diff options
| author | Luca Deri <deri@ntop.org> | 2025-01-17 18:26:27 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2025-01-17 18:26:27 +0100 |
| commit | 511228d36d6ef4f3a190d0eaaa67f1596ef69fcb (patch) | |
| tree | d8aeb87d15d67a7ff867f6800ab9b63ccc540fb1 | |
| parent | 9a5533d796502ee093b302be81d681f5589674d5 (diff) | |
Added DigitalOcean protocol
28 files changed, 1311 insertions, 92 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index a679f6c62..181a8c6b4 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -470,6 +470,7 @@ typedef enum { NDPI_PROTOCOL_PARAMOUNTPLUS = 439, NDPI_PROTOCOL_YANDEX_ALICE = 440, NDPI_PROTOCOL_VIVOX = 441, + NDPI_PROTOCOL_DIGITALOCEAN = 442, #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h" diff --git a/src/lib/inc_generated/ndpi_digitalocean_match.c.inc b/src/lib/inc_generated/ndpi_digitalocean_match.c.inc new file mode 100644 index 000000000..213410308 --- /dev/null +++ b/src/lib/inc_generated/ndpi_digitalocean_match.c.inc @@ -0,0 +1,1181 @@ +/* + * + * This file is generated automatically and part of nDPI + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/* ****************************************************** */ + + +static ndpi_network ndpi_protocol_digitalocean_protocol_list[] = { + { 0x05656000 /* 5.101.96.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x05656800 /* 5.101.104.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18904000 /* 24.144.64.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18904400 /* 24.144.68.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18904C00 /* 24.144.76.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18905000 /* 24.144.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18906000 /* 24.144.96.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18C74000 /* 24.199.64.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18C74400 /* 24.199.68.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18C74800 /* 24.199.72.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18C75000 /* 24.199.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18C76000 /* 24.199.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x18C77000 /* 24.199.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x258B0000 /* 37.139.0.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D370000 /* 45.55.0.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D372000 /* 45.55.32.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D374000 /* 45.55.64.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D376000 /* 45.55.96.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D376400 /* 45.55.100.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D376800 /* 45.55.104.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D376C00 /* 45.55.108.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D377000 /* 45.55.112.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D377400 /* 45.55.116.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D377800 /* 45.55.120.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D377C00 /* 45.55.124.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D378000 /* 45.55.128.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2D37C000 /* 45.55.192.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2E650000 /* 46.101.0.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2E654000 /* 46.101.64.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2E654400 /* 46.101.68.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2E654800 /* 46.101.72.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2E655000 /* 46.101.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2E656000 /* 46.101.96.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x2E658000 /* 46.101.128.0/17 */, 17, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40178000 /* 64.23.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40179000 /* 64.23.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x4017A000 /* 64.23.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x4017B000 /* 64.23.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x4017C000 /* 64.23.192.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x4017E000 /* 64.23.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x4017F000 /* 64.23.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E10000 /* 64.225.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E11000 /* 64.225.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E12000 /* 64.225.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E13000 /* 64.225.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E14000 /* 64.225.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E15000 /* 64.225.80.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E15400 /* 64.225.84.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E15800 /* 64.225.88.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E15C00 /* 64.225.92.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E16000 /* 64.225.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E17000 /* 64.225.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E24000 /* 64.226.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E25000 /* 64.226.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E26000 /* 64.226.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E27000 /* 64.226.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E30000 /* 64.227.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E31000 /* 64.227.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E32000 /* 64.227.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E33000 /* 64.227.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E34000 /* 64.227.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E35000 /* 64.227.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E36000 /* 64.227.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E37000 /* 64.227.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E38000 /* 64.227.128.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E3A000 /* 64.227.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x40E3B000 /* 64.227.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x43CD8000 /* 67.205.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x43CD9000 /* 67.205.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x43CDA000 /* 67.205.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x43CDB000 /* 67.205.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x43CF4400 /* 67.207.68.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x43CF4800 /* 67.207.72.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x43CF4C00 /* 67.207.76.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x43CF5000 /* 67.207.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B70000 /* 68.183.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B71000 /* 68.183.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B72000 /* 68.183.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B73000 /* 68.183.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B74000 /* 68.183.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B75000 /* 68.183.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B76000 /* 68.183.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B77000 /* 68.183.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B78000 /* 68.183.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B79000 /* 68.183.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B7A000 /* 68.183.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B7B000 /* 68.183.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B7C000 /* 68.183.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B7D000 /* 68.183.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B7E000 /* 68.183.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B7F000 /* 68.183.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B7F400 /* 68.183.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B7F800 /* 68.183.248.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x44B7FC00 /* 68.183.252.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373100 /* 69.55.49.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373600 /* 69.55.54.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373700 /* 69.55.55.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373B40 /* 69.55.59.64/26 */, 26, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373B80 /* 69.55.59.128/26 */, 26, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373BC0 /* 69.55.59.192/27 */, 27, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373C60 /* 69.55.60.96/27 */, 27, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373C80 /* 69.55.60.128/26 */, 26, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373D40 /* 69.55.61.64/26 */, 26, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x45373E00 /* 69.55.62.0/26 */, 26, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x50F08000 /* 80.240.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x52C40000 /* 82.196.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550100 /* 95.85.1.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550200 /* 95.85.2.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550300 /* 95.85.3.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550400 /* 95.85.4.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550500 /* 95.85.5.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550600 /* 95.85.6.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550700 /* 95.85.7.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550800 /* 95.85.8.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550900 /* 95.85.9.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550A00 /* 95.85.10.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550B00 /* 95.85.11.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550C00 /* 95.85.12.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550D00 /* 95.85.13.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550E00 /* 95.85.14.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F550F00 /* 95.85.15.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551000 /* 95.85.16.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551100 /* 95.85.17.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551200 /* 95.85.18.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551300 /* 95.85.19.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551400 /* 95.85.20.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551500 /* 95.85.21.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551600 /* 95.85.22.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551700 /* 95.85.23.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551800 /* 95.85.24.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551900 /* 95.85.25.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551A00 /* 95.85.26.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551B00 /* 95.85.27.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551C00 /* 95.85.28.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551D00 /* 95.85.29.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551E00 /* 95.85.30.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F551F00 /* 95.85.31.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552000 /* 95.85.32.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552100 /* 95.85.33.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552200 /* 95.85.34.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552300 /* 95.85.35.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552400 /* 95.85.36.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552500 /* 95.85.37.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552600 /* 95.85.38.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552700 /* 95.85.39.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552800 /* 95.85.40.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552900 /* 95.85.41.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552A00 /* 95.85.42.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552B00 /* 95.85.43.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552C00 /* 95.85.44.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552D00 /* 95.85.45.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552E00 /* 95.85.46.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F552F00 /* 95.85.47.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553000 /* 95.85.48.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553100 /* 95.85.49.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553200 /* 95.85.50.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553300 /* 95.85.51.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553400 /* 95.85.52.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553500 /* 95.85.53.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553600 /* 95.85.54.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553700 /* 95.85.55.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553800 /* 95.85.56.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553900 /* 95.85.57.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553A00 /* 95.85.58.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553B00 /* 95.85.59.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553C00 /* 95.85.60.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553D00 /* 95.85.61.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553E00 /* 95.85.62.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x5F553F00 /* 95.85.63.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x67FD9100 /* 103.253.145.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x67FD9200 /* 103.253.146.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x67FD9300 /* 103.253.147.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68830000 /* 104.131.0.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68834000 /* 104.131.64.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68838000 /* 104.131.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68839000 /* 104.131.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6883A000 /* 104.131.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6883B000 /* 104.131.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6883C000 /* 104.131.192.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6883E000 /* 104.131.224.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68EC0000 /* 104.236.0.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68EC4000 /* 104.236.64.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68EC8000 /* 104.236.128.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68ECC000 /* 104.236.192.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F80000 /* 104.248.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F81000 /* 104.248.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F82000 /* 104.248.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F83000 /* 104.248.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F84000 /* 104.248.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F85000 /* 104.248.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F86000 /* 104.248.96.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F86400 /* 104.248.100.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F86800 /* 104.248.104.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F86C00 /* 104.248.108.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F87000 /* 104.248.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F88000 /* 104.248.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F89000 /* 104.248.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F8A000 /* 104.248.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F8B000 /* 104.248.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F8C000 /* 104.248.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F8D000 /* 104.248.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F8E000 /* 104.248.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x68F8F000 /* 104.248.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAA0000 /* 107.170.0.0/17 */, 17, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAA8000 /* 107.170.128.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAA000 /* 107.170.160.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAC000 /* 107.170.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAD000 /* 107.170.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE000 /* 107.170.224.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE100 /* 107.170.225.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE200 /* 107.170.226.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE300 /* 107.170.227.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE400 /* 107.170.228.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE500 /* 107.170.229.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE600 /* 107.170.230.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE700 /* 107.170.231.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE800 /* 107.170.232.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAE900 /* 107.170.233.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAEA00 /* 107.170.234.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAEB00 /* 107.170.235.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAEC00 /* 107.170.236.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAED00 /* 107.170.237.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAEE00 /* 107.170.238.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAEF00 /* 107.170.239.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF000 /* 107.170.240.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF100 /* 107.170.241.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF200 /* 107.170.242.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF300 /* 107.170.243.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF400 /* 107.170.244.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF500 /* 107.170.245.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF600 /* 107.170.246.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF700 /* 107.170.247.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF800 /* 107.170.248.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAF900 /* 107.170.249.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAFA00 /* 107.170.250.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAFB00 /* 107.170.251.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAFC00 /* 107.170.252.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAFD00 /* 107.170.253.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAFE00 /* 107.170.254.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x6BAAFF00 /* 107.170.255.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x80C70000 /* 128.199.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x80C71000 /* 128.199.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x80C72000 /* 128.199.32.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x80C74000 /* 128.199.64.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x80C78000 /* 128.199.128.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x80C7C000 /* 128.199.192.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x867A0000 /* 134.122.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x867A1000 /* 134.122.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x867A2000 /* 134.122.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x867A3000 /* 134.122.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x867A4000 /* 134.122.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x867A5000 /* 134.122.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x867A6000 /* 134.122.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x867A7000 /* 134.122.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D10000 /* 134.209.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D11000 /* 134.209.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D12000 /* 134.209.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D13000 /* 134.209.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D14000 /* 134.209.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D15000 /* 134.209.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D16000 /* 134.209.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D17000 /* 134.209.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D18000 /* 134.209.128.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D18400 /* 134.209.132.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D18800 /* 134.209.136.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D18C00 /* 134.209.140.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D19000 /* 134.209.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D1A000 /* 134.209.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D1B000 /* 134.209.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D1C000 /* 134.209.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D1D000 /* 134.209.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D1E000 /* 134.209.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x86D1F000 /* 134.209.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B80000 /* 137.184.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B81000 /* 137.184.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B82000 /* 137.184.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B83000 /* 137.184.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B84000 /* 137.184.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B85000 /* 137.184.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B86000 /* 137.184.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B87000 /* 137.184.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B88000 /* 137.184.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B89000 /* 137.184.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8A000 /* 137.184.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8B000 /* 137.184.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8C000 /* 137.184.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8D000 /* 137.184.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8E000 /* 137.184.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8F000 /* 137.184.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8F400 /* 137.184.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8F800 /* 137.184.248.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8FE00 /* 137.184.254.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x89B8FF00 /* 137.184.255.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A440000 /* 138.68.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A441000 /* 138.68.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A442400 /* 138.68.36.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A442800 /* 138.68.40.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A443000 /* 138.68.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A444000 /* 138.68.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A445000 /* 138.68.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A446000 /* 138.68.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A447000 /* 138.68.112.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A447400 /* 138.68.116.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A447800 /* 138.68.120.0/23 */, 23, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A447A00 /* 138.68.122.0/23 */, 23, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A447C00 /* 138.68.124.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A448000 /* 138.68.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A449000 /* 138.68.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A44A000 /* 138.68.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A44B000 /* 138.68.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A44C000 /* 138.68.192.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A44C400 /* 138.68.196.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A44C800 /* 138.68.200.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A44CC00 /* 138.68.204.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A44D000 /* 138.68.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A44E000 /* 138.68.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8A44F000 /* 138.68.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC50000 /* 138.197.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC51000 /* 138.197.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC52000 /* 138.197.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC53000 /* 138.197.48.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC53400 /* 138.197.52.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC53800 /* 138.197.56.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC53C00 /* 138.197.60.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC54000 /* 138.197.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC55000 /* 138.197.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC56000 /* 138.197.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC57000 /* 138.197.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC58000 /* 138.197.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC59000 /* 138.197.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5A000 /* 138.197.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5B000 /* 138.197.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5C000 /* 138.197.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5D000 /* 138.197.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5E000 /* 138.197.224.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5E400 /* 138.197.228.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5E800 /* 138.197.232.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5EC00 /* 138.197.236.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5F000 /* 138.197.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8AC5FC00 /* 138.197.252.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B0000 /* 139.59.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B1000 /* 139.59.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B2000 /* 139.59.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B3000 /* 139.59.48.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B3400 /* 139.59.52.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B3800 /* 139.59.56.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B4000 /* 139.59.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B5000 /* 139.59.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B6000 /* 139.59.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B7000 /* 139.59.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3B8000 /* 139.59.128.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BA000 /* 139.59.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BB000 /* 139.59.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BC000 /* 139.59.192.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BC400 /* 139.59.196.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BC800 /* 139.59.200.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BCC00 /* 139.59.204.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BD000 /* 139.59.208.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BD800 /* 139.59.216.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BDC00 /* 139.59.220.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BE000 /* 139.59.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8B3BF000 /* 139.59.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8D00A900 /* 141.0.169.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8D00AA00 /* 141.0.170.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D0000 /* 142.93.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D1000 /* 142.93.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D2000 /* 142.93.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D3000 /* 142.93.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D4000 /* 142.93.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D5000 /* 142.93.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D6000 /* 142.93.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D7000 /* 142.93.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D8000 /* 142.93.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5D9000 /* 142.93.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5DA000 /* 142.93.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5DB000 /* 142.93.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5DC000 /* 142.93.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5DD000 /* 142.93.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5DE000 /* 142.93.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8E5DF000 /* 142.93.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8F6E8000 /* 143.110.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8F6E9000 /* 143.110.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8F6EA000 /* 143.110.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8F6EB000 /* 143.110.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8F6EC000 /* 143.110.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8F6ED000 /* 143.110.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8F6EE000 /* 143.110.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8F6EF000 /* 143.110.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC60000 /* 143.198.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC61000 /* 143.198.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC62000 /* 143.198.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC63000 /* 143.198.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC64000 /* 143.198.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC65000 /* 143.198.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC66000 /* 143.198.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC67000 /* 143.198.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC68000 /* 143.198.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC69000 /* 143.198.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC6A000 /* 143.198.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC6B000 /* 143.198.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC6C000 /* 143.198.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC6D000 /* 143.198.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC6E000 /* 143.198.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC6F000 /* 143.198.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC6F400 /* 143.198.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FC6F800 /* 143.198.248.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF48000 /* 143.244.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF49000 /* 143.244.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF4A000 /* 143.244.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF4B000 /* 143.244.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF4C400 /* 143.244.196.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF4C800 /* 143.244.200.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF4CC00 /* 143.244.204.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF4D000 /* 143.244.208.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF4D400 /* 143.244.212.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF4DA00 /* 143.244.218.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x8FF4DC00 /* 143.244.220.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x907EC000 /* 144.126.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x907ED000 /* 144.126.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x907EE000 /* 144.126.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x907EF000 /* 144.126.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x907EF400 /* 144.126.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x907EF800 /* 144.126.248.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x907EFC00 /* 144.126.252.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92B98000 /* 146.185.128.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92B9A000 /* 146.185.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92B9B000 /* 146.185.176.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92B9B800 /* 146.185.184.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE0000 /* 146.190.0.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE0400 /* 146.190.4.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE0800 /* 146.190.8.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE0C00 /* 146.190.12.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE1000 /* 146.190.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE2000 /* 146.190.32.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE4000 /* 146.190.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE5000 /* 146.190.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE6000 /* 146.190.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE7000 /* 146.190.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BE8000 /* 146.190.128.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BEA000 /* 146.190.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BEB000 /* 146.190.176.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BEB800 /* 146.190.184.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BEBC00 /* 146.190.188.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BEC000 /* 146.190.192.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BEC400 /* 146.190.196.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BEC800 /* 146.190.200.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BECC00 /* 146.190.204.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BED000 /* 146.190.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BEE000 /* 146.190.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x92BEF000 /* 146.190.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x93B68000 /* 147.182.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x93B69000 /* 147.182.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x93B6A000 /* 147.182.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x93B6B000 /* 147.182.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x93B6C000 /* 147.182.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x93B6D000 /* 147.182.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x93B6E000 /* 147.182.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x93B6F000 /* 147.182.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x982A8000 /* 152.42.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x982A9000 /* 152.42.144.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x982A9400 /* 152.42.148.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x982A9800 /* 152.42.152.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x982A9C00 /* 152.42.156.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x982AA000 /* 152.42.160.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x982AC000 /* 152.42.192.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x982AE000 /* 152.42.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x982AF000 /* 152.42.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE60000 /* 157.230.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE61000 /* 157.230.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE62000 /* 157.230.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE63000 /* 157.230.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE64000 /* 157.230.64.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE64400 /* 157.230.68.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE64800 /* 157.230.72.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE64C00 /* 157.230.76.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE65000 /* 157.230.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE66000 /* 157.230.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE67000 /* 157.230.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE68000 /* 157.230.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE69000 /* 157.230.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE6A000 /* 157.230.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE6B000 /* 157.230.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE6C000 /* 157.230.192.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE6C400 /* 157.230.196.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE6C800 /* 157.230.200.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE6CC00 /* 157.230.204.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE6D000 /* 157.230.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE6E000 /* 157.230.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DE6F000 /* 157.230.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF50000 /* 157.245.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF51000 /* 157.245.16.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF51400 /* 157.245.20.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF51800 /* 157.245.24.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF51C00 /* 157.245.28.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF52000 /* 157.245.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF53000 /* 157.245.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF54000 /* 157.245.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF55000 /* 157.245.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF56000 /* 157.245.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF57000 /* 157.245.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF58000 /* 157.245.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF59000 /* 157.245.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF5A000 /* 157.245.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF5B000 /* 157.245.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF5C000 /* 157.245.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF5D000 /* 157.245.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF5E000 /* 157.245.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9DF5F000 /* 157.245.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F410000 /* 159.65.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F411000 /* 159.65.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F412000 /* 159.65.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F413000 /* 159.65.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F414000 /* 159.65.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F415000 /* 159.65.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F416000 /* 159.65.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F417000 /* 159.65.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F418000 /* 159.65.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F419000 /* 159.65.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F41A000 /* 159.65.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F41B000 /* 159.65.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F41C000 /* 159.65.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F41D000 /* 159.65.208.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F41D400 /* 159.65.212.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F41D800 /* 159.65.216.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F41E000 /* 159.65.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F41F000 /* 159.65.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F590000 /* 159.89.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F591000 /* 159.89.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F592000 /* 159.89.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F593000 /* 159.89.48.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F594000 /* 159.89.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F595000 /* 159.89.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F596000 /* 159.89.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F597000 /* 159.89.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F598000 /* 159.89.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F599000 /* 159.89.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59A000 /* 159.89.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59B000 /* 159.89.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59C000 /* 159.89.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59D000 /* 159.89.208.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59D400 /* 159.89.212.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59D800 /* 159.89.216.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59DC00 /* 159.89.220.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59E000 /* 159.89.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59F000 /* 159.89.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59F400 /* 159.89.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59F800 /* 159.89.248.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9F59FC00 /* 159.89.252.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB0000 /* 159.203.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB1000 /* 159.203.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB2000 /* 159.203.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB3000 /* 159.203.48.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB3400 /* 159.203.52.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB3800 /* 159.203.56.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB4000 /* 159.203.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB5000 /* 159.203.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB6000 /* 159.203.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB7000 /* 159.203.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB8000 /* 159.203.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB9000 /* 159.203.144.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB9400 /* 159.203.148.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB9800 /* 159.203.152.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCB9C00 /* 159.203.156.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCBA000 /* 159.203.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCBB000 /* 159.203.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCBC000 /* 159.203.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCBD000 /* 159.203.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCBE000 /* 159.203.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FCBF000 /* 159.203.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF0000 /* 159.223.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF1000 /* 159.223.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF2000 /* 159.223.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF3000 /* 159.223.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF4000 /* 159.223.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF5000 /* 159.223.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF6000 /* 159.223.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF7000 /* 159.223.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF8000 /* 159.223.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDF9000 /* 159.223.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDFA000 /* 159.223.160.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDFC000 /* 159.223.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDFD000 /* 159.223.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDFE000 /* 159.223.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDFF000 /* 159.223.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDFF400 /* 159.223.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0x9FDFF800 /* 159.223.248.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1230000 /* 161.35.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1231000 /* 161.35.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1232000 /* 161.35.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1233000 /* 161.35.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1234000 /* 161.35.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1235000 /* 161.35.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1236000 /* 161.35.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1237000 /* 161.35.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1238000 /* 161.35.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA1239000 /* 161.35.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA123A000 /* 161.35.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA123B000 /* 161.35.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA123C000 /* 161.35.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA123D000 /* 161.35.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA123E000 /* 161.35.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA123F000 /* 161.35.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA123F400 /* 161.35.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA123F800 /* 161.35.248.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA123FC00 /* 161.35.252.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F30000 /* 162.243.0.0/17 */, 17, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38000 /* 162.243.128.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38100 /* 162.243.129.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38200 /* 162.243.130.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38300 /* 162.243.131.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38400 /* 162.243.132.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38500 /* 162.243.133.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38600 /* 162.243.134.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38700 /* 162.243.135.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38800 /* 162.243.136.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38900 /* 162.243.137.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38A00 /* 162.243.138.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38B00 /* 162.243.139.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38C00 /* 162.243.140.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38D00 /* 162.243.141.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38E00 /* 162.243.142.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F38F00 /* 162.243.143.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F39000 /* 162.243.144.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F39100 /* 162.243.145.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F39200 /* 162.243.146.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F39300 /* 162.243.147.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F39400 /* 162.243.148.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F39500 /* 162.243.149.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F39600 /* 162.243.150.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F39700 /* 162.243.151.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F39800 /* 162.243.152.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F3A000 /* 162.243.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F3B100 /* 162.243.177.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F3B800 /* 162.243.184.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA2F3C000 /* 162.243.192.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA32F0800 /* 163.47.8.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45A8000 /* 164.90.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45A9000 /* 164.90.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45AA000 /* 164.90.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45AB000 /* 164.90.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45AC000 /* 164.90.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45AD000 /* 164.90.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45AE000 /* 164.90.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45AF000 /* 164.90.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45AF400 /* 164.90.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45AFC00 /* 164.90.252.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45C4000 /* 164.92.64.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45C6000 /* 164.92.96.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45C8000 /* 164.92.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45C9000 /* 164.92.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45CA000 /* 164.92.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45CB000 /* 164.92.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45CC000 /* 164.92.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45CD000 /* 164.92.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45CE000 /* 164.92.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA45CF000 /* 164.92.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5160000 /* 165.22.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5161000 /* 165.22.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5162000 /* 165.22.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5163000 /* 165.22.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5164000 /* 165.22.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5165000 /* 165.22.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5166000 /* 165.22.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5167000 /* 165.22.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5168000 /* 165.22.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5169000 /* 165.22.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA516A000 /* 165.22.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA516B000 /* 165.22.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA516C000 /* 165.22.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA516D000 /* 165.22.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA516E000 /* 165.22.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA516F000 /* 165.22.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E30000 /* 165.227.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E31000 /* 165.227.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E32000 /* 165.227.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E33000 /* 165.227.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E34000 /* 165.227.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E35000 /* 165.227.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E36000 /* 165.227.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E37000 /* 165.227.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E38000 /* 165.227.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E39000 /* 165.227.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E3A000 /* 165.227.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E3B000 /* 165.227.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E3C000 /* 165.227.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E3D000 /* 165.227.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E3E000 /* 165.227.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E3F000 /* 165.227.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E3F400 /* 165.227.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E3F800 /* 165.227.248.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E3FC00 /* 165.227.252.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E82000 /* 165.232.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E83000 /* 165.232.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E84000 /* 165.232.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E85000 /* 165.232.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E86000 /* 165.232.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E87000 /* 165.232.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E88000 /* 165.232.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E89000 /* 165.232.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E8A000 /* 165.232.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA5E8B000 /* 165.232.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7470000 /* 167.71.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7471000 /* 167.71.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7472000 /* 167.71.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7473000 /* 167.71.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7474000 /* 167.71.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7475000 /* 167.71.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7476000 /* 167.71.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7477000 /* 167.71.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7478000 /* 167.71.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7479000 /* 167.71.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA747A000 /* 167.71.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA747B000 /* 167.71.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA747C000 /* 167.71.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA747D000 /* 167.71.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA747E000 /* 167.71.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA747F000 /* 167.71.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7630000 /* 167.99.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7631000 /* 167.99.16.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7631400 /* 167.99.20.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7631800 /* 167.99.24.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7631C00 /* 167.99.28.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7632000 /* 167.99.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7633000 /* 167.99.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7634000 /* 167.99.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7635000 /* 167.99.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7636000 /* 167.99.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7637000 /* 167.99.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7638000 /* 167.99.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7639000 /* 167.99.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA763A000 /* 167.99.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA763B000 /* 167.99.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA763C000 /* 167.99.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA763D000 /* 167.99.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA763E000 /* 167.99.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA763F000 /* 167.99.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC0000 /* 167.172.0.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC0400 /* 167.172.4.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC0800 /* 167.172.8.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC0C00 /* 167.172.12.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC1000 /* 167.172.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC2000 /* 167.172.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC3000 /* 167.172.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC4000 /* 167.172.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC5000 /* 167.172.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC6000 /* 167.172.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC7000 /* 167.172.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC8000 /* 167.172.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7AC9000 /* 167.172.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7ACA000 /* 167.172.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7ACB000 /* 167.172.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7ACC000 /* 167.172.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7ACD000 /* 167.172.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7ACE000 /* 167.172.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xA7ACF000 /* 167.172.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAA408000 /* 170.64.128.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAA40C000 /* 170.64.192.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAA40E000 /* 170.64.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAA40F000 /* 170.64.240.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAA40F800 /* 170.64.248.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A0000 /* 174.138.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A1000 /* 174.138.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A2000 /* 174.138.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A3000 /* 174.138.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A4000 /* 174.138.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A5000 /* 174.138.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A6000 /* 174.138.96.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A6400 /* 174.138.100.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A6800 /* 174.138.104.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A6C00 /* 174.138.108.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A7000 /* 174.138.112.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A7400 /* 174.138.116.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A7800 /* 174.138.120.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xAE8A7C00 /* 174.138.124.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB23E0000 /* 178.62.0.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB23E4000 /* 178.62.64.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB23E8000 /* 178.62.128.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB23EC000 /* 178.62.192.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2800000 /* 178.128.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2801000 /* 178.128.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2802000 /* 178.128.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2803000 /* 178.128.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2804000 /* 178.128.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2805000 /* 178.128.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2806000 /* 178.128.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2807000 /* 178.128.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2808000 /* 178.128.128.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2808400 /* 178.128.132.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2808800 /* 178.128.136.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2808C00 /* 178.128.140.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB2809000 /* 178.128.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB280A000 /* 178.128.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB280B000 /* 178.128.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB280C000 /* 178.128.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB280D000 /* 178.128.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB280E000 /* 178.128.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB280F000 /* 178.128.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xB90EB800 /* 185.14.184.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA60000 /* 188.166.0.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA64000 /* 188.166.64.0/18 */, 18, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA68000 /* 188.166.128.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA68400 /* 188.166.132.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA68800 /* 188.166.136.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA68C00 /* 188.166.140.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA69000 /* 188.166.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6A000 /* 188.166.160.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6A800 /* 188.166.168.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6B000 /* 188.166.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6C000 /* 188.166.192.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6C400 /* 188.166.196.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6C800 /* 188.166.200.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6CC00 /* 188.166.204.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6D000 /* 188.166.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6E000 /* 188.166.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCA6F000 /* 188.166.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xBCE28000 /* 188.226.128.0/17 */, 17, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0223800 /* 192.34.56.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC051D000 /* 192.81.208.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC051D800 /* 192.81.216.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC051DC00 /* 192.81.220.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F18000 /* 192.241.128.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1A000 /* 192.241.160.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1A100 /* 192.241.161.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1A200 /* 192.241.162.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1A300 /* 192.241.163.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1A500 /* 192.241.165.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1A600 /* 192.241.166.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1A700 /* 192.241.167.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1A800 /* 192.241.168.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1A900 /* 192.241.169.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1AA00 /* 192.241.170.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1AB00 /* 192.241.171.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1AC00 /* 192.241.172.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1AD00 /* 192.241.173.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1AE00 /* 192.241.174.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1AF00 /* 192.241.175.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B000 /* 192.241.176.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B100 /* 192.241.177.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B200 /* 192.241.178.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B300 /* 192.241.179.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B400 /* 192.241.180.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B500 /* 192.241.181.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B600 /* 192.241.182.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B700 /* 192.241.183.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B800 /* 192.241.184.