diff options
| author | Luca Deri <deri@ntop.org> | 2025-01-24 22:21:04 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2025-01-24 22:21:04 +0100 |
| commit | 2bf8dbf40f2368e14193a6c47d9debb8034f9e66 (patch) | |
| tree | 8d2cef8479b3a998e4c290e886f86e8e9ed7fac1 | |
| parent | 1315b36755da05795b4e169a566f8099aca80d1b (diff) | |
Added health category
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 9 | ||||
| -rw-r--r-- | tests/cfgs/default/result/dicom.pcap.out | 8 | ||||
| -rw-r--r-- | tests/cfgs/default/result/hl7.pcap.out | 6 |
4 files changed, 13 insertions, 12 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 861e04094..fbab4714f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1117,7 +1117,7 @@ typedef enum { /* Gambling websites */ NDPI_PROTOCOL_CATEGORY_GAMBLING = 107, - + NDPI_PROTOCOL_CATEGORY_HEALTH, /* IMPORTANT diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e7015ed8e..e95f8a047 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2236,11 +2236,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_a, 4059, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 4059, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HL7, - "HL7", NDPI_PROTOCOL_CATEGORY_IOT_SCADA, + "HL7", NDPI_PROTOCOL_CATEGORY_HEALTH, ndpi_build_default_ports(ports_a, 2575, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DICOM, - "DICOM", NDPI_PROTOCOL_CATEGORY_IOT_SCADA, + "DICOM", NDPI_PROTOCOL_CATEGORY_HEALTH, ndpi_build_default_ports(ports_a, 104, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CEPH, @@ -3213,7 +3213,7 @@ void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi /* ****************************************** */ /* Keep it in order and in sync with ndpi_protocol_category_t in ndpi_typedefs.h */ -static const char *categories[] = { +static const char *categories[NDPI_PROTOCOL_NUM_CATEGORIES] = { "Unspecified", "Media", "VPN", @@ -3321,7 +3321,8 @@ static const char *categories[] = { "Allowed_Site", "Antimalware", "Crypto_Currency", - "Gambling" + "Gambling", + "Health" }; #if !defined(NDPI_CFFI_PREPROCESSING) && defined(__linux__) diff --git a/tests/cfgs/default/result/dicom.pcap.out b/tests/cfgs/default/result/dicom.pcap.out index 0fc1bc364..426c53860 100644 --- a/tests/cfgs/default/result/dicom.pcap.out +++ b/tests/cfgs/default/result/dicom.pcap.out @@ -24,7 +24,7 @@ DICOM 6 34720 4 Acceptable 6 34720 4 - 1 TCP 127.0.0.1:49541 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver testclient )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 2 TCP 127.0.0.1:52180 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver testclient )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 3 TCP 127.0.0.1:49531 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/739 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver testclient )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 127.0.0.1:52228 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/739 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (remote bogus)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 127.0.0.1:49541 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver testclient )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 2 TCP 127.0.0.1:52180 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver testclient )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 3 TCP 127.0.0.1:49531 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][1 pkts/739 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver testclient )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 127.0.0.1:52228 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][1 pkts/739 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (remote bogus)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/hl7.pcap.out b/tests/cfgs/default/result/hl7.pcap.out index 4a8225268..e99d3bfcb 100644 --- a/tests/cfgs/default/result/hl7.pcap.out +++ b/tests/cfgs/default/result/hl7.pcap.out @@ -24,6 +24,6 @@ HL7 47 7319 3 Acceptable 47 7319 3 - 1 TCP 10.0.0.155:49242 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: IoT-Scada/31][15 pkts/2331 bytes <-> 12 pkts/1188 bytes][Goodput ratio: 61/42][0.04 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 31/11 9/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 155/99 531/222 188/71][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SENDING)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 10.0.0.155:49252 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][6 pkts/2133 bytes <-> 5 pkts/404 bytes][Goodput ratio: 83/30][0.03 sec][bytes ratio: 0.682 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 6/8 20/15 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 356/81 1514/176 530/48][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] - 3 TCP 10.0.0.155:49250 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][5 pkts/913 bytes <-> 4 pkts/350 bytes][Goodput ratio: 67/35][0.02 sec][bytes ratio: 0.446 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 4/9 17/14 7/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 183/88 667/176 242/51][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 10.0.0.155:49242 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Health/108][15 pkts/2331 bytes <-> 12 pkts/1188 bytes][Goodput ratio: 61/42][0.04 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 31/11 9/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 155/99 531/222 188/71][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SENDING)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 10.0.0.155:49252 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Health/108][6 pkts/2133 bytes <-> 5 pkts/404 bytes][Goodput ratio: 83/30][0.03 sec][bytes ratio: 0.682 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 6/8 20/15 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 356/81 1514/176 530/48][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] + 3 TCP 10.0.0.155:49250 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Health/108][5 pkts/913 bytes <-> 4 pkts/350 bytes][Goodput ratio: 67/35][0.02 sec][bytes ratio: 0.446 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 4/9 17/14 7/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 183/88 667/176 242/51][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |