aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--example/ndpi_util.c139
-rw-r--r--src/include/ndpi_typedefs.h1
-rw-r--r--src/lib/ndpi_main.c41
-rw-r--r--src/lib/protocols/http.c45
-rw-r--r--tests/result/1kxun.pcap.out5
-rw-r--r--tests/result/KakaoTalk_talk.pcap.out6
-rw-r--r--tests/result/Oscar.pcap.out4
-rw-r--r--tests/result/ocs.pcap.out10
-rw-r--r--tests/result/openvpn.pcap.out5
-rw-r--r--tests/result/skype.pcap.out42
-rw-r--r--tests/result/skype_no_unknown.pcap.out30
-rw-r--r--tests/result/starcraft_battle.pcap.out4
-rw-r--r--tests/result/viber_mobile.pcap.out2
-rw-r--r--tests/result/whatsapp_voice_and_message.pcap.out6
14 files changed, 183 insertions, 157 deletions
diff --git a/example/ndpi_util.c b/example/ndpi_util.c
index fe0a18680..be421cf12 100644
--- a/example/ndpi_util.c
+++ b/example/ndpi_util.c
@@ -445,97 +445,104 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow,
struct ndpi_ipv6hdr *iph6,
u_int16_t ip_offset,
u_int16_t ipsize, u_int16_t rawsize) {
- struct ndpi_id_struct *src, *dst;
- struct ndpi_flow_info *flow = NULL;
- struct ndpi_flow_struct *ndpi_flow = NULL;
- u_int8_t proto;
- struct ndpi_tcphdr *tcph = NULL;
- struct ndpi_udphdr *udph = NULL;
- u_int16_t sport, dport, payload_len;
- u_int8_t *payload;
- u_int8_t src_to_dst_direction= 1;
-
- if(iph)
- flow = get_ndpi_flow_info(workflow, 4, vlan_id, iph, NULL,
- ip_offset, ipsize,
- ntohs(iph->tot_len) - (iph->ihl * 4),
- &tcph, &udph, &sport, &dport,
- &src, &dst, &proto,
- &payload, &payload_len, &src_to_dst_direction);
- else
- flow = get_ndpi_flow_info6(workflow, vlan_id, iph6, ip_offset,
- &tcph, &udph, &sport, &dport,
- &src, &dst, &proto,
- &payload, &payload_len, &src_to_dst_direction);
-
- if(flow != NULL) {
- workflow->stats.ip_packet_count++;
- workflow->stats.total_wire_bytes += rawsize + 24 /* CRC etc */, workflow->stats.total_ip_bytes += rawsize;
- ndpi_flow = flow->ndpi_flow;
- flow->packets++, flow->bytes += rawsize;
- flow->last_seen = time;
- } else {
- return(0);
- }
-
- /* Protocol already detected */
- if(flow->detection_completed) return(0);
+ struct ndpi_id_struct *src, *dst;
+ struct ndpi_flow_info *flow = NULL;
+ struct ndpi_flow_struct *ndpi_flow = NULL;
+ u_int8_t proto;
+ struct ndpi_tcphdr *tcph = NULL;
+ struct ndpi_udphdr *udph = NULL;
+ u_int16_t sport, dport, payload_len;
+ u_int8_t *payload;
+ u_int8_t src_to_dst_direction= 1;
+
+ if(iph)
+ flow = get_ndpi_flow_info(workflow, 4, vlan_id, iph, NULL,
+ ip_offset, ipsize,
+ ntohs(iph->tot_len) - (iph->ihl * 4),
+ &tcph, &udph, &sport, &dport,
+ &src, &dst, &proto,
+ &payload, &payload_len, &src_to_dst_direction);
+ else
+ flow = get_ndpi_flow_info6(workflow, vlan_id, iph6, ip_offset,
+ &tcph, &udph, &sport, &dport,
+ &src, &dst, &proto,
+ &payload, &payload_len, &src_to_dst_direction);
+
+ if(flow != NULL) {
+ workflow->stats.ip_packet_count++;
+ workflow->stats.total_wire_bytes += rawsize + 24 /* CRC etc */,
+ workflow->stats.total_ip_bytes += rawsize;
+ ndpi_flow = flow->ndpi_flow;
+ flow->packets++, flow->bytes += rawsize;
+ flow->last_seen = time;
+ } else {
+ return(0);
+ }
- flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow,
- iph ? (uint8_t *)iph : (uint8_t *)iph6,
- ipsize, time, src, dst);
+ /* Protocol already detected */
+ if(flow->detection_completed) return(0);
- if((flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN)
- || ((proto == IPPROTO_UDP) && (flow->packets > 8))
- || ((proto == IPPROTO_TCP) && (flow->packets > 10))) {
- /* New protocol detected or give up */
- flow->detection_completed = 1;
+ flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow,
+ iph ? (uint8_t *)iph : (uint8_t *)iph6,
+ ipsize, time, src, dst);
- if((flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) && (ndpi_flow->num_stun_udp_pkts > 0))
- ndpi_set_detected_protocol(workflow->ndpi_struct, ndpi_flow, NDPI_PROTOCOL_STUN, NDPI_PROTOCOL_UNKNOWN);
+ if((flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN)
+ || ((proto == IPPROTO_UDP) && (flow->packets > 8))
+ || ((proto == IPPROTO_TCP) && (flow->packets > 10))) {
+ /* New protocol detected or give up */
+ flow->detection_completed = 1;
+ }
- snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name);
+ if(flow->detection_completed) {
+ if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN)
+ flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct,
+ flow->ndpi_flow);
+ }
+
+ snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s",
+ flow->ndpi_flow->host_server_name);
if(flow->detected_protocol.protocol == NDPI_PROTOCOL_BITTORRENT) {
- int i, j, n = 0;
+ int i, j, n = 0;
- for(i=0, j = 0; i<20; i++) {
- sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]);
- j += 2, n += flow->ndpi_flow->bittorent_hash[i];
- }
+ for(i=0, j = 0; i<20; i++) {
+ sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]);
+ j += 2, n += flow->ndpi_flow->bittorent_hash[i];
+ }
- if(n == 0) flow->bittorent_hash[0] = '\0';
+ if(n == 0) flow->bittorent_hash[0] = '\0';
}
if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) {
- snprintf(flow->ssl.client_certificate, sizeof(flow->ssl.client_certificate), "%s", flow->ndpi_flow->protos.ssl.client_certificate);
- snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", flow->ndpi_flow->protos.ssl.server_certificate);
+ snprintf(flow->ssl.client_certificate, sizeof(flow->ssl.client_certificate), "%s",
+ flow->ndpi_flow->protos.ssl.client_certificate);
+ snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s",
+ flow->ndpi_flow->protos.ssl.server_certificate);
}
- if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) {
- flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow);
+ if(flow->detection_completed) {
+ if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) {
+ if (workflow->__flow_giveup_callback != NULL)
+ workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata);
+ } else {
+ if (workflow->__flow_detected_callback != NULL)
+ workflow->__flow_detected_callback(workflow, flow, workflow->__flow_detected_udata);
+ }
- if (workflow->__flow_giveup_callback != NULL)
- workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata);
- } else {
- if (workflow->__flow_detected_callback != NULL)
- workflow->__flow_detected_callback(workflow, flow, workflow->__flow_detected_udata);
+ ndpi_free_flow_info_half(flow);
}
- ndpi_free_flow_info_half(flow);
- }
-
- return 0;
+ return 0;
}
/* ****************************************************** */
+
void ndpi_workflow_process_packet (struct ndpi_workflow * workflow,
const struct pcap_pkthdr *header,
const u_char *packet) {
/*
* Declare pointers to packet headers
*/
-
/* --- Ethernet header --- */
const struct ndpi_ethhdr *ethernet;
/* --- LLC header --- */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 094558548..8d799a6c1 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -781,7 +781,6 @@ typedef struct ndpi_proto {
#define NDPI_PROTOCOL_NULL { NDPI_PROTOCOL_UNKNOWN , NDPI_PROTOCOL_UNKNOWN }
struct ndpi_detection_module_struct {
-
NDPI_PROTOCOL_BITMASK detection_bitmask;
NDPI_PROTOCOL_BITMASK generic_http_packet_bitmask;
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 7dd3b04a1..dd1c7bc3d 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3215,7 +3215,8 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct,
func = ndpi_struct->proto_defaults[flow->guessed_protocol_id].func;
}
- if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
+ && (flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)) {
for(a = 0; a < ndpi_struct->callback_buffer_size_tcp_payload; a++) {
if((func != ndpi_struct->callback_buffer_tcp_payload[a].func)
&& (ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask
@@ -3408,22 +3409,27 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
/* TODO: add the remaining stage_XXXX protocols */
if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
- if(flow->http_detected)
- ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_UNKNOWN);
- else if((flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) {
- if(flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)
- ndpi_int_change_protocol(ndpi_struct, flow, flow->guessed_protocol_id, NDPI_PROTOCOL_SSL);
- else
- ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN);
- } else {
- flow->detected_protocol_stack[1] = flow->guessed_protocol_id, flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id;
-
+ if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)
+ && (flow->packet.l4_protocol == IPPROTO_TCP)
+ && (flow->l4.tcp.ssl_stage > 1))
+ flow->guessed_protocol_id = NDPI_PROTOCOL_SSL;
+
+ ndpi_int_change_protocol(ndpi_struct, flow,
+ flow->guessed_host_protocol_id,
+ flow->guessed_protocol_id);
+ } else {
+ flow->detected_protocol_stack[1] = flow->guessed_protocol_id,
+ flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id;
+
if(flow->detected_protocol_stack[1] == flow->detected_protocol_stack[0])
- flow->detected_protocol_stack[1] = NDPI_PROTOCOL_UNKNOWN;
- }
+ flow->detected_protocol_stack[1] = flow->guessed_host_protocol_id;
}
+
+ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && (flow->num_stun_udp_pkts > 0))
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id);
ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0];
+
return(ret);
}
@@ -3525,6 +3531,15 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
if(user_defined_proto && (flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)) {
ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.protocol = flow->guessed_protocol_id;
return(ret);
+ } else {
+ /*
+ TODO
+ The statement below at some point should be modified as we should not
+ guess the protocol id unless users requested us to do that. Probably
+ we need to modify the nDPI API as since we introduced ndpi_detection_giveup()
+ we need to make some changes to have a consistent behaviour
+ */
+ // flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN;
}
if(flow->packet.iph) {
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index c93e525bf..dc17921bd 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -33,7 +33,7 @@ static u_int16_t iqiyi_counter;
static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int32_t protocol) {
-
+
if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
/* This is HTTP and it is not a sub protocol (e.g. skype or dropbox) */
@@ -105,7 +105,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str
for reference see http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/directx9_c/directx/htm/avirifffilereference.asp
**/
if(packet->empty_line_position_set != 0) {
-
+
u_int32_t p = packet->empty_line_position + 2;
// check for avi header
@@ -169,10 +169,13 @@ static void setHttpUserAgent(struct ndpi_flow_struct *flow, char *ua) {
}
static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
-
if((flow->l4.tcp.http_stage == 0) || (flow->http.url && flow->http_detected)) {
+ char *double_col = strchr((char*)flow->host_server_name, ':');
+
+ if(double_col) double_col[0] = '\0';
+
/**
- NOTE
+ NOTE
If http_dont_dissect_response = 1 dissection of HTTP response
mime types won't happen
*/
@@ -188,11 +191,11 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc
*/
static void check_content_type_and_change_protocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
-
+
struct ndpi_packet_struct *packet = &flow->packet;
u_int8_t a;
-
+
#ifdef NDPI_PROTOCOL_PPSTREAM
/* PPStream */
if(flow->l4.tcp.ppstream_stage > 0 && iqiyi_counter == 0) {
@@ -205,16 +208,14 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
}
#endif
-
#ifdef NDPI_SERVICE_1KXUN
/* 1KXUN */
- if( kxun_counter > 0) {
+ if(kxun_counter > 0) {
NDPI_LOG(NDPI_SERVICE_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n");
ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_SERVICE_1KXUN);
}
#endif
-
if(!ndpi_struct->http_dont_dissect_response) {
if((flow->http.url == NULL)
&& (packet->http_url_name.len > 0)
@@ -381,6 +382,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
if(!ndpi_struct->http_dont_dissect_response && flow->http_detected)
parseHttpSubprotocol(ndpi_struct, flow);
+ flow->guessed_protocol_id = NDPI_PROTOCOL_HTTP;
+
/* check for accept line */
if(packet->accept_line.ptr != NULL) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Accept Line found %.*s\n",
@@ -451,9 +454,9 @@ static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *nd
packet->payload_packet_len);
/**
- FIRST PAYLOAD PACKET FROM CLIENT
+ FIRST PAYLOAD PACKET FROM CLIENT
**/
-
+
/* check if the packet starts with POST or GET */
if(packet->payload_packet_len >= 4 && memcmp(packet->payload, "GET ", 4) == 0) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: GET FOUND\n");
@@ -813,7 +816,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
x++;
}
- /* check PPStream protocol or iQiyi service
+ /* check PPStream protocol or iQiyi service
(iqiyi is deliverd by ppstream) */
// substring in url
if(strstr((const char*) &packet->payload[filename_start], "iqiyi.com") != NULL) {
@@ -837,7 +840,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
}
x++;
}
-
+
/* Check for 1kxun packet */
int a;
for (a = 0; a < packet->parsed_lines; a++) {
@@ -849,7 +852,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
}
}
}
-
+
if((packet->http_url_name.len > 7)
&& (!strncmp((const char*) packet->http_url_name.ptr, "http://", 7))) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_PROXY Found.\n");
@@ -884,27 +887,27 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
"HTTP START Found, we will look further for the response...\n");
flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2
}
-
+
check_content_type_and_change_protocol(ndpi_struct, flow);
-
+
return;
}
}
-
+
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n");
http_bitmask_exclude(flow);
} else if((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n",
flow->l4.tcp.http_stage);
-
+
/**
At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return,
otherwise check the second packet for the http request . */
if((flow->l4.tcp.http_stage - packet->packet_direction) == 1) {
-
+
if(flow->http_detected)
return;
-
+
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG,
" SECOND PAYLOAD TRAFFIC FROM CLIENT, FIRST PACKET MIGHT HAVE BEEN HTTP...UNKNOWN TRAFFIC, HERE FOR HTTP again.. \n");
@@ -942,7 +945,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
/**
This is a packet in another direction. Check if we find the proper response.
- We have received a response for a previously identified partial HTTP request
+ We have received a response for a previously identified partial HTTP request
*/
if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) {
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out
index 99d49ca08..9b9c87039 100644
--- a/tests/result/1kxun.pcap.out
+++ b/tests/result/1kxun.pcap.out
@@ -10,9 +10,10 @@ QQ 28 5216 2
SSL 105 21914 7
DHCPV6 10 980 3
Facebook 19 6840 2
+HTTP_Proxy 33 11721 1
LLMNR 89 6799 47
Lync 2 132 1
-1kxun 967 535718 28
+1kxun 934 523997 27
1 TCP 192.168.5.16:53406 <-> 119.235.235.84:443 [proto: 91/SSL][23 pkts/7434 bytes]
2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 218/1kxun][419 pkts/183693 bytes][Host: 183.131.48.144]
@@ -58,7 +59,7 @@ Lync 2 132 1
42 UDP 8.8.8.8:53 <-> 192.168.115.8:60724 [proto: 5.218/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com]
43 UDP [fe80::edf5:240a:c8c0:8312]:5355 <-> [ff02::1:3]:61603 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c]
44 UDP 192.168.5.49:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes]
- 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 218/1kxun][33 pkts/11721 bytes][Host: 42.120.51.152:8080]
+ 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 131/HTTP_Proxy][33 pkts/11721 bytes]
46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 218/1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com]
47 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:51451 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機]
48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.218/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com]
diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out
index 7a942006f..78caf7ba6 100644
--- a/tests/result/KakaoTalk_talk.pcap.out
+++ b/tests/result/KakaoTalk_talk.pcap.out
@@ -1,12 +1,12 @@
Unknown 4 396 1
HTTP 5 280 1
QQ 15 1727 1
-SSL_No_Cert 74 14132 2
+SSL_No_Cert 29 4024 1
RTP 2991 398751 2
SSL 8 1378 3
Facebook 2 197 1
Google 4 359 4
-HTTP_Proxy 16 1838 2
+HTTP_Proxy 61 11946 3
Tor 40 10538 1
KakaoTalk_Voice 44 6196 2
@@ -17,7 +17,7 @@ KakaoTalk_Voice 44 6196 2
5 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91/SSL][2 pkts/124 bytes]
6 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes]
7 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes]
- 8 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes]
+ 8 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 131/HTTP_Proxy][45 pkts/10108 bytes]
9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes]
10 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes]
11 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes]
diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out
index 1f9e194a9..f1c89cf0c 100644
--- a/tests/result/Oscar.pcap.out
+++ b/tests/result/Oscar.pcap.out
@@ -1,3 +1,3 @@
-Oscar 71 9386 1
+SSL 71 9386 1
- 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 69/Oscar][71 pkts/9386 bytes]
+ 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/SSL][71 pkts/9386 bytes]
diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out
index e65f45829..63711194d 100644
--- a/tests/result/ocs.pcap.out
+++ b/tests/result/ocs.pcap.out
@@ -1,13 +1,13 @@
Unknown 8 480 2
DNS 3 214 3
HTTP 13 1019 2
-SSL 45 5771 3
-Google 14 2349 3
+SSL 32 4323 2
+Google 27 3797 4
OCS 863 57552 7
1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.204/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr]
2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.204/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws]
- 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91/SSL][13 pkts/1448 bytes]
+ 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes]
4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.204/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws]
5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][SSL client: settings.crashlytics.com]
6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com]
@@ -17,12 +17,12 @@ OCS 863 57552 7
10 UDP 192.168.180.2:3621 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com]
11 UDP 192.168.180.2:11793 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes][Host: play.googleapis.com]
12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.204/SSL.OCS][20 pkts/6089 bytes][SSL client: ocs.labgency.ws]
- 13 TCP 192.168.180.2:53356 <-> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes]
+ 13 TCP 192.168.180.2:53356 <-> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes][Host: api.eu01.capptain.com]
14 UDP 192.168.180.2:24245 <-> 8.8.8.8:53 [proto: 5.204/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr]
15 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.204/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws]
16 UDP 192.168.180.2:40097 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com]
17 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][SSL client: mtalk.google.com]
- 18 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes]
+ 18 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes][Host: api.eu01.capptain.com]
Undetected flows:
diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out
index 81d959dc1..561f3b468 100644
--- a/tests/result/openvpn.pcap.out
+++ b/tests/result/openvpn.pcap.out
@@ -1,5 +1,6 @@
-OpenVPN 298 57111 3
+SSL 95 15380 1
+OpenVPN 203 41731 2
1 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][83 pkts/13559 bytes]
2 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][120 pkts/28172 bytes]
- 3 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][95 pkts/15380 bytes]
+ 3 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 91/SSL][95 pkts/15380 bytes]
diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out
index 316399879..b541ff88a 100644
--- a/tests/result/skype.pcap.out
+++ b/tests/result/skype.pcap.out
@@ -40,13 +40,13 @@ MS_OneDrive 387 198090 1
25 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][19 pkts/1510 bytes]
26 UDP 157.56.52.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes]
27 TCP 76.167.161.6:20274 <-> 192.168.1.34:50135 [proto: 125/Skype][14 pkts/1108 bytes]
- 28 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 125/Skype][15 pkts/1262 bytes]
- 29 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 125/Skype][15 pkts/1345 bytes]
- 30 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 125/Skype][15 pkts/1265 bytes]
- 31 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 125/Skype][15 pkts/1484 bytes]
- 32 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 125/Skype][15 pkts/1324 bytes]
- 33 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 125/Skype][15 pkts/1534 bytes]
- 34 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 125/Skype][15 pkts/1306 bytes]
+ 28 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][15 pkts/1262 bytes]
+ 29 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][15 pkts/1345 bytes]
+ 30 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][15 pkts/1265 bytes]
+ 31 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][15 pkts/1484 bytes]
+ 32 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][15 pkts/1324 bytes]
+ 33 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1534 bytes]
+ 34 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][15 pkts/1306 bytes]
35 UDP 192.168.1.34:13021 <-> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes]
36 UDP 157.56.52.28:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/78 bytes]
37 UDP 157.56.52.15:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes]
@@ -140,8 +140,8 @@ MS_OneDrive 387 198090 1
125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes]
126 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes]
- 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 125/Skype][13 pkts/1287 bytes]
- 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 125/Skype][12 pkts/1107 bytes]
+ 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes]
+ 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes]
130 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes]
131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes]
132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes]
@@ -171,15 +171,15 @@ MS_OneDrive 387 198090 1
156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes]
157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes]
158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.207/SSL.MS_OneDrive][387 pkts/198090 bytes][SSL server: *.gateway.messenger.live.com]
- 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 125/Skype][14 pkts/1328 bytes]
- 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 125/Skype][15 pkts/1569 bytes]
- 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 125/Skype][15 pkts/1411 bytes]
- 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 125/Skype][15 pkts/1351 bytes]
- 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 125/Skype][15 pkts/1349 bytes]
- 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 125/Skype][15 pkts/1401 bytes]
- 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 125/Skype][15 pkts/1513 bytes]
- 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 125/Skype][16 pkts/1754 bytes]
- 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 125/Skype][15 pkts/1590 bytes]
+ 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes]
+ 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes]
+ 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes]
+ 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes]
+ 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes]
+ 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes]
+ 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes]
+ 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes]
+ 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes]
168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes]
169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes]
170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes]
@@ -281,12 +281,12 @@ MS_OneDrive 387 198090 1
266 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes]
268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes]
- 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 125/Skype][20 pkts/1516 bytes]
+ 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes]
270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes]
271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes]
272 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes]
- 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 125/Skype][14 pkts/1208 bytes]
- 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 125/Skype][13 pkts/1109 bytes]
+ 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes]
+ 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes]
275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes]
276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes]
277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes]
diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out
index b3be14eb1..28203afdf 100644
--- a/tests/result/skype_no_unknown.pcap.out
+++ b/tests/result/skype_no_unknown.pcap.out
@@ -31,11 +31,11 @@ MS_OneDrive 348 181687 1
18 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][17 pkts/1369 bytes]
19 UDP 157.56.52.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
20 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][14 pkts/1134 bytes]
- 21 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 125/Skype][17 pkts/1712 bytes]
- 22 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 125/Skype][14 pkts/1428 bytes]
- 23 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 125/Skype][15 pkts/1514 bytes]
- 24 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 125/Skype][15 pkts/1520 bytes]
- 25 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 125/Skype][15 pkts/1415 bytes]
+ 21 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][17 pkts/1712 bytes]
+ 22 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1428 bytes]
+ 23 TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][15 pkts/1514 bytes]
+ 24 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][15 pkts/1520 bytes]
+ 25 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][15 pkts/1415 bytes]
26 UDP 192.168.1.34:13021 <-> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes]
27 UDP 157.56.52.27:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/72 bytes]
28 UDP 157.56.52.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
@@ -120,12 +120,12 @@ MS_OneDrive 348 181687 1
107 UDP 65.55.223.18:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
108 UDP 65.55.223.27:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes]
109 UDP 65.55.223.24:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
- 110 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 125/Skype][6 pkts/377 bytes]
- 111 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 125/Skype][10 pkts/599 bytes]
+ 110 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][6 pkts/377 bytes]
+ 111 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][10 pkts/599 bytes]
112 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes]
113 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
114 TCP 192.168.1.34:51222 <-> 108.160.163.108:443 [proto: 91.121/SSL.Dropbox][8 pkts/2990 bytes]
- 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 125/Skype][14 pkts/1253 bytes]
+ 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes]
116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes]
117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes]
118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes]
@@ -152,10 +152,10 @@ MS_OneDrive 348 181687 1
139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes]
140 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes]
141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.207/SSL.MS_OneDrive][348 pkts/181687 bytes][SSL server: *.gateway.messenger.live.com]
- 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes]
- 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 125/Skype][15 pkts/1584 bytes]
- 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 125/Skype][15 pkts/1569 bytes]
- 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 125/Skype][15 pkts/1380 bytes]
+ 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 91.125/SSL.Skype][13 pkts/1157 bytes]
+ 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes]
+ 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes]
+ 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes]
146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes]
147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes]
148 UDP 157.56.52.19:40020 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes]
@@ -260,9 +260,9 @@ MS_OneDrive 348 181687 1
247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes]
248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes]
249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes]
- 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 125/Skype][14 pkts/1373 bytes]
- 251 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes]
- 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 125/Skype][14 pkts/1363 bytes]
+ 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes]
+ 251 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 91.125/SSL.Skype][14 pkts/1203 bytes]
+ 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes]
253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes]
diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out
index f4a0cf12e..d99a70d00 100644
--- a/tests/result/starcraft_battle.pcap.out
+++ b/tests/result/starcraft_battle.pcap.out
@@ -27,7 +27,7 @@ Github 3 234 1
14 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][2 pkts/121 bytes]
15 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25105 bytes][Host: bnetcmsus-a.akamaihd.net]
16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
- 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes]
+ 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net]
18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes]
19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
@@ -55,7 +55,7 @@ Github 3 234 1
42 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][41 pkts/37433 bytes][Host: bnetcmsus-a.akamaihd.net]
43 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
44 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
- 45 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes]
+ 45 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net]
46 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
47 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
48 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out
index c6a525cd6..ca38a7815 100644
--- a/tests/result/viber_mobile.pcap.out
+++ b/tests/result/viber_mobile.pcap.out
@@ -42,7 +42,7 @@ Viber 10081 1413446 4
28 UDP 8.8.8.8:53 <-> 192.168.200.222:55854 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn]
29 UDP 8.8.8.8:53 <-> 192.168.200.222:58434 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com]
30 UDP 2.85.108.0:21241 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
- 31 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][9 pkts/2188 bytes]
+ 31 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com]
32 UDP 8.8.8.8:53 <-> 192.168.200.222:60474 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com]
33 UDP 24.43.1.206:17193 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][8 pkts/1992 bytes]
34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/148 bytes]
diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out
index 76fad5ebd..b11413687 100644
--- a/tests/result/whatsapp_voice_and_message.pcap.out
+++ b/tests/result/whatsapp_voice_and_message.pcap.out
@@ -1,11 +1,11 @@
-STUN 19 2536 3
-Facebook 25 3380 5
+STUN 10 1352 2
+Facebook 34 4564 6
WhatsApp 217 22139 5
1 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes]
2 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes]
3 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes]
- 4 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78/STUN][9 pkts/1184 bytes]
+ 4 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][9 pkts/1184 bytes]
5 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes]
6 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes]
7 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][62 pkts/5609 bytes]
Powered by cgit, Themed by Ted Yin.