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1B900 /* 192.241.185.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1BA00 /* 192.241.186.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1BB00 /* 192.241.187.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1BC00 /* 192.241.188.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1BD00 /* 192.241.189.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1BE00 /* 192.241.190.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1BF00 /* 192.241.191.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C000 /* 192.241.192.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C100 /* 192.241.193.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C200 /* 192.241.194.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C300 /* 192.241.195.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C400 /* 192.241.196.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C500 /* 192.241.197.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C600 /* 192.241.198.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C700 /* 192.241.199.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C800 /* 192.241.200.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1C900 /* 192.241.201.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1CA00 /* 192.241.202.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1CB00 /* 192.241.203.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1CC00 /* 192.241.204.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1CD00 /* 192.241.205.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1CE00 /* 192.241.206.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1CF00 /* 192.241.207.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D000 /* 192.241.208.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D100 /* 192.241.209.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D200 /* 192.241.210.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D300 /* 192.241.211.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D400 /* 192.241.212.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D500 /* 192.241.213.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D600 /* 192.241.214.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D700 /* 192.241.215.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D800 /* 192.241.216.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1D900 /* 192.241.217.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1DA00 /* 192.241.218.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1DB00 /* 192.241.219.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1DC00 /* 192.241.220.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1DD00 /* 192.241.221.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1DE00 /* 192.241.222.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1DF00 /* 192.241.223.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E000 /* 192.241.224.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E100 /* 192.241.225.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E200 /* 192.241.226.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E300 /* 192.241.227.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E400 /* 192.241.228.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E500 /* 192.241.229.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E600 /* 192.241.230.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E700 /* 192.241.231.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E800 /* 192.241.232.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1E900 /* 192.241.233.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1EA00 /* 192.241.234.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1EB00 /* 192.241.235.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1EC00 /* 192.241.236.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1ED00 /* 192.241.237.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1EE00 /* 192.241.238.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1EF00 /* 192.241.239.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC0F1F000 /* 192.241.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C74000 /* 198.199.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C75000 /* 198.199.80.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C75800 /* 198.199.88.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C75C00 /* 198.199.92.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C75D00 /* 198.199.93.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C75E00 /* 198.199.94.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C75F00 /* 198.199.95.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76000 /* 198.199.96.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76100 /* 198.199.97.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76200 /* 198.199.98.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76400 /* 198.199.100.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76500 /* 198.199.101.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76600 /* 198.199.102.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76700 /* 198.199.103.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76800 /* 198.199.104.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76900 /* 198.199.105.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76A00 /* 198.199.106.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76B00 /* 198.199.107.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76C00 /* 198.199.108.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76D00 /* 198.199.109.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76E00 /* 198.199.110.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C76F00 /* 198.199.111.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77000 /* 198.199.112.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77100 /* 198.199.113.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77200 /* 198.199.114.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77300 /* 198.199.115.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77400 /* 198.199.116.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77500 /* 198.199.117.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77600 /* 198.199.118.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77700 /* 198.199.119.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77800 /* 198.199.120.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6C77C00 /* 198.199.124.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36000 /* 198.211.96.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36100 /* 198.211.97.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36200 /* 198.211.98.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36300 /* 198.211.99.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36400 /* 198.211.100.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36500 /* 198.211.101.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36600 /* 198.211.102.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36700 /* 198.211.103.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36800 /* 198.211.104.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36900 /* 198.211.105.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36A00 /* 198.211.106.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36B00 /* 198.211.107.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36C00 /* 198.211.108.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36D00 /* 198.211.109.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D36E00 /* 198.211.110.0/24 */, 24, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D37000 /* 198.211.112.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D37400 /* 198.211.116.0/23 */, 23, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D37600 /* 198.211.118.0/23 */, 23, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xC6D37800 /* 198.211.120.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCC301000 /* 204.48.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCE510000 /* 206.81.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCE511000 /* 206.81.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD0000 /* 206.189.0.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD1000 /* 206.189.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD2000 /* 206.189.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD3000 /* 206.189.48.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD4000 /* 206.189.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD5000 /* 206.189.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD6000 /* 206.189.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD7000 /* 206.189.112.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD8000 /* 206.189.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBD9000 /* 206.189.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBDA000 /* 206.189.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBDB000 /* 206.189.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBDC000 /* 206.189.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBDD000 /* 206.189.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBDE000 /* 206.189.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBDF000 /* 206.189.240.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBDF400 /* 206.189.244.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBDF800 /* 206.189.248.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCEBDFC00 /* 206.189.252.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCF9AC000 /* 207.154.192.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCF9AD000 /* 207.154.208.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCF9AE000 /* 207.154.224.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xCF9AF000 /* 207.154.240.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD0442400 /* 208.68.36.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1260000 /* 209.38.0.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1260400 /* 209.38.4.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1260800 /* 209.38.8.0/21 */, 21, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1261000 /* 209.38.16.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1262000 /* 209.38.32.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1263000 /* 209.38.48.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1263400 /* 209.38.52.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1263800 /* 209.38.56.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1263C00 /* 209.38.60.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1264000 /* 209.38.64.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1265000 /* 209.38.80.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1266000 /* 209.38.96.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1267000 /* 209.38.112.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1267400 /* 209.38.116.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1267800 /* 209.38.120.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1268000 /* 209.38.128.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD126A000 /* 209.38.160.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD126A400 /* 209.38.164.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD126A800 /* 209.38.168.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD126AC00 /* 209.38.172.0/22 */, 22, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD126B000 /* 209.38.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD126C000 /* 209.38.192.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD126E000 /* 209.38.224.0/19 */, 19, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1618000 /* 209.97.128.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD1619000 /* 209.97.144.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD161A000 /* 209.97.160.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + { 0xD161B000 /* 209.97.176.0/20 */, 20, NDPI_PROTOCOL_DIGITALOCEAN }, + /* End */ + { 0x0, 0, 0 } +}; + +static ndpi_network6 ndpi_protocol_digitalocean_protocol_list_6[] = { + { "2400:6180:0:d0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2400:6180:0:d1::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2400:6180:0:d2::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2400:6180:0:d3::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2400:6180:10:200::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2400:6180:100:d0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1010::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1011::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1012::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1013::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1014::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1015::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1016::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1017::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1018::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1019::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1020::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1021::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1022::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1023::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1024::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1025::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1026::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1027::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1028::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:1029::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2010::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2011::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2012::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2013::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2014::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2015::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2016::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2017::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2018::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2019::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2020::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2021::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2022::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2023::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2024::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2025::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2026::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2027::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2028::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:2029::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:0:202a::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:1:20::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:1:4a::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:2:d0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:2:d1::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:4:1d0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:400:d0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:400:d1::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:800:10::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:800:11::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:800:12::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:800:13::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:800:14::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:800:a1::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:800:c1::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:803::", 48, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2604:a880:cad:d0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:108::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:126::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:127::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:128::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:129::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:130::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:131::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:132::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:133::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:134::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:135::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:136::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:137::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:138::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:139::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:140::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:141::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:142::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:143::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:144::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:145::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:146::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:147::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:148::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:149::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:150::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:151::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:152::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:153::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:154::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:155::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1010::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1011::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1012::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1013::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1014::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1015::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1016::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1017::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1018::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1019::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1020::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1021::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1022::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1023::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1024::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1025::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1026::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1027::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1028::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1029::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1030::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1031::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1032::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1033::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1034::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1035::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1036::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1037::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1038::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1039::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1040::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1041::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1042::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1043::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1044::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1045::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1046::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1047::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1048::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1049::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1050::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:0:1051::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:1:a1::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:1:d0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:1:e0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:2:d0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:2:f0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:3:d0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:3:e0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + { "2a03:b0c0:3:f0::", 64, NDPI_PROTOCOL_DIGITALOCEAN }, + /* End */ + { NULL, 0, 0 } +}; diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 97fced4c1..6481c1a7c 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -487,6 +487,8 @@ static ndpi_protocol_match host_match[] = { "cnn.com", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "digitalocean.com", "DigitalOcean", NDPI_PROTOCOL_DIGITALOCEAN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "dropboxstatic.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "dropbox-dns.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f4b8a5612..e389e930f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -78,6 +78,7 @@ #include "inc_generated/ndpi_zoom_match.c.inc" #include "inc_generated/ndpi_cachefly_match.c.inc" #include "inc_generated/ndpi_cloudflare_match.c.inc" +#include "inc_generated/ndpi_digitalocean_match.c.inc" #include "inc_generated/ndpi_ms_office365_match.c.inc" #include "inc_generated/ndpi_ms_onedrive_match.c.inc" #include "inc_generated/ndpi_ms_outlook_match.c.inc" @@ -125,6 +126,7 @@ #include "inc_generated/ndpi_asn_nvidia.c.inc" #include "inc_generated/ndpi_asn_roblox.c.inc" + /* Third party libraries */ #include "third_party/include/ndpi_patricia.h" #include "third_party/include/ndpi_md5.h" @@ -3632,6 +3634,10 @@ int ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str) ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_cloudflare_protocol_list); ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_cloudflare_protocol_list_6); } + if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_DIGITALOCEAN)) { + ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_digitalocean_protocol_list); + ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_digitalocean_protocol_list_6); + } if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_GOOGLE)) { ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_google_protocol_list); ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_google_protocol_list_6); diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out index 0e807b016..b68368030 100644 --- a/tests/cfgs/caches_cfg/result/teams.pcap.out +++ b/tests/cfgs/caches_cfg/result/teams.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 82/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 121/47 (search/found) +Patricia protocols: 119/49 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 4 456 1 @@ -93,8 +93,8 @@ JA Host Stats: 37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332][Peer IP/Port: 159.145.24.130:64794][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/caches_global/result/teams.pcap.out b/tests/cfgs/caches_global/result/teams.pcap.out index 230275d54..095f3cd87 100644 --- a/tests/cfgs/caches_global/result/teams.pcap.out +++ b/tests/cfgs/caches_global/result/teams.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 82/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 121/47 (search/found) +Patricia protocols: 119/49 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 4 456 1 @@ -93,8 +93,8 @@ JA Host Stats: 37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332][Peer IP/Port: 159.145.24.130:64794][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/6in4tunnel.pcap.out b/tests/cfgs/default/result/6in4tunnel.pcap.out index f35e72811..ff4eea3e4 100644 --- a/tests/cfgs/default/result/6in4tunnel.pcap.out +++ b/tests/cfgs/default/result/6in4tunnel.pcap.out @@ -20,7 +20,7 @@ Patricia risk mask IPv6: 16/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 10/1 (search/found) Patricia protocols: 0/0 (search/found) -Patricia protocols IPv6: 17/4 (search/found) +Patricia protocols IPv6: 11/10 (search/found) HTTP 10 1792 1 IMAPS 4 516 2 @@ -37,13 +37,13 @@ JA Host Stats: 1 2001:470:1f17:13f:3e97:eff:fe73:4dec 2 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][Goodput ratio: 35/89][0.60 sec][Hostname/SNI: mail.tomasu.net][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/36 142/142 57/55][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165/935 629/1847 139/680][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_28400_5c453b01be6e/Unknown][TLSv1.2][JA4: t12d660800_05dad94a8930_ad3c3a211394][ServerNames: mail.tomasu.net,www.mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=mail.tomasu.net][Certificate SHA-1: 9C:00:A2:31:8F:66:C6:E2:D8:E8:1E:6F:52:49:AD:15:0A:8B:7C:68][Firefox][Validity: 2014-01-29 00:00:00 - 2019-01-28 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,7,0,7,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,35,0,0,7] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 12][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][Goodput ratio: 35/89][0.60 sec][Hostname/SNI: mail.tomasu.net][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/36 142/142 57/55][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165/935 629/1847 139/680][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_28400_5c453b01be6e/Unknown][TLSv1.2][JA4: t12d660800_05dad94a8930_ad3c3a211394][ServerNames: mail.tomasu.net,www.mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=mail.tomasu.net][Certificate SHA-1: 9C:00:A2:31:8F:66:C6:E2:D8:E8:1E:6F:52:49:AD:15:0A:8B:7C:68][Firefox][Validity: 2014-01-29 00:00:00 - 2019-01-28 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,7,0,7,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,35,0,0,7] 2 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: DNS][DPI packets: 7][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][Goodput ratio: 72/77][0.53 sec][Hostname/SNI: www.facebook.com][(Advertised) ALPNs: spdy/3.1;h2-14;h2;http/1.1][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/23 98/97 33/36][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 383/469 1504/1911 467/576][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1311sp_94beff773b37_06a4338d0495][ServerNames: *.facebook.com,facebook.com,*.xz.fbcdn.net,messenger.com,fb.com,*.m.facebook.com,*.fbsbx.com,*.xy.fbcdn.net,*.messenger.com,*.fb.com,*.fbcdn.net,*.xx.fbcdn.net,*.facebook.net][JA3S: 6806b8fe92d7d465715d771eb102ff04][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: 93:C6:FD:1A:84:90:BB:F1:B2:3B:49:A0:9B:1F:6F:0B:46:7A:31:41][Validity: 2014-08-28 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,32,5,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,15,0,0,0,5] - 3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][Goodput ratio: 41/41][22.14 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1001/1001 1001/1012 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138/138 138/138 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Goodput ratio: 18/57][0.82 sec][Hostname/SNI: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 164/56 495/110 171/54][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131/252 248/680 52/247][URL: mail.tomasu.net/][StatusCode: 301][Content-Type: text/html][Server: Apache/2.4.10 (Debian)][User-Agent: Wget/1.16.3 (linux-gnu)][TCP Fingerprint: 2_64_28400_5c453b01be6e/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][Goodput ratio: 41/41][22.14 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1001/1001 1001/1012 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138/138 138/138 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Goodput ratio: 18/57][0.82 sec][Hostname/SNI: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 164/56 495/110 171/54][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131/252 248/680 52/247][URL: mail.tomasu.net/][StatusCode: 301][Content-Type: text/html][Server: Apache/2.4.10 (Debian)][User-Agent: Wget/1.16.3 (linux-gnu)][TCP Fingerprint: 2_64_28400_5c453b01be6e/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Crawler/Bot **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][PLAIN TEXT (ds 0/u6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 6 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 5.119/DNS.Facebook, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/133 bytes <-> 1 pkts/273 bytes][Goodput ratio: 38/70][0.09 sec][Hostname/SNI: star.c10r.facebook.com][2a03:2880:1010:6f03:face:b00c::2][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 5.119/DNS.Facebook, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/133 bytes <-> 1 pkts/261 bytes][Goodput ratio: 38/68][0.09 sec][Hostname/SNI: star.c10r.facebook.com][173.252.120.6][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 51/IMAPS, Confidence: DPI][DPI packets: 2][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.01 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 51/IMAPS, Confidence: DPI][DPI packets: 2][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.07 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 51/IMAPS, Confidence: DPI][DPI packets: 2][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.01 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 51/IMAPS, Confidence: DPI][DPI packets: 2][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.07 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out index 3f0e0a12e..211d18456 100644 --- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out @@ -26,6 +26,6 @@ CustomProtocolC 3 222 1 Acceptable 8 592 3 - 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.448/TLS.CustomProtocolA][IP: 448/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.449/TLS.CustomProtocolA][IP: 449/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 449/CustomProtocolB][IP: 449/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 450/CustomProtocolB][IP: 450/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out index 883b13b95..7a58f10f3 100644 --- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -17,7 +17,7 @@ Patricia risk mask: 490/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 484/6 (search/found) +Patricia protocols: 472/18 (search/found) Patricia protocols IPv6: 0/0 (search/found) DNScrypt 488 309562 245 @@ -30,13 +30,13 @@ Acceptable 488 309562 245 4 UDP 10.0.0.1:41800 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/361 bytes][Goodput ratio: 97/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 5 UDP 10.0.0.1:50913 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/361 bytes][Goodput ratio: 97/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 6 UDP 10.0.0.1:56902 <-> 172.104.93.80:1443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/361 bytes][Goodput ratio: 97/88][0.19 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 7 UDP 10.0.0.1:33143 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 7 UDP 10.0.0.1:33143 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 8 UDP 10.0.0.1:36676 <-> 176.56.237.171:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 9 UDP 10.0.0.1:40209 <-> 77.66.84.233:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 10 UDP 10.0.0.1:42141 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.11 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 10 UDP 10.0.0.1:42141 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.11 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 11 UDP 10.0.0.1:50757 <-> 77.66.84.233:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 12 UDP 10.0.0.1:55046 <-> 176.56.237.171:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 13 UDP 10.0.0.1:55185 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 13 UDP 10.0.0.1:55185 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 14 UDP 10.0.0.1:57109 <-> 77.66.84.233:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/234 bytes][Goodput ratio: 97/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 15 UDP 10.0.0.1:33521 <-> 51.15.62.65:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/231 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 16 UDP 10.0.0.1:38812 <-> 51.15.62.65:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/231 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] @@ -99,10 +99,10 @@ Acceptable 488 309562 245 73 UDP 10.0.0.1:54204 <-> 144.91.106.227:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 74 UDP 10.0.0.1:59709 <-> 51.15.122.250:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/225 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 75 UDP 10.0.0.1:33279 <-> 193.191.187.107:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 76 UDP 10.0.0.1:37595 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 76 UDP 10.0.0.1:37595 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 77 UDP 10.0.0.1:38278 <-> 205.185.116.116:553 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 78 UDP 10.0.0.1:43609 <-> 41.79.69.13:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 79 UDP 10.0.0.1:43633 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 79 UDP 10.0.0.1:43633 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 80 UDP 10.0.0.1:46229 <-> 41.79.69.13:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.18 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 81 UDP 10.0.0.1:49040 <-> 193.191.187.107:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 82 UDP 10.0.0.1:51770 <-> 205.185.116.116:553 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] @@ -111,7 +111,7 @@ Acceptable 488 309562 245 85 UDP 10.0.0.1:55267 <-> 45.76.113.31:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.33 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 86 UDP 10.0.0.1:55822 <-> 205.185.116.116:553 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 87 UDP 10.0.0.1:56043 <-> 41.79.69.13:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.17 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] - 88 UDP 10.0.0.1:59194 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] + 88 UDP 10.0.0.1:59194 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.04 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 89 UDP 10.0.0.1:59707 <-> 45.76.113.31:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/224 bytes][Goodput ratio: 97/81][0.32 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 90 UDP 10.0.0.1:33369 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] 91 UDP 10.0.0.1:44282 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/222 bytes][Goodput ratio: 97/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0] @@ -161,15 +161,15 @@ Acceptable 488 309562 245 135 UDP 10.0.0.1:35734 <-> 5.189.170.196:465 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/237 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 136 UDP 10.0.0.1:40748 <-> 5.189.170.196:465 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/237 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 137 UDP 10.0.0.1:44496 <-> 5.189.170.196:465 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/237 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 138 UDP 10.0.0.1:36335 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 139 UDP 10.0.0.1:37287 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 138 UDP 10.0.0.1:36335 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 139 UDP 10.0.0.1:37287 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 140 UDP 10.0.0.1:41717 <-> 176.56.237.171:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 141 UDP 10.0.0.1:46140 <-> 77.66.84.233:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 142 UDP 10.0.0.1:49008 <-> 176.56.237.171:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 143 UDP 10.0.0.1:49568 <-> 77.66.84.233:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 144 UDP 10.0.0.1:49732 <-> 77.66.84.233:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 145 UDP 10.0.0.1:51363 <-> 176.56.237.171:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 146 UDP 10.0.0.1:54375 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 146 UDP 10.0.0.1:54375 <-> 107.170.57.34:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/234 bytes][Goodput ratio: 92/82][0.10 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 147 UDP 10.0.0.1:43714 <-> 51.15.62.65:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/231 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 148 UDP 10.0.0.1:45993 <-> 51.15.62.65:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/231 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 149 UDP 10.0.0.1:60735 <-> 51.15.62.65:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/231 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -245,14 +245,14 @@ Acceptable 488 309562 245 219 UDP 10.0.0.1:43528 <-> 205.185.116.116:553 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.15 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 220 UDP 10.0.0.1:43776 <-> 45.76.113.31:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.31 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 221 UDP 10.0.0.1:45682 <-> 139.99.222.72:8443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.26 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 222 UDP 10.0.0.1:47341 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 222 UDP 10.0.0.1:47341 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 223 UDP 10.0.0.1:49115 <-> 193.191.187.107:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 224 UDP 10.0.0.1:50335 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 224 UDP 10.0.0.1:50335 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 225 UDP 10.0.0.1:50601 <-> 139.99.222.72:8443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.26 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 226 UDP 10.0.0.1:51589 <-> 45.76.113.31:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.32 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 227 UDP 10.0.0.1:56177 <-> 41.79.69.13:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.16 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 228 UDP 10.0.0.1:59400 <-> 139.99.222.72:8443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.26 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 229 UDP 10.0.0.1:59476 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 229 UDP 10.0.0.1:59476 <-> 139.59.200.116:443 [proto: 208/DNScrypt][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/224 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 230 UDP 10.0.0.1:34885 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 231 UDP 10.0.0.1:44093 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.03 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 232 UDP 10.0.0.1:47865 <-> 195.30.94.28:8443 [proto: 208/DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 208/DNScrypt, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/554 bytes <-> 1 pkts/222 bytes][Goodput ratio: 92/81][0.02 sec][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/emotet.pcap.out b/tests/cfgs/default/result/emotet.pcap.out index 8fef1932e..266d5ee76 100644 --- a/tests/cfgs/default/result/emotet.pcap.out +++ b/tests/cfgs/default/result/emotet.pcap.out @@ -17,7 +17,7 @@ Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 12/0 (search/found) +Patricia protocols: 10/2 (search/found) Patricia protocols IPv6: 0/0 (search/found) SMTP 50 18605 1 @@ -36,5 +36,5 @@ JA Host Stats: 2 TCP 10.2.25.102:57309 <-> 193.252.22.84:587 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Email/3][23 pkts/16752 bytes <-> 27 pkts/1853 bytes][Goodput ratio: 93/21][8.35 sec][Hostname/SNI: opmta1mto02nd1][bytes ratio: 0.801 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 276/345 1205/3054 406/694][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 728/69 1514/214 702/33][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (220 opmta)][Plen Bins: 31,27,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 3 TCP 10.4.25.101:49797 <-> 77.105.36.156:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][5 pkts/452 bytes <-> 10 pkts/10518 bytes][Goodput ratio: 34/95][0.48 sec][Hostname/SNI: filmmogzivota.rs][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 159/37 292/171 121/64][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 90/1052 206/1442 58/553][URL: filmmogzivota.rs/SpryAssets/gDR/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: vBKbaQgjyvRRbcgfvlsc][Filename: TfBXbg6gEAqeHioMEKOtCAAn73.dll][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** Binary File/Data Transfer (Attempt) **][Risk Score: 300][Risk Info: UA vBKbaQgjyvRRbcgfvlsc / Found mime exe x-msdownload / File download TfBXbg6gEAqeHioMEKOtCAAn73.dll][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /SpryAssets/gDR/ HTTP/1.1)][Plen Bins: 0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,66,0,0,0,0] 4 TCP 10.4.20.102:54319 <-> 107.161.178.210:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Download/7][7 pkts/645 bytes <-> 7 pkts/8714 bytes][Goodput ratio: 35/96][0.38 sec][Hostname/SNI: gandhitoday.org][bytes ratio: -0.862 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/54 260/260 100/103][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 92/1245 279/1442 76/483][URL: gandhitoday.org/video/6JvA8/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko][Filename: EGh7x6aKN3ILP.dll][Risk: ** Binary App Transfer **** Binary File/Data Transfer (Attempt) **][Risk Score: 200][Risk Info: Found mime exe x-msdownload / File download EGh7x6aKN3ILP.dll][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][PLAIN TEXT (GET /video/6J)][Plen Bins: 0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,85,0,0,0,0] - 5 TCP 10.4.25.101:49803 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/1130 bytes <-> 8 pkts/6240 bytes][Goodput ratio: 64/93][1.65 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 14/0 75/231 122/1117 39/400][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 161/780 534/1442 161/663][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / SNI should always be present / C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: ec74a5c51106f0419184d0dd08fb05bc][Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Certificate SHA-1: 43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93][Firefox][Validity: 2022-04-21 10:08:46 - 2023-04-21 10:08:46][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,12,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0] - 6 TCP 10.4.25.101:49804 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1517 bytes <-> 7 pkts/1208 bytes][Goodput ratio: 61/66][48.61 sec][bytes ratio: 0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5997/806 44782/3012 14692/1274][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 152/173 607/714 179/224][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,16,0,0,0,0,0,0,16,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 10.4.25.101:49803 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Web/5][7 pkts/1130 bytes <-> 8 pkts/6240 bytes][Goodput ratio: 64/93][1.65 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 14/0 75/231 122/1117 39/400][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 161/780 534/1442 161/663][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / SNI should always be present / C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: ec74a5c51106f0419184d0dd08fb05bc][Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Certificate SHA-1: 43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93][Firefox][Validity: 2022-04-21 10:08:46 - 2023-04-21 10:08:46][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,12,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0] + 6 TCP 10.4.25.101:49804 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Web/5][10 pkts/1517 bytes <-> 7 pkts/1208 bytes][Goodput ratio: 61/66][48.61 sec][bytes ratio: 0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5997/806 44782/3012 14692/1274][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 152/173 607/714 179/224][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN / SNI should always be present][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,16,0,0,0,0,0,0,16,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ethereum.pcap.out b/tests/cfgs/default/result/ethereum.pcap.out index e3bd25da8..0c2703b2e 100644 --- a/tests/cfgs/default/result/ethereum.pcap.out +++ b/tests/cfgs/default/result/ethereum.pcap.out @@ -21,27 +21,27 @@ Patricia risk mask: 42/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 121/28 (search/found) +Patricia protocols: 112/37 (search/found) Patricia protocols IPv6: 0/0 (search/found) ETHEREUM 2000 216111 74 Acceptable 2000 216111 74 - 1 TCP 192.168.1.184:56626 <-> 178.128.195.220:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][32 pkts/3294 bytes <-> 37 pkts/3156 bytes][Goodput ratio: 36/21][0.16 sec][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/4 42/62 8/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/85 612/470 105/69][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 62,21,0,3,3,0,0,0,3,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.184:56626 <-> 178.128.195.220:30303 [proto: 354/ETHEREUM][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][32 pkts/3294 bytes <-> 37 pkts/3156 bytes][Goodput ratio: 36/21][0.16 sec][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/4 42/62 8/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/85 612/470 105/69][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 62,21,0,3,3,0,0,0,3,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.184:56638 <-> 209.250.240.205:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][34 pkts/3347 bytes <-> 28 pkts/2774 bytes][Goodput ratio: 34/32][0.15 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/3 43/41 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/99 481/560 79/95][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 43,29,0,14,3,3,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.184:56660 <-> 51.161.23.12:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][36 pkts/3241 bytes <-> 29 pkts/2723 bytes][Goodput ratio: 29/31][0.57 sec][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 147/141 36/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/94 639/487 96/81][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 63,21,3,3,3,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.1.184:56658 <-> 157.230.152.87:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][37 pkts/3341 bytes <-> 27 pkts/2583 bytes][Goodput ratio: 28/32][0.72 sec][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/22 182/184 53/59][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/96 649/457 96/79][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 63,21,3,3,0,3,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.184:56658 <-> 157.230.152.87:30303 [proto: 354/ETHEREUM][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][37 pkts/3341 bytes <-> 27 pkts/2583 bytes][Goodput ratio: 28/32][0.72 sec][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/22 182/184 53/59][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/96 649/457 96/79][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 63,21,3,3,0,3,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 192.168.1.184:56645 <-> 185.219.133.62:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][34 pkts/3018 bytes <-> 27 pkts/2540 bytes][Goodput ratio: 25/31][0.20 sec][bytes ratio: 0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/8 51/49 13/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 89/94 476/448 71/77][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 61,23,3,3,3,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 192.168.1.184:56650 <-> 35.228.250.140:30303 [proto: 354/ETHEREUM][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][30 pkts/2806 bytes <-> 24 pkts/2380 bytes][Goodput ratio: 29/35][0.23 sec][bytes ratio: 0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/6 57/56 18/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 94/99 528/508 84/92][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (J/hy@y)][Plen Bins: 52,31,3,3,3,0,0,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 192.168.1.184:56646 <-> 172.105.94.62:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][28 pkts/2738 bytes <-> 24 pkts/2370 bytes][Goodput ratio: 32/36][0.22 sec][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/15 116/91 24/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/99 540/398 89/89][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 56,20,4,4,0,0,4,4,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 192.168.1.184:56661 <-> 52.9.128.68:30303 [proto: 354/ETHEREUM][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][30 pkts/2768 bytes <-> 23 pkts/2318 bytes][Goodput ratio: 30/36][0.76 sec][bytes ratio: 0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/18 194/193 61/55][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 92/101 538/494 87/90][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 56,27,3,3,3,0,0,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 192.168.1.184:56674 <-> 94.68.55.162:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][29 pkts/2801 bytes <-> 21 pkts/2262 bytes][Goodput ratio: 32/40][0.29 sec][bytes ratio: 0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 74/75 24/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 97/108 613/570 101/109][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 48,32,4,4,4,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 192.168.1.184:56671 <-> 86.107.243.62:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][28 pkts/2804 bytes <-> 20 pkts/2138 bytes][Goodput ratio: 34/41][0.18 sec][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 39/38 13/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 100/107 606/430 100/101][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 56,20,4,4,0,0,4,4,0,0,0,4,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 192.168.1.184:56643 <-> 178.62.29.183:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][31 pkts/2879 bytes <-> 23 pkts/2042 bytes][Goodput ratio: 29/27][0.18 sec][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/8 48/47 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 93/89 535/384 84/68][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 63,22,0,7,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 192.168.1.184:56643 <-> 178.62.29.183:30303 [proto: 354/ETHEREUM][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][31 pkts/2879 bytes <-> 23 pkts/2042 bytes][Goodput ratio: 29/27][0.18 sec][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/8 48/47 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 93/89 535/384 84/68][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 63,22,0,7,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 192.168.1.184:56673 <-> 78.47.147.155:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][28 pkts/2855 bytes <-> 9 pkts/1461 bytes][Goodput ratio: 34/59][0.41 sec][bytes ratio: 0.323 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/65 285/246 57/92][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/162 633/413 105/126][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 56,20,4,4,0,0,4,4,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 192.168.1.184:56634 <-> 159.203.84.31:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][21 pkts/2209 bytes <-> 23 pkts/2019 bytes][Goodput ratio: 37/29][0.33 sec][bytes ratio: 0.045 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/18 109/109 34/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/88 637/579 122/105][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 192.168.1.184:56610 <-> 165.22.107.33:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][21 pkts/2212 bytes <-> 24 pkts/1962 bytes][Goodput ratio: 37/23][0.92 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/58 339/287 99/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/82 640/462 123/80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 192.168.1.184:56634 <-> 159.203.84.31:30303 [proto: 354/ETHEREUM][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][21 pkts/2209 bytes <-> 23 pkts/2019 bytes][Goodput ratio: 37/29][0.33 sec][bytes ratio: 0.045 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/18 109/109 34/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/88 637/579 122/105][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 192.168.1.184:56610 <-> 165.22.107.33:30303 [proto: 354/ETHEREUM][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][21 pkts/2212 bytes <-> 24 pkts/1962 bytes][Goodput ratio: 37/23][0.92 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/58 339/287 99/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105/82 640/462 123/80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 192.168.1.184:56621 <-> 52.187.207.27:30303 [proto: 354/ETHEREUM][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][21 pkts/2163 bytes <-> 21 pkts/1843 bytes][Goodput ratio: 35/28][0.99 sec][bytes ratio: 0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/53 354/316 105/118][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103/88 591/517 112/96][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP 192.168.1.184:56620 <-> 191.234.162.198:30303 [proto: 354/ETHEREUM][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][21 pkts/2150 bytes <-> 21 pkts/1845 bytes][Goodput ratio: 35/28][0.70 sec][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/37 263/221 76/82][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102/88 578/525 110/98][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 192.168.1.184:56611 <-> 104.42.217.25:30303 [proto: 354/ETHEREUM][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][21 pkts/2128 bytes <-> 21 pkts/1859 bytes][Goodput ratio: 34/29][0.57 sec][bytes ratio: 0.067 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/34 201/202 62/75][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101/89 556/533 105/100][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 66,17,0,5,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -67,11 +67,11 @@ Acceptable 2000 216111 74 37 TCP 192.168.1.184:56641 <-> 144.91.120.135:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1914 bytes <-> 14 pkts/1422 bytes][Goodput ratio: 41/37][0.12 sec][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 30/29 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 113/102 606/390 127/97][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 55,15,0,7,0,0,7,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 TCP 192.168.1.184:56681 <-> 207.180.206.216:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1864 bytes <-> 13 pkts/1420 bytes][Goodput ratio: 40/42][0.16 sec][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 40/40 16/17][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 110/109 568/384 118/98][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 50,14,7,7,0,0,7,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 192.168.1.184:56617 <-> 34.97.172.22:30303 [proto: 354/ETHEREUM][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1834 bytes <-> 12 pkts/1437 bytes][Goodput ratio: 39/46][1.13 sec][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 62/68 318/271 118/117][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 108/120 538/461 111/119][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP 192.168.1.184:56613 <-> 162.243.160.83:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1832 bytes <-> 14 pkts/1433 bytes][Goodput ratio: 38/38][0.51 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/52 154/153 55/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 108/102 524/401 108/99][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (fOZarJ)][Plen Bins: 55,15,0,7,0,0,7,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.184:56613 <-> 162.243.160.83:30303 [proto: 354/ETHEREUM][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1832 bytes <-> 14 pkts/1433 bytes][Goodput ratio: 38/38][0.51 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/52 154/153 55/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 108/102 524/401 108/99][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (fOZarJ)][Plen Bins: 55,15,0,7,0,0,7,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 41 TCP 192.168.1.184:56633 <-> 82.145.220.249:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1816 bytes <-> 15 pkts/1418 bytes][Goodput ratio: 38/34][0.20 sec][bytes ratio: 0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/38 76/77 26/38][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 107/95 508/488 104/106][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 50,28,0,7,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 TCP 192.168.1.184:56679 <-> 35.228.158.52:30303 [proto: 354/ETHEREUM][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1748 bytes <-> 13 pkts/1472 bytes][Goodput ratio: 36/44][0.23 sec][bytes ratio: 0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 59/60 23/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/113 452/436 92/109][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 TCP 192.168.1.184:56670 <-> 167.86.122.50:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1751 bytes <-> 13 pkts/1439 bytes][Goodput ratio: 36/42][0.16 sec][bytes ratio: 0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/13 43/38 16/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/111 455/403 93/102][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 50,14,7,7,0,0,7,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 TCP 192.168.1.184:56642 <-> 178.62.10.218:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1777 bytes <-> 12 pkts/1369 bytes][Goodput ratio: 37/44][0.17 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 9/22 43/42 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 105/114 481/399 99/104][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 50,14,7,7,0,0,7,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 TCP 192.168.1.184:56642 <-> 178.62.10.218:30303 [proto: 354/ETHEREUM][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1777 bytes <-> 12 pkts/1369 bytes][Goodput ratio: 37/44][0.17 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 9/22 43/42 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 105/114 481/399 99/104][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 50,14,7,7,0,0,7,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 192.168.1.184:56684 <-> 51.83.237.44:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][17 pkts/1923 bytes <-> 7 pkts/1108 bytes][Goodput ratio: 42/58][0.13 sec][bytes ratio: 0.269 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/14 43/42 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 113/158 627/432 132/132][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 50,14,7,7,0,0,7,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 192.168.1.184:56655 <-> 202.112.28.106:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][18 pkts/1982 bytes <-> 6 pkts/948 bytes][Goodput ratio: 39/57][0.88 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/110 436/438 148/190][Pkt Len c2s/s2c min/avg/max/stddev: 66/67 110/158 560/434 113/130][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 50,25,0,12,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 TCP 192.168.1.184:56662 <-> 35.229.232.19:30303 [proto: 354/ETHEREUM][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][21 pkts/1833 bytes <-> 9 pkts/1016 bytes][Goodput ratio: 37/49][0.59 sec][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/48 298/288 92/107][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 87/113 489/487 94/133][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 65,17,0,5,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -88,12 +88,12 @@ Acceptable 2000 216111 74 58 TCP 192.168.1.184:56612 <-> 66.42.82.246:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][3 pkts/639 bytes <-> 2 pkts/140 bytes][Goodput ratio: 67/0][0.32 sec][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 TCP 192.168.1.184:56680 <-> 138.59.17.58:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][3 pkts/657 bytes <-> 1 pkts/74 bytes][Goodput ratio: 68/0][0.20 sec][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 UDP 183.129.242.164:1024 <-> 192.168.1.184:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 354/ETHEREUM, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][2 pkts/360 bytes <-> 2 pkts/362 bytes][Goodput ratio: 76/77][0.38 sec][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 TCP 192.168.1.184:56686 <-> 206.189.107.35:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Crypto_Currency/106][3 pkts/617 bytes <-> 1 pkts/74 bytes][Goodput ratio: 66/0][0.05 sec][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 TCP 192.168.1.184:56686 <-> 206.189.107.35:30303 [proto: 354/ETHEREUM][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][3 pkts/617 bytes <-> 1 pkts/74 bytes][Goodput ratio: 66/0][0.05 sec][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 TCP 192.168.1.184:56678 <-> 13.251.14.199:30303 [proto: 354/ETHEREUM][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Crypto_Currency/106][3 pkts/614 bytes <-> 1 pkts/74 bytes][Goodput ratio: 66/0][0.25 sec][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 63 UDP 192.168.1.184:30303 <-> 66.42.82.246:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 354/ETHEREUM, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][2 pkts/383 bytes <-> 1 pkts/191 bytes][Goodput ratio: 78/78][0.64 sec][Plen Bins: 0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 64 UDP 87.14.222.25:56693 -> 192.168.1.184:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 354/ETHEREUM, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.06 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 65 UDP 192.168.1.184:30303 -> 111.229.0.180:20182 [proto: 354/ETHEREUM][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 354/ETHEREUM, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 66 UDP 192.168.1.184:30303 -> 209.97.143.1:50000 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 354/ETHEREUM, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 66 UDP 192.168.1.184:30303 -> 209.97.143.1:50000 [proto: 354/ETHEREUM][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 354/ETHEREUM, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][1.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 67 UDP 192.168.1.184:30303 <-> 202.112.28.106:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 354/ETHEREUM, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][1 pkts/170 bytes <-> 1 pkts/191 bytes][Goodput ratio: 75/78][0.44 sec][PLAIN TEXT (0/XoR/Q)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 68 UDP 192.168.1.184:30303 <-> 167.86.122.50:30303 [proto: 354/ETHEREUM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 354/ETHEREUM, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][1 pkts/170 bytes <-> 1 pkts/189 bytes][Goodput ratio: 75/77][0.03 sec][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 69 UDP 3.112.138.57:25516 -> 192.168.1.184:30303 [proto: 354/ETHEREUM][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 354/ETHEREUM, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][1 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/false_positives.pcapng.out b/tests/cfgs/default/result/false_positives.pcapng.out index 87894153a..a68907d97 100644 --- a/tests/cfgs/default/result/false_positives.pcapng.out +++ b/tests/cfgs/default/result/false_positives.pcapng.out @@ -19,7 +19,7 @@ Patricia risk mask: 8/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 12/0 (search/found) +Patricia protocols: 11/1 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 6 460 1 @@ -33,7 +33,7 @@ Unrated 6 460 1 2 UDP 10.126.70.67:23784 <-> 10.236.7.225:50160 [VLAN: 107][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][18 pkts/3924 bytes <-> 12 pkts/2616 bytes][Goodput ratio: 79/79][0.34 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/19 20/20 20/20 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 218/218 218/218 218/218 0/0][PLAIN TEXT (UUUUUUUUU)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 10.102.45.249:31046 <-> 10.133.48.100:21176 [VLAN: 10][proto: GTP:87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][22 pkts/2860 bytes <-> 8 pkts/989 bytes][Goodput ratio: 34/30][0.44 sec][bytes ratio: 0.486 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/19 22/19 44/20 15/0][Pkt Len c2s/s2c min/avg/max/stddev: 130/113 130/124 130/130 0/8][Plen Bins: 10,90,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 10.133.32.101:36408 -> 10.110.31.25:1272 [VLAN: 10][proto: GTP:87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][20 pkts/2260 bytes -> 0 pkts/0 bytes][Goodput ratio: 24/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 21/0 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 113/0 113/0 113/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 10.140.231.26:61202 <-> 159.65.12.169:443 [VLAN: 113][proto: GTP:7.251/HTTP.WebSocket][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][2 pkts/557 bytes <-> 2 pkts/416 bytes][Goodput ratio: 58/45][0.20 sec][Hostname/SNI: wludo.superkinglabs.com][URL: wludo.superkinglabs.com:443/ws][StatusCode: 101][Server: nginx/1.12.2][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 200][Risk Info: Empty or missing User-Agent / Expected on port 80 / Obsolete nginx server 1.12.2][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /ws HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 10.140.231.26:61202 <-> 159.65.12.169:443 [VLAN: 113][proto: GTP:7.251/HTTP.WebSocket][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Web/5][2 pkts/557 bytes <-> 2 pkts/416 bytes][Goodput ratio: 58/45][0.20 sec][Hostname/SNI: wludo.superkinglabs.com][URL: wludo.superkinglabs.com:443/ws][StatusCode: 101][Server: nginx/1.12.2][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 200][Risk Info: Empty or missing User-Agent / Expected on port 80 / Obsolete nginx server 1.12.2][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /ws HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index 9bc512536..38697fe5b 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -22,7 +22,7 @@ Patricia risk mask IPv6: 4/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 15/0 (search/found) Patricia protocols: 0/0 (search/found) -Patricia protocols IPv6: 22/8 (search/found) +Patricia protocols IPv6: 18/12 (search/found) ntop 80 36401 4 TLS 26 3245 7 @@ -40,10 +40,10 @@ JA Host Stats: 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Goodput ratio: 74/78][11.12 sec][Hostname/SNI: www.google.it][bytes ratio: -0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 11/2 412/168 6008/1778 1177/366][Pkt Len c2s/s2c min/avg/max/stddev: 99/91 235/284 1412/1412 286/301][QUIC ver: Q025][Idle Timeout: 30][PLAIN TEXT (www.google.it)][Plen Bins: 8,54,0,0,0,1,18,4,0,0,0,0,0,0,0,1,6,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,0,0,0] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][Goodput ratio: 69/91][0.43 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/44 229/290 62/88][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 284/971 919/1514 324/539][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,6,0,0,0,0,6,0,0,0,0,6,0,6,0,0,0,0,0,28,0,0,0] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 26/88][0.17 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/11 64/27 19/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/715 298/1514 67/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Network/14][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 28/88][0.12 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.652 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/9 50/23 16/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/715 298/1514 70/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Network/14][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][Goodput ratio: 28/89][0.17 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/9 63/25 20/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/805 298/2754 70/929][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,16] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 12][cat: Network/14][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][Goodput ratio: 69/91][0.43 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/44 229/290 62/88][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 284/971 919/1514 324/539][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,6,0,0,0,0,6,0,0,0,0,6,0,6,0,0,0,0,0,28,0,0,0] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 12][cat: Network/14][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 26/88][0.17 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/11 64/27 19/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/715 298/1514 67/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 12][cat: Network/14][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 28/88][0.12 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.652 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/9 50/23 16/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/715 298/1514 70/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 10][cat: Network/14][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][Goodput ratio: 28/89][0.17 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/9 63/25 20/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/805 298/2754 70/929][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,16] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: SocialNetwork/6][7 pkts/960 bytes <-> 5 pkts/4227 bytes][Goodput ratio: 36/90][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 8/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/845 310/2942 83/1078][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,20,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][6 pkts/874 bytes <-> 4 pkts/4141 bytes][Goodput ratio: 40/91][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/5 43/8 16/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/1035 310/3633 86/1503][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,25,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][7 pkts/860 bytes <-> 7 pkts/1353 bytes][Goodput ratio: 30/55][0.12 sec][bytes ratio: -0.223 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 30/30 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 123/193 268/592 62/172][Plen Bins: 0,57,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/imaps.pcap.out b/tests/cfgs/default/result/imaps.pcap.out index 000ffad27..566edb5d6 100644 --- a/tests/cfgs/default/result/imaps.pcap.out +++ b/tests/cfgs/default/result/imaps.pcap.out @@ -17,7 +17,7 @@ Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 4/0 (search/found) +Patricia protocols: 3/1 (search/found) Patricia protocols IPv6: 0/0 (search/found) ntop 20 5196 1 @@ -31,5 +31,5 @@ JA Host Stats: 2 192.168.1.8 1 - 1 TCP 192.168.1.8:50506 <-> 167.99.215.164:993 [proto: 51.26/IMAPS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Email/3][10 pkts/1220 bytes <-> 10 pkts/3976 bytes][Goodput ratio: 45/83][0.33 sec][Hostname/SNI: mail.ntop.org][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/22 77/43 26/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 122/398 293/1506 78/557][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d330700_81acdcf97981_3304d8368043][ServerNames: mail.ntop.org][JA3S: b653c251b0ee54c3088fe7bb997cf59d][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=mail.ntop.org][Certificate SHA-1: F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF][Firefox][Validity: 2020-04-18 00:15:22 - 2020-07-17 00:15:22][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (mail.ntop.org)][Plen Bins: 0,20,10,10,20,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 1 TCP 192.168.1.8:50506 <-> 167.99.215.164:993 [proto: 51.26/IMAPS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 7][cat: Email/3][10 pkts/1220 bytes <-> 10 pkts/3976 bytes][Goodput ratio: 45/83][0.33 sec][Hostname/SNI: mail.ntop.org][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/22 77/43 26/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 122/398 293/1506 78/557][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d330700_81acdcf97981_3304d8368043][ServerNames: mail.ntop.org][JA3S: b653c251b0ee54c3088fe7bb997cf59d][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=mail.ntop.org][Certificate SHA-1: F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF][Firefox][Validity: 2020-04-18 00:15:22 - 2020-07-17 00:15:22][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (mail.ntop.org)][Plen Bins: 0,20,10,10,20,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 2 TCP 192.168.0.1:51529 <-> 10.10.10.1:993 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Email/3][4 pkts/1322 bytes <-> 4 pkts/3056 bytes][Goodput ratio: 78/91][0.22 sec][Hostname/SNI: imap.asia.secureserver.net][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.396 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 46/68 136/135 64/68][Pkt Len c2s/s2c min/avg/max/stddev: 78/74 330/764 583/1454 252/690][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_afa647335257/Unknown][TLSv1.2][JA4: t13d261200_2802a3db6c62_845d286b0d67][JA3S: a9e3ed16ee3208291487c8d2aa2ad924][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (imap.asia.secureserver.net)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] diff --git a/tests/cfgs/default/result/mpeg.pcap.out b/tests/cfgs/default/result/mpeg.pcap.out index cb250f991..4e8671da3 100644 --- a/tests/cfgs/default/result/mpeg.pcap.out +++ b/tests/cfgs/default/result/mpeg.pcap.out @@ -17,11 +17,11 @@ Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 2/0 (search/found) +Patricia protocols: 1/1 (search/found) Patricia protocols IPv6: 0/0 (search/found) ntop 19 10643 1 Safe 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Goodput ratio: 20/93][0.18 sec][Hostname/SNI: luca.ntop.org][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/6 77/41 28/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/68 84/989 214/1502 46/649][URL: luca.ntop.org/0.mp3][StatusCode: 200][Content-Type: audio/mpeg][Server: Apache/2.4.7 (Ubuntu)][User-Agent: Wget/1.16.3 (darwin14.1.0)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /0.mp)][Plen Bins: 0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Media/1][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Goodput ratio: 20/93][0.18 sec][Hostname/SNI: luca.ntop.org][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/6 77/41 28/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/68 84/989 214/1502 46/649][URL: luca.ntop.org/0.mp3][StatusCode: 200][Content-Type: audio/mpeg][Server: Apache/2.4.7 (Ubuntu)][User-Agent: Wget/1.16.3 (darwin14.1.0)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /0.mp)][Plen Bins: 0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0] diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index 418c6209f..05b2d3336 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -18,7 +18,7 @@ Patricia risk mask: 8/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 19/2 (search/found) +Patricia protocols: 16/5 (search/found) Patricia protocols IPv6: 0/0 (search/found) OpenVPN 691 131184 9 @@ -26,11 +26,11 @@ NordVPN 15 7962 1 Acceptable 706 139146 10 - 1 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: VPN/2][62 pkts/11508 bytes <-> 58 pkts/16664 bytes][Goodput ratio: 77/85][19.24 sec][bytes ratio: -0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/106 3994/2456 764/365][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 186/287 1214/1287 193/325][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][PLAIN TEXT (160727093158Z)][Plen Bins: 0,33,19,9,29,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 3][cat: VPN/2][62 pkts/11508 bytes <-> 58 pkts/16664 bytes][Goodput ratio: 77/85][19.24 sec][bytes ratio: -0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/106 3994/2456 764/365][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 186/287 1214/1287 193/325][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][PLAIN TEXT (160727093158Z)][Plen Bins: 0,33,19,9,29,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0] 2 TCP 10.181.235.122:39772 <-> 10.251.71.30:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][100 pkts/13594 bytes <-> 95 pkts/13987 bytes][Goodput ratio: 51/55][32.02 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 245/317 3842/9253 675/1172][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/147 472/542 78/90][TCP Fingerprint: 2_64_14600_d227986fac6c/Unknown][PLAIN TEXT (121031022835Z)][Plen Bins: 35,13,1,39,1,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 3.111.166.78:51146 <-> 85.134.13.165:1194 [proto: 159/OpenVPN][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 2][cat: VPN/2][51 pkts/7057 bytes <-> 49 pkts/8409 bytes][Goodput ratio: 70/76][17.72 sec][bytes ratio: -0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 343/338 4127/4124 897/934][Pkt Len c2s/s2c min/avg/max/stddev: 60/64 138/172 168/1242 35/312][PLAIN TEXT (New York1)][Plen Bins: 48,4,1,40,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][44 pkts/7514 bytes <-> 51 pkts/7866 bytes][Goodput ratio: 61/57][64.13 sec][bytes ratio: -0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1298/1400 11356/11265 2924/3289][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/154 1514/222 236/63][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][TCP Fingerprint: 2_64_29200_d227986fac6c/Unknown][PLAIN TEXT (160630002150Z)][Plen Bins: 0,39,0,4,51,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] - 5 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][49 pkts/7860 bytes <-> 34 pkts/5699 bytes][Goodput ratio: 74/75][9.11 sec][bytes ratio: 0.159 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/137 3857/2389 691/464][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 160/168 1214/196 192/31][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][PLAIN TEXT (160727093158Z)][Plen Bins: 0,40,14,8,30,2,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: VPN/2][44 pkts/7514 bytes <-> 51 pkts/7866 bytes][Goodput ratio: 61/57][64.13 sec][bytes ratio: -0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1298/1400 11356/11265 2924/3289][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/154 1514/222 236/63][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][TCP Fingerprint: 2_64_29200_d227986fac6c/Unknown][PLAIN TEXT (160630002150Z)][Plen Bins: 0,39,0,4,51,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + 5 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 2][cat: VPN/2][49 pkts/7860 bytes <-> 34 pkts/5699 bytes][Goodput ratio: 74/75][9.11 sec][bytes ratio: 0.159 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/137 3857/2389 691/464][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 160/168 1214/196 192/31][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][PLAIN TEXT (160727093158Z)][Plen Bins: 0,40,14,8,30,2,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 127.0.0.1:36138 <-> 127.0.0.1:443 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: VPN/2][23 pkts/5552 bytes <-> 23 pkts/5854 bytes][Goodput ratio: 77/77][1.55 sec][bytes ratio: -0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 69/85 1049/1050 238/247][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 241/255 1514/1440 378/396][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (Rj.shh)][Plen Bins: 0,5,45,5,0,0,0,0,0,0,0,10,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,10,0,0,0,0,0,0,0,5,0,5,0,0] 7 UDP 192.168.12.156:41133 <-> 107.161.86.131:443 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: VPN/2][21 pkts/3745 bytes <-> 10 pkts/5947 bytes][Goodput ratio: 76/93][1.13 sec][bytes ratio: -0.227 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/68 316/253 83/100][Pkt Len c2s/s2c min/avg/max/stddev: 114/136 178/595 791/1170 150/425][Risk: ** Known Proto on Non Std Port **** Susp Entropy **][Risk Score: 60][Risk Info: Entropy: 5.932 (Executable?) / Expected on port 1194][PLAIN TEXT (qIasglO)][Plen Bins: 0,0,49,16,3,3,0,0,3,0,6,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,6,3,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 192.168.12.156:37383 <-> 217.138.197.43:1234 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 4][cat: VPN/2][7 pkts/1911 bytes <-> 8 pkts/6051 bytes][Goodput ratio: 85/94][0.06 sec][bytes ratio: -0.520 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/8 36/37 14/14][Pkt Len c2s/s2c min/avg/max/stddev: 128/136 273/756 782/1158 228/451][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][Plen Bins: 0,0,13,34,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/portable_executable.pcap.out b/tests/cfgs/default/result/portable_executable.pcap.out index f44d5d9b3..c94ab6a38 100644 --- a/tests/cfgs/default/result/portable_executable.pcap.out +++ b/tests/cfgs/default/result/portable_executable.pcap.out @@ -1,8 +1,8 @@ -Guessed flow protos: 1 +Guessed flow protos: 2 DPI Packets (TCP): 30 (15.00 pkts/flow) -Confidence Unknown : 1 (flows) Confidence Match by port : 1 (flows) +Confidence Match by IP : 1 (flows) Num dissector calls: 481 (240.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) @@ -16,21 +16,18 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 4/0 (search/found) +Patricia protocols: 2/2 (search/found) Patricia protocols IPv6: 0/0 (search/found) -Unknown 15 12160 1 DNS 15 12154 1 +DigitalOcean 15 12160 1 +Safe 15 12160 1 Acceptable 15 12154 1 -Unrated 15 12160 1 - 1 TCP 64.227.107.71:53 <-> 172.16.99.10:49652 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: Network/14][11 pkts/11914 bytes <-> 4 pkts/240 bytes][Goodput ratio: 95/0][0.37 sec][0.0.0.0][bytes ratio: 0.961 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/182 362/364 114/182][Pkt Len c2s/s2c min/avg/max/stddev: 58/60 1083/60 1310/60 481/0][Risk: ** Binary App Transfer **** Susp Entropy **][Risk Score: 160][Risk Info: Portable Executable (PE32/PE32+) found / Entropy: 5.990 (Executable?)][PLAIN TEXT (This program cannot be run in D)][Plen Bins: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] - - -Undetected flows: - 1 TCP 172.16.99.201:1732 <-> 64.227.107.71:4444 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][4 pkts/246 bytes <-> 11 pkts/11914 bytes][Goodput ratio: 0/95][0.73 sec][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 329/0 364/45 398/398 34/125][Pkt Len c2s/s2c min/avg/max/stddev: 60/58 62/1083 66/1310 3/481][Risk: ** Binary App Transfer **** Susp Entropy **][Risk Score: 160][Risk Info: Portable Executable (PE32/PE32+) found / Entropy: 6.154 (Executable?)