diff options
| author | Luca Deri <deri@ntop.org> | 2020-05-06 21:57:32 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-05-06 21:57:32 +0200 |
| commit | 263547e77d87cbf5b8cc2af293b7fad8216c8c35 (patch) | |
| tree | a30a0b4171c1339e75bee4ed646b5888f3add11a | |
| parent | 86e34fbf6ded9329f1174cc1b7da4bb016613497 (diff) | |
Updated automa API to use 32 bit values splits from protocol/categpry
| -rw-r--r-- | src/include/ndpi_api.h.in | 8 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 39 | ||||
| -rw-r--r-- | src/lib/third_party/include/actypes.h | 4 | ||||
| -rw-r--r-- | tests/pcap/telegram.pcap | bin | 0 -> 361905 bytes | |||
| -rw-r--r-- | tests/result/telegram.pcap.out | 66 |
5 files changed, 96 insertions, 21 deletions
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in index a7453f2fb..e9bfab257 100644 --- a/src/include/ndpi_api.h.in +++ b/src/include/ndpi_api.h.in @@ -776,7 +776,7 @@ extern "C" { * @return 0 in case of no error, or -1 if an error occurred. * */ - int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num); + int ndpi_add_string_value_to_automa(void *_automa, char *str, u_int32_t num); /** * Add a string to match to an automata. Same as ndpi_add_string_value_to_automa() with num set to 1 @@ -818,12 +818,12 @@ extern "C" { u_int32_t daddr, ndpi_protocol *ret); int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_struct, - char *name, u_int name_len, u_int16_t *id); + char *name, u_int name_len, u_int32_t *id); void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol *ret); int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct, - char *name_or_ip, u_int name_len, u_int16_t *id); + char *name_or_ip, u_int name_len, u_int32_t *id); int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_mod, ndpi_detection_preference pref, int value); @@ -855,7 +855,7 @@ extern "C" { * @return 0 in case of match, or -1 if no match, or -2 if an error occurred. * */ - int ndpi_match_string_id(void *_automa, char *string_to_match, u_int match_len, u_int16_t *id); + int ndpi_match_string_id(void *_automa, char *string_to_match, u_int match_len, u_int32_t *id); /* Utility functions to set ndpi malloc/free/print wrappers */ void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e588fa939..9694d4775 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2195,7 +2195,9 @@ void *ndpi_init_automa(void) { return(ac_automata_init(ac_match_handler)); } -int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num) { +/* ****************************************************** */ + +int ndpi_add_string_value_to_automa(void *_automa, char *str, u_int32_t num) { AC_PATTERN_t ac_pattern; AC_AUTOMATA_t *automa = (AC_AUTOMATA_t *) _automa; AC_ERROR_t rc; @@ -2204,21 +2206,28 @@ int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num) return(-1); memset(&ac_pattern, 0, sizeof(ac_pattern)); - ac_pattern.astring = str; + ac_pattern.astring = str; ac_pattern.rep.number = num; - ac_pattern.length = strlen(ac_pattern.astring); + ac_pattern.length = strlen(ac_pattern.astring); rc = ac_automata_add(automa, &ac_pattern); return(rc == ACERR_SUCCESS || rc == ACERR_DUPLICATE_PATTERN ? 0 : -1); } +/* ****************************************************** */ + int ndpi_add_string_to_automa(void *_automa, char *str) { return(ndpi_add_string_value_to_automa(_automa, str, 1)); } +/* ****************************************************** */ + void ndpi_free_automa(void *_automa) { ac_automata_release((AC_AUTOMATA_t *) _automa, 0); } + +/* ****************************************************** */ + void ndpi_finalize_automa(void *_automa) { ac_automata_finalize((AC_AUTOMATA_t *) _automa); } @@ -2226,7 +2235,7 @@ void ndpi_finalize_automa(void *_automa) { /* ****************************************************** */ int ndpi_match_string(void *_automa, char *string_to_match) { - AC_REP_t match = {NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED}; + AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; AC_TEXT_t ac_input_text; AC_AUTOMATA_t *automa = (AC_AUTOMATA_t *) _automa; int rc; @@ -2250,10 +2259,10 @@ int ndpi_match_string(void *_automa, char *string_to_match) { /* ****************************************************** */ -int ndpi_match_string_id(void *_automa, char *string_to_match, u_int match_len, u_int16_t *id) { +int ndpi_match_string_id(void *_automa, char *string_to_match, u_int match_len, u_int32_t *id) { AC_TEXT_t ac_input_text; AC_AUTOMATA_t *automa = (AC_AUTOMATA_t *) _automa; - AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; + AC_REP_t match = { 0, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; int rc; *id = -1; @@ -2273,7 +2282,7 @@ int ndpi_match_string_id(void *_automa, char *string_to_match, u_int match_len, *id = rc ? match.number : NDPI_PROTOCOL_UNKNOWN; - return(*id != NDPI_PROTOCOL_UNKNOWN ? 0 : -1); + return((*id != 0 /* NDPI_PROTOCOL_UNKNOWN */) ? 0 : -1); } /* *********************************************** */ @@ -2282,7 +2291,7 @@ int ndpi_match_string_id(void *_automa, char *string_to_match, u_int match_len, static int hyperscanCustomEventHandler(unsigned int id, unsigned long long from, unsigned long long to, unsigned int flags, void *ctx) { - *((unsigned long *) ctx) = (unsigned long) id; + *((uonsigned long *) ctx) = (unsigned long) id; #ifdef DEBUG printf("[HS] Found category %u\n", id); @@ -2296,14 +2305,14 @@ static int hyperscanCustomEventHandler(unsigned int id, unsigned long long from, int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_str, char *name, u_int name_len, - u_int16_t *id) { + u_int32_t *id) { #ifdef HAVE_HYPERSCAN if(ndpi_str->custom_categories.hostnames == NULL) return(-1); else { hs_error_t rc; - *id = (unsigned long) -1; + *id = (u_int32_t) -1; rc = hs_scan(ndpi_str->custom_categories.hostnames->database, name, name_len, 0, ndpi_str->custom_categories.hostnames->scratch, hyperscanCustomEventHandler, id); @@ -2318,14 +2327,14 @@ int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_str, } #else return(ndpi_match_string_id(ndpi_str->custom_categories.hostnames.ac_automa, - name, name_len, id)); + name, name_len, id)); #endif } /* *********************************************** */ int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str, - char *name_or_ip, u_int name_len, u_int16_t *id) { + char *name_or_ip, u_int name_len, u_int32_t *id) { char ipbuf[64], *ptr; struct in_addr pin; u_int cp_len = ndpi_min(sizeof(ipbuf) - 1, name_len); @@ -4502,7 +4511,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_str, } if(flow->host_server_name[0] != '\0') { - u_int16_t id; + u_int32_t id; int rc = ndpi_match_custom_category(ndpi_str, (char *) flow->host_server_name, strlen((char *) flow->host_server_name), &id); @@ -4514,7 +4523,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_str, if(flow->l4.tcp.tls.hello_processed == 1 && flow->protos.stun_ssl.ssl.client_requested_server_name[0] != '\0') { - u_int16_t id; + u_int32_t id; int rc = ndpi_match_custom_category(ndpi_str, (char *) flow->protos.stun_ssl.ssl.client_requested_server_name, strlen(flow->protos.stun_ssl.ssl.client_requested_server_name), &id); @@ -6134,7 +6143,7 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_ ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id) { u_int16_t rc = ndpi_automa_match_string_subprotocol(ndpi_str, flow, string_to_match, string_to_match_len, master_protocol_id, ret_match, 1); - u_int16_t id = ret_match->protocol_category; + u_int32_t id = ret_match->protocol_category; if(ndpi_get_custom_category_match(ndpi_str, string_to_match, string_to_match_len, &id) != -1) { /* if(id != -1) */ { diff --git a/src/lib/third_party/include/actypes.h b/src/lib/third_party/include/actypes.h index 2308cd686..a76e91fe0 100644 --- a/src/lib/third_party/include/actypes.h +++ b/src/lib/third_party/include/actypes.h @@ -43,8 +43,8 @@ typedef char AC_ALPHABET_t; * union for this purpose. you can add your desired type in it. **/ typedef struct { - int number; - unsigned int category, breed; + u_int32_t number; + u_int16_t category, breed; } AC_REP_t; /* AC_PATTERN_t: diff --git a/tests/pcap/telegram.pcap b/tests/pcap/telegram.pcap Binary files differnew file mode 100644 index 000000000..4a9477c3a --- /dev/null +++ b/tests/pcap/telegram.pcap diff --git a/tests/result/telegram.pcap.out b/tests/result/telegram.pcap.out new file mode 100644 index 000000000..66acb9c9c --- /dev/null +++ b/tests/result/telegram.pcap.out @@ -0,0 +1,66 @@ +Unknown 304 72496 2 +DNS 10 1000 5 +MDNS 282 60976 9 +NetBIOS 3 276 1 +SSDP 15 2709 5 +SMBv1 1 243 1 +DHCP 13 4249 2 +ntop 5 496 2 +Dropbox 6 2228 3 +Google 6 5708 2 +Spotify 9 742 2 +OpenVPN 2 212 1 +Telegram 908 185304 12 +GoogleServices 2 186 1 + + 1 UDP 192.168.1.77:28150 <-> 91.108.8.1:533 [proto: 185/Telegram][cat: Chat/9][12 pkts/1272 bytes <-> 276 pkts/68136 bytes][Goodput ratio: 60/83][16.92 sec][bytes ratio: -0.963 (Download)][IAT c2s/s2c min/avg/max/stddev: 48/0 290/61 504/476 186/43][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/247 138/330 24/41][PLAIN TEXT (ByFasn)] + 2 UDP 192.168.1.77:28150 <-> 91.108.8.8:529 [proto: 185/Telegram][cat: Chat/9][285 pkts/65890 bytes <-> 13 pkts/1522 bytes][Goodput ratio: 82/64][16.92 sec][bytes ratio: 0.955 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/27 59/210 504/472 30/201][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 231/117 314/138 44/16][PLAIN TEXT (vVgwxH)] + 3 UDP [fe80::4ba:91a:7817:e318]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][120 pkts/27243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][58.59 sec][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17386/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 162/0 227/0 489/0 65/0][PLAIN TEXT (iTunes)] + 4 UDP 192.168.1.77:23174 <-> 91.108.8.7:521 [proto: 185/Telegram][cat: Chat/9][57 pkts/12266 bytes <-> 66 pkts/14180 bytes][Goodput ratio: 80/80][4.58 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 78/65 500/308 73/53][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 215/215 282/298 59/49][PLAIN TEXT (wNxr@g)] + 5 UDP 192.168.1.75:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][120 pkts/24843 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][58.59 sec][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17387/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 207/0 469/0 65/0][PLAIN TEXT (iTunes)] + 6 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][12 pkts/3852 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][54.99 sec][Host: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4886/0 4987/0 5017/0 36/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3] + 7 UDP 192.168.1.77:5353 -> 192.168.1.75:5353 [proto: 8/MDNS][cat: Network/14][9 pkts/2880 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][56.23 sec][_companion-link._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3480/0 7028/0 31577/0 9279/0][Pkt Len c2s/s2c min/avg/max/stddev: 320/0 320/0 320/0 0/0][PLAIN TEXT (companion)] + 8 UDP 192.168.1.77:50822 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][cat: Web/5][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Host: www.google.com][PLAIN TEXT (www.google.com)] + 9 UDP 192.168.1.77:61974 <-> 216.58.205.68:443 [proto: 188.126/QUIC.Google][cat: Web/5][2 pkts/1462 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.03 sec][Host: www.google.com][PLAIN TEXT (www.google.com)] + 10 UDP 192.168.1.77:28150 <-> 91.108.16.3:537 [proto: 185/Telegram][cat: Chat/9][13 pkts/1410 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 61/64][14.14 sec][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/27 368/1416 1577/10001 452/3058][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 108/115 138/138 25/15] + 11 UDP 192.168.1.77:28150 <-> 91.108.12.3:530 [proto: 185/Telegram][cat: Chat/9][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.12 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/17 407/439 1556/1278 452/379][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15] + 12 UDP 192.168.1.77:28150 <-> 91.108.12.5:537 [proto: 185/Telegram][cat: Chat/9][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.10 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/31 405/436 1542/1278 447/377][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15] + 13 UDP 192.168.1.77:28150 <-> 91.108.16.1:529 [proto: 185/Telegram][cat: Chat/9][12 pkts/1272 bytes <-> 12 pkts/1384 bytes][Goodput ratio: 60/64][14.14 sec][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 48/24 410/438 1583/1240 460/372][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/115 138/138 24/15] + 14 UDP 192.168.1.69:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][7 pkts/2471 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][58.39 sec][_spotify-connect._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1460/0 9731/0 48909/0 17522/0][Pkt Len c2s/s2c min/avg/max/stddev: 353/0 353/0 353/0 0/0][PLAIN TEXT (spotify)] + 15 UDP 192.168.1.77:23174 <-> 91.108.12.1:536 [proto: 185/Telegram][cat: Chat/9][10 pkts/1044 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 60/64][2.91 sec][bytes ratio: -0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/22 310/271 949/491 255/132][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 104/118 138/138 26/17] + 16 UDP 192.168.1.77:23174 <-> 91.108.12.5:523 [proto: 185/Telegram][cat: Chat/9][9 pkts/906 bytes <-> 12 pkts/1432 bytes][Goodput ratio: 58/65][2.89 sec][bytes ratio: -0.225 (Download)][IAT c2s/s2c min/avg/max/stddev: 133/38 355/239 930/492 265/124][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/119 138/138 24/17] + 17 UDP 192.168.1.77:23174 <-> 91.108.8.8:538 [proto: 185/Telegram][cat: Chat/9][9 pkts/906 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 58/64][2.71 sec][bytes ratio: -0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 135/42 358/279 839/492 229/118][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/118 138/138 24/17] + 18 UDP 192.168.1.77:23174 <-> 91.108.16.1:527 [proto: 185/Telegram][cat: Chat/9][9 pkts/906 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 58/64][3.00 sec][bytes ratio: -0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 135/38 358/295 984/509 285/138][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/118 138/138 24/17] + 19 UDP 192.168.1.77:23174 <-> 91.108.16.4:538 [proto: 185/Telegram][cat: Chat/9][9 pkts/906 bytes <-> 11 pkts/1294 bytes][Goodput ratio: 58/64][2.97 sec][bytes ratio: -0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 135/36 358/294 969/496 279/136][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 101/118 138/138 24/17] + 20 UDP 192.168.1.53:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][18 pkts/2072 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][58.39 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 434/0 3583/0 15377/0 4331/0][Pkt Len c2s/s2c min/avg/max/stddev: 87/0 115/0 238/0 39/0][PLAIN TEXT (spotify)] + 21 UDP 192.168.1.77:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1012 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][31.08 sec][PLAIN TEXT (version)] + 22 UDP 192.168.1.77:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1012 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][31.08 sec][PLAIN TEXT (version)] + 23 UDP [fe80::18a0:a412:8935:c01b]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][5 pkts/945 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][40.09 sec][PLAIN TEXT (homekit)] + 24 UDP 192.168.1.77:52127 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][4 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][3.00 sec][PLAIN TEXT (SEARCH )] + 25 UDP 192.168.1.53:56384 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][4 pkts/672 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.01 sec][PLAIN TEXT (SEARCH )] + 26 UDP 192.168.1.53:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Music/25][8 pkts/656 