diff options
| author | Campus <campus@ntop.org> | 2016-10-17 18:43:47 +0200 |
|---|---|---|
| committer | Campus <campus@ntop.org> | 2016-10-17 18:43:47 +0200 |
| commit | 94c134318bc2e2b36f44cdb9e20efedf9ad99060 (patch) | |
| tree | 4cf69cb79716da96b0054cb5fee34341e9ad406d | |
| parent | 6fd334dcd77f12f22870d81be2c0a14231e6edea (diff) | |
fix msn dissector - add pcap for test
| -rw-r--r-- | src/lib/protocols/msn.c | 26 | ||||
| -rw-r--r-- | tests/pcap/msnms.pcap | bin | 0 -> 62351 bytes | |||
| -rw-r--r-- | tests/result/msnms.pcap.out | 8 |
3 files changed, 20 insertions, 14 deletions
diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index 204e2bfe6..2f5b6c468 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -448,22 +448,20 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "msn 7.\n"); - if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) { - if (packet->tcp->source == htons(443) || packet->tcp->dest == htons(443)) { - if (packet->payload_packet_len > 300) { - - if (memcmp(&packet->payload[40], "INVITE MSNMSGR", 14) == 0 - || memcmp(&packet->payload[56], "INVITE MSNMSGR", 14) == 0 - || memcmp(&packet->payload[172], "INVITE MSNMSGR", 14) == 0) { - ndpi_int_msn_add_connection(ndpi_struct, flow); - - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 3\n"); - return; - } - } + if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) { + if (memcmp(&packet->payload[0], "MSG ", 4) == 0 + || memcmp(&packet->payload[0], "PNG", 3) == 0 + || memcmp(&packet->payload[0], "QNG ", 4) == 0 + || memcmp(&packet->payload[0], "OUT", 3) == 0 + || memcmp(&packet->payload[0], "RNG ", 4) == 0 + || memcmp(&packet->payload[0], "NLN ", 4) == 0 + || memcmp(&packet->payload[0], "UBX ", 4) == 0 + || memcmp(&packet->payload[0], "XFR ", 4) == 0) { + ndpi_int_msn_add_connection(ndpi_struct, flow); + + NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN detected\n"); return; } - /* For non port 443 flows exclude flow bitmask after first packet itself */ } NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN tcp excluded.\n"); ndpi_msn_exclude: diff --git a/tests/pcap/msnms.pcap b/tests/pcap/msnms.pcap Binary files differnew file mode 100644 index 000000000..ebcc569a7 --- /dev/null +++ b/tests/pcap/msnms.pcap diff --git a/tests/result/msnms.pcap.out b/tests/result/msnms.pcap.out new file mode 100644 index 000000000..85a95fbf1 --- /dev/null +++ b/tests/result/msnms.pcap.out @@ -0,0 +1,8 @@ +MSN 364 56503 6 + + 1 TCP 192.168.1.14:1176 <-> 207.46.108.39:1863 [proto: 68/MSN][13 pkts/2202 bytes] + 2 TCP 192.168.1.14:1208 <-> 207.46.108.83:1863 [proto: 68/MSN][91 pkts/16723 bytes] + 3 TCP 192.168.1.14:1220 <-> 207.46.108.150:1863 [proto: 68/MSN][16 pkts/2900 bytes] + 4 TCP 192.168.1.14:1037 <-> 207.46.107.149:1863 [proto: 68/MSN][96 pkts/8851 bytes] + 5 TCP 192.168.1.14:1217 <-> 207.46.108.41:1863 [proto: 68/MSN][65 pkts/11416 bytes] + 6 TCP 192.168.1.14:1221 <-> 207.46.108.59:1863 [proto: 68/MSN][83 pkts/14411 bytes] |