+ NDPI_PROTOCOL_MERAKI_CLOUD = 66,

+void init_merakicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);

+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MERAKI_CLOUD,

+ "MerakiCloud", NDPI_PROTOCOL_CATEGORY_NETWORK,

+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);

+ /* Meraki Cloud */

+ init_merakicloud_dissector(ndpi_str, &a);

+

+ NDPI_LOG_DBG(ndpi_struct, "Search bittorrent\n");

+

+ if(packet->payload_packet_len >= 20 /* min header size */) {

+ if (flow->packet_counter >= 5)

+ NDPI_EXCLUDE_PROTO(ndpi_struct, flow);

+ return;

+ NDPI_EXCLUDE_PROTO(ndpi_struct, flow);

+ return;

+ "xmlns='http://jabber.org/protocol/", packet->payload_packet_len) != NULL)

+

+ NDPI_EXCLUDE_PROTO(ndpi_struct, flow);

+ return;

+ if(flow->l4.udp.line_pkts[0] >= 4 && flow->l4.udp.line_pkts[1] >= 4) {

+ /* To avoid false positives: usually "base pkt numbers" per-direction are different */

+ if(flow->l4.udp.line_base_cnt[0] != flow->l4.udp.line_base_cnt[1])

+ ndpi_int_line_add_connection(ndpi_struct, flow);

+ else

+ NDPI_EXCLUDE_PROTO(ndpi_struct, flow);

+ }

+/*

+ * merakicloud.c

+ *

+ * Copyright (C) 2011-23 - ntop.org

+ *

+ * nDPI is free software: you can redistribute it and/or modify

+ * it under the terms of the GNU Lesser General Public License as published by

+ * the Free Software Foundation, either version 3 of the License, or

+ * (at your option) any later version.

+ *

+ * nDPI is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+ * GNU Lesser General Public License for more details.

+ *

+ * You should have received a copy of the GNU Lesser General Public License

+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.

+ *

+ */

+

+#include "ndpi_protocol_ids.h"

+

+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MERAKI_CLOUD

+

+#include "ndpi_api.h"

+

+static void ndpi_int_merakicloud_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,

+ struct ndpi_flow_struct * const flow)

+{

+ NDPI_LOG_INFO(ndpi_struct, "found MerakiCloud\n");

+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MERAKI_CLOUD,

+ NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);

+}

+

+static void ndpi_search_merakicloud(struct ndpi_detection_module_struct *ndpi_struct,

+ struct ndpi_flow_struct *flow)

+{

+ struct ndpi_packet_struct * const packet = &ndpi_struct->packet;

+

+ NDPI_LOG_DBG(ndpi_struct, "search MerakiCloud\n");

+

+ if((flow->c_port == ntohs(7351) || flow->s_port == ntohs(7351)) &&

+ packet->payload_packet_len > 4 &&

+ get_u_int32_t(packet->payload, 0) == ntohl(0xfef72891)) {

+ ndpi_int_merakicloud_add_connection(ndpi_struct, flow);

+ return;

+ }

+ NDPI_EXCLUDE_PROTO(ndpi_struct, flow);

+}

+

+void init_merakicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct,

+ u_int32_t *id)

+{

+ ndpi_set_bitmask_protocol_detection("MerakiCloud", ndpi_struct, *id,

+ NDPI_PROTOCOL_MERAKI_CLOUD,

+ ndpi_search_merakicloud,

+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,

+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,

+ ADD_TO_DETECTION_BITMASK);

+

+ *id += 1;

+}

+Num dissector calls: 4403 (22.35 diss/flow)

+Num dissector calls: 174 (174.00 diss/flow)

+Num dissector calls: 120 (120.00 diss/flow)

+Num dissector calls: 4242 (136.84 diss/flow)

+Num dissector calls: 592 (15.58 diss/flow)

+Num dissector calls: 810 (40.50 diss/flow)

+Num dissector calls: 326 (326.00 diss/flow)

+Num dissector calls: 368 (122.67 diss/flow)

+Num dissector calls: 874 (12.67 diss/flow)

+Num dissector calls: 328 (164.00 diss/flow)

+Num dissector calls: 392 (49.00 diss/flow)

+Num dissector calls: 105 (105.00 diss/flow)

+Guessed flow protos: 0

+

+DPI Packets (UDP): 3 (3.00 pkts/flow)

+Confidence DPI : 1 (flows)

+Num dissector calls: 142 (142.00 diss/flow)

+LRU cache ookla: 0/0/0 (insert/search/found)

+LRU cache bittorrent: 0/0/0 (insert/search/found)

+LRU cache zoom: 0/0/0 (insert/search/found)

+LRU cache stun: 0/0/0 (insert/search/found)

+LRU cache tls_cert: 0/0/0 (insert/search/found)

+LRU cache mining: 0/0/0 (insert/search/found)

+LRU cache msteams: 0/0/0 (insert/search/found)

+LRU cache stun_zoom: 0/0/0 (insert/search/found)

+Automa host: 0/0 (search/found)

+Automa domain: 0/0 (search/found)

+Automa tls cert: 0/0 (search/found)

+Automa risk mask: 0/0 (search/found)

+Automa common alpns: 0/0 (search/found)

+Patricia risk mask: 2/0 (search/found)

+Patricia risk: 2/0 (search/found)

+Patricia protocols: 2/1 (search/found)

+

+Discord 40 4040 1

+

+ 1 UDP 66.22.242.132:50001 <-> 5.36.141.228:54935 [VLAN: 1][proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][30 pkts/3110 bytes <-> 10 pkts/930 bytes][Goodput ratio: 43/37][24.00 sec][bytes ratio: 0.540 (Upload)][IAT c2s/s2c min/avg/max/stddev: 42/77 846/1740 1000/4217 343/1555][Pkt Len c2s/s2c min/avg/max/stddev: 72/68 104/93 110/118 14/25][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

+Num dissector calls: 182 (30.33 diss/flow)

+Num dissector calls: 145 (145.00 diss/flow)

+Num dissector calls: 144 (144.00 diss/flow)

+Num dissector calls: 606 (202.00 diss/flow)

+Num dissector calls: 144 (144.00 diss/flow)

+Num dissector calls: 5334 (21.25 diss/flow)

+Num dissector calls: 924 (23.10 diss/flow)

+Num dissector calls: 1741 (22.61 diss/flow)

+Num dissector calls: 65634 (86.36 diss/flow)

+Num dissector calls: 204 (204.00 diss/flow)

+Num dissector calls: 388 (129.33 diss/flow)

+Num dissector calls: 143 (9.53 diss/flow)

+Num dissector calls: 192 (192.00 diss/flow)

+Num dissector calls: 192 (192.00 diss/flow)

+Num dissector calls: 282 (141.00 diss/flow)

+Num dissector calls: 1765 (46.45 diss/flow)

+Num dissector calls: 345 (6.76 diss/flow)

+Num dissector calls: 150 (150.00 diss/flow)

+Num dissector calls: 3712 (103.11 diss/flow)

+Num dissector calls: 314 (39.25 diss/flow)

+Num dissector calls: 710 (142.00 diss/flow)

+Guessed flow protos: 1

+

+DPI Packets (UDP): 25 (25.00 pkts/flow)

+Confidence Unknown : 1 (flows)

+Num dissector calls: 296 (296.00 diss/flow)

+LRU cache ookla: 0/0/0 (insert/search/found)

+LRU cache bittorrent: 0/3/0 (insert/search/found)

+LRU cache zoom: 0/0/0 (insert/search/found)

+LRU cache stun: 0/0/0 (insert/search/found)

+LRU cache tls_cert: 0/0/0 (insert/search/found)

+LRU cache mining: 0/1/0 (insert/search/found)

+LRU cache msteams: 0/0/0 (insert/search/found)

+LRU cache stun_zoom: 0/1/0 (insert/search/found)

+Automa host: 0/0 (search/found)

+Automa domain: 0/0 (search/found)

+Automa tls cert: 0/0 (search/found)

+Automa risk mask: 0/0 (search/found)

+Automa common alpns: 0/0 (search/found)

+Patricia risk mask: 2/0 (search/found)

+Patricia risk: 0/0 (search/found)

+Patricia protocols: 2/0 (search/found)

+

+Unknown 42 16442 1

+

+

+

+Undetected flows:

+ 1 UDP 10.13.129.30:56295 <-> 10.10.214.6:5093 [VLAN: 265][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][21 pkts/5987 bytes <-> 21 pkts/10455 bytes][Goodput ratio: 82/90][150.38 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 14/13 7519/7518 120047/120047 29055/29055][Pkt Len c2s/s2c min/avg/max/stddev: 191/298 285/498 473/732 130/147][PLAIN TEXT (L@AERgX)][Plen Bins: 0,0,0,0,33,0,0,16,0,0,0,0,0,16,0,0,28,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

+Num dissector calls: 412 (58.86 diss/flow)

+Num dissector calls: 1216 (101.33 diss/flow)

+Guessed flow protos: 0

+

+DPI Packets (UDP): 1 (1.00 pkts/flow)

+Confidence DPI : 1 (flows)

+Num dissector calls: 105 (105.00 diss/flow)

+LRU cache ookla: 0/0/0 (insert/search/found)