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][40.88 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1749/0 5840/0 21180/0 6407/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (fSpotUdp0)] + 27 UDP 192.168.1.75:57916 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][3 pkts/501 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][0.30 sec][PLAIN TEXT (SEARCH )] + 28 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/397 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (6.10.1)] + 29 UDP 192.168.1.53:50698 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/336 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][2.00 sec][PLAIN TEXT (SEARCH )] + 30 UDP 192.168.1.53:54306 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/336 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][2.00 sec][PLAIN TEXT (SEARCH )] + 31 UDP 192.168.1.77:5353 -> 192.168.1.53:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/320 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][_companion-link._tcp.local][PLAIN TEXT (companion)] + 32 UDP 192.168.1.77:54595 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][8.49 sec][Host: b._dns-sd._udp.ntop.org][::][PLAIN TEXT (postmaster)] + 33 UDP 192.168.1.77:52118 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/209 bytes][Goodput ratio: 43/80][0.01 sec][Host: in.appcenter.ms][20.44.78.251][PLAIN TEXT (appcenter)] + 34 UDP 192.168.1.77:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Host: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)] + 35 UDP 192.168.1.43:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Host: desktop-rb5t12g][PLAIN TEXT ( EEEFFDELFEEPFACNFCECDFFEDBDCEH)] + 36 UDP 192.168.1.77:23174 -> 87.11.205.195:60723 [proto: 159/OpenVPN][cat: VPN/2][2 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][1.50 sec] + 37 UDP 192.168.1.77:58615 <-> 192.168.1.1:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][1 pkts/81 bytes <-> 1 pkts/123 bytes][Goodput ratio: 48/65][0.03 sec][Host: telemetry.dropbox.com][162.125.19.9][PLAIN TEXT (telemetry)] + 38 UDP 192.168.1.77:49764 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/121 bytes][Goodput ratio: 42/65][0.05 sec][Host: dati.ntop.org][167.99.215.164][PLAIN TEXT (digitalocean)] + 39 UDP 192.168.1.77:47127 <-> 192.168.1.1:53 [proto: 5.239/DNS.GoogleServices][cat: Web/5][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.00 sec][Host: www.googletagservices.com][192.168.1.157][PLAIN TEXT (googletagservices)] + 40 UDP 192.168.1.77:49533 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.01 sec][Host: e4518.dscx.akamaiedge.net][92.122.246.223][PLAIN TEXT (akamaiedge)] + 41 UDP 192.168.1.77:61120 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.01 sec][Host: e4518.dscx.akamaiedge.net][92.122.246.223][PLAIN TEXT (akamaiedge)] + 42 UDP 192.168.1.77:61631 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/100 bytes][Goodput ratio: 49/57][0.01 sec][Host: e7047.e12.akamaiedge.net][92.122.247.92][PLAIN TEXT (akamaiedge)] + 43 UDP 192.168.1.77:5812 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.00 sec][Host: pixel.wp.com][192.168.1.157] + 44 UDP [fe80::4dc:edec:5b0c:a661]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/111 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][PLAIN TEXT (airplay)] + 45 UDP 192.168.1.52:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][PLAIN TEXT (airplay)] + 46 UDP 192.168.1.77:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)] + + +Undetected flows: + 1 UDP 192.168.1.77:23174 <-> 192.168.1.52:31480 [proto: 0/Unknown][148 pkts/36776 bytes <-> 153 pkts/35418 bytes][Goodput ratio: 83/82][12.14 sec][bytes ratio: 0.019 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 57/42 71/82 1175/1681 105/157][Pkt Len c2s/s2c min/avg/max/stddev: 90/90 248/231 298/314 27/30][PLAIN TEXT (@XL/TB)] + 2 UDP 192.168.1.77:28150 -> 87.11.205.195:59772 [proto: 0/Unknown][3 pkts/302 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][11.00 sec] |