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][Encrypted][Confidence: DPI][cat: VoIP/10][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][Encrypted][Confidence: Match by IP][cat: VoIP/10][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/TLS][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.265/TLS.AmazonAWS][Encrypted][Confidence: Match by IP][cat: Cloud/13][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 122ee9d6c..b89889679 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -1,7 +1,7 @@ -Guessed flow protos: 46 +Guessed flow protos: 43 -DPI Packets (TCP): 531 (9.00 pkts/flow) -DPI Packets (UDP): 124 (3.35 pkts/flow) +DPI Packets (TCP): 458 (7.76 pkts/flow) +DPI Packets (UDP): 70 (1.89 pkts/flow) DPI Packets (other): 7 (1.00 pkts/flow) Confidence Match by port : 17 (flows) Confidence Match by IP : 8 (flows) diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 959d54e9f..e1845eb75 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 28 +Guessed flow protos: 27 -DPI Packets (TCP): 167 (5.57 pkts/flow) +DPI Packets (TCP): 100 (3.33 pkts/flow) DPI Packets (UDP): 44 (3.14 pkts/flow) Confidence Match by port : 13 (flows) Confidence Match by IP : 8 (flows) diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 5e520d0c7..cf99d8a35 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 23 +Guessed flow protos: 20 -DPI Packets (TCP): 167 (6.19 pkts/flow) +DPI Packets (TCP): 93 (3.44 pkts/flow) DPI Packets (UDP): 35 (1.21 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 4 (flows) diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index c4007c819..834153151 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 4 +Guessed flow protos: 2 -DPI Packets (TCP): 55 (18.33 pkts/flow) +DPI Packets (TCP): 25 (8.33 pkts/flow) DPI Packets (UDP): 7 (1.17 pkts/flow) Confidence DPI : 9 (flows) diff --git a/tests/result/whatsappfiles.pcap.out b/tests/result/whatsappfiles.pcap.out index e245b39a4..38cb53a1b 100644 --- a/tests/result/whatsappfiles.pcap.out +++ b/tests/result/whatsappfiles.pcap.out @@ -1,6 +1,6 @@ Guessed flow protos: 0 -DPI Packets (TCP): 89 (44.50 pkts/flow) +DPI Packets (TCP): 14 (7.00 pkts/flow) Confidence DPI : 2 (flows) WhatsAppFiles 620 452233 2 diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index a3680ecea..470d53e1c 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -1,6 +1,6 @@ -Guessed flow protos: 6 +Guessed flow protos: 4 -DPI Packets (TCP): 134 (9.57 pkts/flow) +DPI Packets (TCP): 118 (8.43 pkts/flow) DPI Packets (UDP): 25 (1.47 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) |