+LRU cache bittorrent: 0/0/0 (insert/search/found)

+LRU cache zoom: 0/0/0 (insert/search/found)

+LRU cache stun: 0/0/0 (insert/search/found)

+LRU cache tls_cert: 0/0/0 (insert/search/found)

+LRU cache mining: 0/0/0 (insert/search/found)

+LRU cache msteams: 0/0/0 (insert/search/found)

+LRU cache stun_zoom: 0/0/0 (insert/search/found)

+Automa host: 0/0 (search/found)

+Automa domain: 0/0 (search/found)

+Automa tls cert: 0/0 (search/found)

+Automa risk mask: 0/0 (search/found)

+Automa common alpns: 0/0 (search/found)

+Patricia risk mask: 2/0 (search/found)

+Patricia risk: 2/0 (search/found)

+Patricia protocols: 2/0 (search/found)

+

+MerakiCloud 44 6049 1

+

+ 1 UDP 2.36.234.133:47301 <-> 209.206.59.34:7351 [proto: 66/MerakiCloud][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][22 pkts/3603 bytes <-> 22 pkts/2446 bytes][Goodput ratio: 74/62][400.21 sec][bytes ratio: 0.191 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 198/199 19165/19166 25000/25010 10520/10521][Pkt Len c2s/s2c min/avg/max/stddev: 154/88 164/111 197/190 18/43][Plen Bins: 0,38,0,38,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

+Num dissector calls: 397 (397.00 diss/flow)

+Num dissector calls: 276 (23.00 diss/flow)

+Num dissector calls: 1753 (125.21 diss/flow)

+Num dissector calls: 1255 (59.76 diss/flow)

+Num dissector calls: 123 (123.00 diss/flow)

+Num dissector calls: 384 (128.00 diss/flow)

+Num dissector calls: 278 (278.00 diss/flow)

+Num dissector calls: 169 (169.00 diss/flow)

+Num dissector calls: 219 (219.00 diss/flow)

+Num dissector calls: 5739 (53.64 diss/flow)

+Num dissector calls: 209 (20.90 diss/flow)

+Num dissector calls: 184 (92.00 diss/flow)

+Num dissector calls: 199 (199.00 diss/flow)

+Num dissector calls: 311 (311.00 diss/flow)

+Num dissector calls: 249 (249.00 diss/flow)

+Num dissector calls: 284 (142.00 diss/flow)

+Num dissector calls: 162 (162.00 diss/flow)

+Num dissector calls: 145 (145.00 diss/flow)

+Num dissector calls: 106 (106.00 diss/flow)

+Num dissector calls: 209 (209.00 diss/flow)

+Num dissector calls: 26899 (91.81 diss/flow)

+Num dissector calls: 22405 (83.91 diss/flow)

+Num dissector calls: 145 (145.00 diss/flow)

+Num dissector calls: 147 (147.00 diss/flow)

+Num dissector calls: 143 (71.50 diss/flow)

+Num dissector calls: 186 (186.00 diss/flow)

+Num dissector calls: 357 (119.00 diss/flow)

+Num dissector calls: 451 (150.33 diss/flow)

+Num dissector calls: 1411 (27.13 diss/flow)

+Num dissector calls: 569 (142.25 diss/flow)

+Num dissector calls: 2270 (98.70 diss/flow)

+Num dissector calls: 1578 (32.88 diss/flow)

+Num dissector calls: 144 (144.00 diss/flow)

+Num dissector calls: 1186 (197.67 diss/flow)

+Num dissector calls: 496 (124.00 diss/flow)

+Num dissector calls: 565 (16.14 diss/flow)

+Num dissector calls: 397 (397.00 diss/flow)

+Num dissector calls: 437 (20.81 diss/flow)

+Num dissector calls: 515 (17.76 diss/flow)

+Num dissector calls: 244 (122.00 diss/flow)

+Num dissector calls: 491 (35.07 diss/flow)

+Num dissector calls: 337 (10.21 diss/flow)

+Num dissector calls: 316 (5.54 diss/flow)

+Num dissector calls: 564 (12.82 diss/flow)

+Num dissector calls: 11868 (138.00 diss/flow)

+Num dissector calls: 175 (58.33 diss/flow)

+Num dissector calls: 145 (145.00 diss/flow)

+Num dissector calls: 445 (222.50 diss/flow)

+Num dissector calls: 650 (19.70 diss/flow)

+Num dissector calls: 479 (95.80 diss/flow)

+Num dissector calls: 1083 (90.25 diss/flow)

+ <ClCompile Include="..\src\lib\protocols\merakicloud.c" />

+ <ClCompile Include="..\src\lib\protocols\merakicloud.c" />