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (This program cannot be run in D)][Plen Bins: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] + 1 TCP 172.16.99.201:1732 <-> 64.227.107.71:4444 [proto: 442/DigitalOcean][IP: 442/DigitalOcean][Encrypted][Confidence: Match by IP][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 15][cat: Web/5][4 pkts/246 bytes <-> 11 pkts/11914 bytes][Goodput ratio: 0/95][0.73 sec][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 329/0 364/45 398/398 34/125][Pkt Len c2s/s2c min/avg/max/stddev: 60/58 62/1083 66/1310 3/481][Risk: ** Binary App Transfer **** Susp Entropy **][Risk Score: 160][Risk Info: Portable Executable (PE32/PE32+) found / Entropy: 6.154 (Executable?)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (This program cannot be run in D)][Plen Bins: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] + 2 TCP 64.227.107.71:53 <-> 172.16.99.10:49652 [proto: 5/DNS][IP: 442/DigitalOcean][ClearText][Confidence: Match by port][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 15][cat: Network/14][11 pkts/11914 bytes <-> 4 pkts/240 bytes][Goodput ratio: 95/0][0.37 sec][0.0.0.0][bytes ratio: 0.961 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/182 362/364 114/182][Pkt Len c2s/s2c min/avg/max/stddev: 58/60 1083/60 1310/60 481/0][Risk: ** Binary App Transfer **** Susp Entropy **][Risk Score: 160][Risk Info: Portable Executable (PE32/PE32+) found / Entropy: 5.990 (Executable?)][PLAIN TEXT (This program cannot be run in D)][Plen Bins: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_interop_V.pcapng.out b/tests/cfgs/default/result/quic_interop_V.pcapng.out index 2d214f2b7..b4067adcf 100644 --- a/tests/cfgs/default/result/quic_interop_V.pcapng.out +++ b/tests/cfgs/default/result/quic_interop_V.pcapng.out @@ -19,7 +19,7 @@ Patricia risk mask IPv6: 70/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 35/0 (search/found) Patricia protocols: 70/16 (search/found) -Patricia protocols IPv6: 61/9 (search/found) +Patricia protocols IPv6: 58/13 (search/found) ICMP 21 7436 9 ICMPV6 10 10642 5 @@ -63,8 +63,8 @@ Acceptable 246 242924 77 34 ICMP 51.158.105.98:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/1770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.20 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 7.655 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38394 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.14 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 36 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52080 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 37 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51040 <-> [2604:a880:800:a1::1279:3001]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][PLAIN TEXT (bOP/lk)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 38 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53760 <-> [2604:a880:800:a1::1279:3001]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 37 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51040 <-> [2604:a880:800:a1::1279:3001]:4433 [proto: 188/QUIC][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][PLAIN TEXT (bOP/lk)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 38 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53760 <-> [2604:a880:800:a1::1279:3001]:4434 [proto: 188/QUIC][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 39 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:48707 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][QUIC ver: Ver-Negotiation][PLAIN TEXT (BykFtI)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 40 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52271 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 41 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60983 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] @@ -95,8 +95,8 @@ Acceptable 246 242924 77 66 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39624 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 67 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:43645 -> [2001:19f0:4:34::1]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 68 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44243 -> [2001:19f0:4:34::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 69 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56073 -> [2604:a880:800:a1::1279:3001]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 70 ICMPV6 [2604:a880:800:a1::1279:3001]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 69 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56073 -> [2604:a880:800:a1::1279:3001]:443 [proto: 188/QUIC][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 70 ICMPV6 [2604:a880:800:a1::1279:3001]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 71 ICMPV6 [2001:4800:7817:101:be76:4eff:fe04:631d]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 72 ICMP 131.159.24.198:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/1180 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.14 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 7.619 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 73 ICMP 3.121.242.54:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/590 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 7.594 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index 4ebe8abed..ff04600e0 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -145,7 +145,7 @@ Unrated 1848 107192 1844 48 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 442/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 443/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 172.16.0.8:36050 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -218,7 +218,7 @@ Unrated 1848 107192 1844 121 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 122 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 123 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 124 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 442/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 124 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 443/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 125 TCP 172.16.0.8:36051 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 126 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 127 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index 230275d54..095f3cd87 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 82/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 121/47 (search/found) +Patricia protocols: 119/49 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 4 456 1 @@ -93,8 +93,8 @@ JA Host Stats: 37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332][Peer IP/Port: 159.145.24.130:64794][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tunnelbear.pcap.out b/tests/cfgs/default/result/tunnelbear.pcap.out index e05751fdb..86909c84f 100644 --- a/tests/cfgs/default/result/tunnelbear.pcap.out +++ b/tests/cfgs/default/result/tunnelbear.pcap.out @@ -21,7 +21,7 @@ Patricia risk mask: 6/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 25/19 (search/found) +Patricia protocols: 24/20 (search/found) Patricia protocols IPv6: 0/0 (search/found) DNS 5 306 1 @@ -54,7 +54,7 @@ JA Host Stats: 11 TCP 10.8.0.1:60224 <-> 157.240.7.32:443 [proto: 91.157/TLS.FacebookMessenger][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 6][cat: Chat/9][9 pkts/1320 bytes <-> 9 pkts/3943 bytes][Goodput ratio: 62/88][0.75 sec][Hostname/SNI: mqtt-mini.facebook.com][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.498 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 107/92 386/335 131/108][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147/438 575/2814 167/854][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t00d010700_0f2cb44170f4_8e1d4e45f8f1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,12,0,0,0,12,0,12,0,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12] 12 TCP 10.8.0.1:45126 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][16 pkts/3179 bytes <-> 16 pkts/2058 bytes][Goodput ratio: 72/58][0.56 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/29 107/57 34/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 199/129 590/803 207/183][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,24,7,0,7,7,0,0,7,0,7,0,0,0,0,0,24,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 10.8.0.1:47046 <-> 74.125.200.188:5228 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][8 pkts/1433 bytes <-> 7 pkts/1228 bytes][Goodput ratio: 68/69][0.45 sec][Hostname/SNI: mtalk.google.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 50/79 243/193 88/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 179/175 587/583 197/182][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d171200_5b57614c22b0_352634941f3a][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,16,0,0,0,0,0,16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 10.0.2.15:57636 <-> 142.93.78.79:51820 [proto: 206.299/WireGuard.TunnelBear][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][11 pkts/2474 bytes <-> 1 pkts/142 bytes][Goodput ratio: 81/70][0.38 sec][bytes ratio: 0.891 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/0 88/0 27/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/142 225/142 602/142 183/0][Plen Bins: 0,8,42,8,16,0,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 10.0.2.15:57636 <-> 142.93.78.79:51820 [proto: 206.299/WireGuard.TunnelBear][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 2][cat: VPN/2][11 pkts/2474 bytes <-> 1 pkts/142 bytes][Goodput ratio: 81/70][0.38 sec][bytes ratio: 0.891 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/0 88/0 27/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/142 225/142 602/142 183/0][Plen Bins: 0,8,42,8,16,0,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 10.8.0.1:33846 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][10 pkts/1298 bytes <-> 9 pkts/642 bytes][Goodput ratio: 57/24][0.37 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.338 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/58 339/331 111/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 130/71 571/210 150/49][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,34,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP 10.8.0.1:45124 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][9 pkts/1244 bytes <-> 8 pkts/588 bytes][Goodput ratio: 59/26][0.42 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.358 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 53/90 192/193 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138/74 571/210 162/52][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 10.158.132.91:38398 -> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 5][cat: VPN/2][5 pkts/1821 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][0.46 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][Safari][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out index 4d17a2ac8..c03648637 100644 --- a/tests/cfgs/default/result/zoom.pcap.out +++ b/tests/cfgs/default/result/zoom.pcap.out @@ -22,7 +22,7 @@ Patricia risk mask: 38/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 53/15 (search/found) +Patricia protocols: 52/16 (search/found) Patricia protocols IPv6: 0/0 (search/found) DNS 2 205 1 @@ -59,7 +59,7 @@ JA Host Stats: 9 TCP 192.168.1.117:54870 <-> 213.244.140.84:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 11][cat: Video/26][16 pkts/1832 bytes <-> 12 pkts/6702 bytes][Goodput ratio: 44/88][0.38 sec][Hostname/SNI: zoomfr84zc.zoom.us][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/40 187/280 49/91][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 114/558 583/1506 129/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d930700_72a4e8475a2e_4446390ac224][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,0,8,8,8,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,25,0,0] 10 TCP 192.168.1.117:54864 <-> 52.202.62.238:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 10][cat: Video/26][10 pkts/2030 bytes <-> 8 pkts/6283 bytes][Goodput ratio: 72/93][0.47 sec][Hostname/SNI: log.zoom.us][(Advertised) ALPNs: http/1.1][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 58/40 110/131 50/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 203/785 812/1506 256/675][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d8008ht_9cedc1f1428b_046e095b7c4a][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,33,0,0] 11 TCP 192.168.1.117:53872 <-> 35.186.224.53:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 5][cat: Web/5][8 pkts/2017 bytes <-> 8 pkts/4822 bytes][Goodput ratio: 74/89][0.07 sec][bytes ratio: -0.410 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 58/45 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252/603 1434/1484 447/585][Plen Bins: 0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,25,0,0,0] - 12 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d800700_64d9932cae36_4446390ac224][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 12 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d800700_64d9932cae36_4446390ac224][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 13 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91.239/TLS.GoogleServices, Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.46 sec][Hostname/SNI: www.googletagmanager.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TLSv1][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP 192.168.1.117:53867 <-> 104.199.65.42:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][4 pkts/710 bytes <-> 2 pkts/242 bytes][Goodput ratio: 63/45][0.09 sec][bytes ratio: 0.492 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/64 31/64 32/64 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/121 178/121 329/121 115/0][Plen Bins: 0,50,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.1.117:61731 <-> 109.94.160.99:8801 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DPI][DPI packets: 5][cat: Video/26][4 pkts/372 bytes <-> 4 pkts/290 bytes][Goodput ratio: 55/39][0.11 sec][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/35 28/27 49/47 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 93/72 151/93 40/14][PLAIN TEXT (replace)][Plen Bins: 50,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/fpc_disabled/result/teams.pcap.out b/tests/cfgs/fpc_disabled/result/teams.pcap.out index 6caa04b99..5ede6dbe7 100644 --- a/tests/cfgs/fpc_disabled/result/teams.pcap.out +++ b/tests/cfgs/fpc_disabled/result/teams.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 82/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 121/47 (search/found) +Patricia protocols: 119/49 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 4 456 1 @@ -93,8 +93,8 @@ JA Host Stats: 37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332][Peer IP/Port: 159.145.24.130:64794][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/monitoring/result/teams.pcap.out b/tests/cfgs/monitoring/result/teams.pcap.out index 0ffc86830..4d49d0a78 100644 --- a/tests/cfgs/monitoring/result/teams.pcap.out +++ b/tests/cfgs/monitoring/result/teams.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 82/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 121/47 (search/found) +Patricia protocols: 119/49 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 4 456 1 @@ -93,8 +93,8 @@ JA Host Stats: 37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333, 52.114.250.137:3480][Peer IP/Port: 18.140.192.228:28678, 45.143.25.227:20229, 201.221.32.65:43863][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332, 52.114.250.141:3480][Peer IP/Port: 159.145.24.130:64794, 253.62.53.33:40885, 22.64.154.119:29899][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out b/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out index 7553b4fb5..3e4823208 100644 --- a/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out +++ b/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 82/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 121/47 (search/found) +Patricia protocols: 119/49 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 4 456 1 @@ -93,8 +93,8 @@ JA Host Stats: 37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out b/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out index fd5824a3d..788b4b6c8 100644 --- a/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out +++ b/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out @@ -22,7 +22,7 @@ Patricia risk mask: 38/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 53/15 (search/found) +Patricia protocols: 52/16 (search/found) Patricia protocols IPv6: 0/0 (search/found) DNS 2 205 1 @@ -59,7 +59,7 @@ JA Host Stats: 9 TCP 192.168.1.117:54870 <-> 213.244.140.84:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 11][cat: Video/26][16 pkts/1832 bytes <-> 12 pkts/6702 bytes][Goodput ratio: 44/88][0.38 sec][Hostname/SNI: zoomfr84zc.zoom.us][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/40 187/280 49/91][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 114/558 583/1506 129/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d930700_72a4e8475a2e_4446390ac224][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,0,8,8,8,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,25,0,0] 10 TCP 192.168.1.117:54864 <-> 52.202.62.238:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 10][cat: Video/26][10 pkts/2030 bytes <-> 8 pkts/6283 bytes][Goodput ratio: 72/93][0.47 sec][Hostname/SNI: log.zoom.us][(Advertised) ALPNs: http/1.1][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 58/40 110/131 50/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 203/785 812/1506 256/675][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d8008ht_9cedc1f1428b_046e095b7c4a][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,33,0,0] 11 TCP 192.168.1.117:53872 <-> 35.186.224.53:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 5][cat: Web/5][8 pkts/2017 bytes <-> 8 pkts/4822 bytes][Goodput ratio: 74/89][0.07 sec][bytes ratio: -0.410 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 58/45 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252/603 1434/1484 447/585][Plen Bins: 0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,25,0,0,0] - 12 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d800700_64d9932cae36_4446390ac224][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 12 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d800700_64d9932cae36_4446390ac224][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 13 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91.239/TLS.GoogleServices, Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.46 sec][Hostname/SNI: www.googletagmanager.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TLSv1][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP 192.168.1.117:53867 <-> 104.199.65.42:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][4 pkts/710 bytes <-> 2 pkts/242 bytes][Goodput ratio: 63/45][0.09 sec][bytes ratio: 0.492 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/64 31/64 32/64 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/121 178/121 329/121 115/0][Plen Bins: 0,50,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.1.117:61731 <-> 109.94.160.99:8801 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DPI][DPI packets: 8][cat: Video/26][4 pkts/372 bytes <-> 4 pkts/290 bytes][Goodput ratio: 55/39][0.11 sec][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/35 28/27 49/47 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 93/72 151/93 40/14][PLAIN TEXT (replace)][Plen Bins: 50,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/utils/digitalocean_ip_addresses_download.sh b/utils/digitalocean_ip_addresses_download.sh new file mode 100755 index 000000000..f96c36d03 --- /dev/null +++ b/utils/digitalocean_ip_addresses_download.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +set -e + +cd "$(dirname "${0}")" || exit 1 +. ./common.sh || exit 1 + +DEST=../src/lib/inc_generated/ndpi_digitalocean_match.c.inc +LIST=/tmp/digitalocean.list +LIST4=/tmp/digitalocean.list_4 +LIST6=/tmp/digitalocean.list_6 +LIST_MERGED=/tmp/digitalocean.list_m +ORIGIN="https://www.digitalocean.com/geo/google.csv" + +echo "(1) Downloading file... ${ORIGIN}" +http_response=$(curl -s -o $LIST -w "%{http_code}" ${ORIGIN}) +check_http_response "${http_response}" +is_file_empty "${LIST}" +grep -v ':' "${LIST}" | cut -f 1 -d ',' > ${LIST4} +grep ':' "${LIST}" | cut -f 1 -d ',' > ${LIST6} + +is_file_empty "${LIST4}" +is_file_empty "${LIST6}" + +echo "(2) Processing IP addresses..." +./ipaddr2list.py ${LIST4} NDPI_PROTOCOL_DIGITALOCEAN ${LIST6} > $DEST +rm -f $LIST4 $LIST6 +is_file_empty "${DEST}" + +echo "(3) Digitalocean IPs are available in $DEST" +exit 0 diff --git a/utils/update_every_lists.sh b/utils/update_every_lists.sh index ad394621d..a02dd0f9f 100755 --- a/utils/update_every_lists.sh +++ b/utils/update_every_lists.sh @@ -34,6 +34,8 @@ RETVAL=$(( RETVAL + $? )) RETVAL=$(( RETVAL + $? )) ./surfshark_ip_addresses_download.sh RETVAL=$(( RETVAL + $? )) +./digitalocean_ip_addresses_download.sh +RETVAL=$(( RETVAL + $? )) ./asn_update.sh RETVAL=$(( RETVAL + $? )) |