fix msn dissector - add pcap for test

1 files changed, 12 insertions, 14 deletions

diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c
index 204e2bfe6..2f5b6c468 100644
--- a/src/lib/protocols/msn.c
+++ b/src/lib/protocols/msn.c
@@ -448,22 +448,20 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
   }
   NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "msn 7.\n");
   
-  if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) {
-    if (packet->tcp->source == htons(443) || packet->tcp->dest == htons(443)) {
-      if (packet->payload_packet_len > 300) {
-	
-	if (memcmp(&packet->payload[40], "INVITE MSNMSGR", 14) == 0
-	    || memcmp(&packet->payload[56], "INVITE MSNMSGR", 14) == 0
-	    || memcmp(&packet->payload[172], "INVITE MSNMSGR", 14) == 0) {
-	  ndpi_int_msn_add_connection(ndpi_struct, flow);
-
-	  NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 3\n");
-	  return;
-	}
-      }
+  if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) {	
+    if (memcmp(&packet->payload[0], "MSG ", 4) == 0
+	|| memcmp(&packet->payload[0], "PNG", 3) == 0
+	|| memcmp(&packet->payload[0], "QNG ", 4) == 0
+	|| memcmp(&packet->payload[0], "OUT", 3) == 0
+	|| memcmp(&packet->payload[0], "RNG ", 4) == 0
+	|| memcmp(&packet->payload[0], "NLN ", 4) == 0
+	|| memcmp(&packet->payload[0], "UBX ", 4) == 0
+	|| memcmp(&packet->payload[0], "XFR ", 4) == 0) {
+      ndpi_int_msn_add_connection(ndpi_struct, flow);
+      
+      NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN detected\n");
       return;
     }
-    /* For non port 443 flows exclude flow bitmask after first packet itself */
   }
   NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN tcp excluded.\n");
  ndpi_msn_exclude: