aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md6
-rw-r--r--example/coap.pcapbin13039 -> 0 bytes
-rw-r--r--example/exec.log1579
-rw-r--r--example/ndpiReader.c46
-rw-r--r--src/include/ndpi_api.h527
-rw-r--r--src/include/ndpi_define.h1
-rw-r--r--src/include/ndpi_protocol_ids.h30
-rw-r--r--src/include/ndpi_protocols.h1
-rw-r--r--src/include/ndpi_typedefs.h22
-rw-r--r--src/lib/Makefile.am4
-rw-r--r--src/lib/ndpi_content_match.c.inc289
-rw-r--r--src/lib/ndpi_main.c282
-rw-r--r--src/lib/protocols/bittorrent.c243
-rw-r--r--src/lib/protocols/dhcp.c30
-rw-r--r--src/lib/protocols/dns.c61
-rw-r--r--src/lib/protocols/http.c29
-rw-r--r--src/lib/protocols/sip.c10
-rw-r--r--src/lib/protocols/socks4.c96
-rw-r--r--src/lib/protocols/socks45.c155
-rw-r--r--src/lib/protocols/socks5.c92
-rw-r--r--src/lib/protocols/ssl.c42
-rw-r--r--src/lib/protocols/stun.c16
-rw-r--r--src/lib/protocols/tcp_udp.c10
-rw-r--r--src/lib/protocols/tor.c2
-rw-r--r--src/lib/protocols/veohtv.c130
-rw-r--r--tests/pcap/Viber_session.pcapbin0 -> 498341 bytes
-rw-r--r--tests/pcap/bittorrent.pcapbin0 -> 310536 bytes
-rw-r--r--tests/pcap/bittorrent_utp.pcapbin0 -> 42889 bytes
-rw-r--r--tests/pcap/viber_mobile.pcapbin0 -> 1699769 bytes
-rw-r--r--tests/result/KakaoTalk_chat.pcap.out10
-rw-r--r--tests/result/KakaoTalk_talk.pcap.out8
-rw-r--r--tests/result/Viber_session.pcap.out51
-rw-r--r--tests/result/bittorrent.pcap.out26
-rw-r--r--tests/result/bittorrent_utp.pcap.out3
-rw-r--r--tests/result/mpeg.pcap.out4
-rw-r--r--tests/result/ocs.pcap.out20
-rw-r--r--tests/result/skype.pcap.out405
-rw-r--r--tests/result/skype_no_unknown.pcap.out380
-rw-r--r--tests/result/starcraft_battle.pcap.out11
-rw-r--r--tests/result/viber_mobile.pcap.out96
-rw-r--r--tests/result/waze.pcap.out4
-rw-r--r--tests/result/whatsapp_login_call.pcap.out115
42 files changed, 1803 insertions, 3033 deletions
diff --git a/README.md b/README.md
index 4061e3231..0542ff474 100644
--- a/README.md
+++ b/README.md
@@ -41,12 +41,6 @@ If you want to distribute a source tar file of nDPI do:
- make dist
-
-### Acknowledgements
-
-Many thanks to <A HREF=http://www.radcom.com>Radcom</A> Ltd for supporting the development of nDPI.
-
-
[ntopng_logo]: https://camo.githubusercontent.com/0f789abcef232035c05e0d2e82afa3cc3be46485/687474703a2f2f7777772e6e746f702e6f72672f77702d636f6e74656e742f75706c6f6164732f323031312f30382f6e746f706e672d69636f6e2d313530783135302e706e67
[ntop_logo]: https://camo.githubusercontent.com/58e2a1ecfff62d8ecc9d74633bd1013f26e06cba/687474703a2f2f7777772e6e746f702e6f72672f77702d636f6e74656e742f75706c6f6164732f323031352f30352f6e746f702e706e67
diff --git a/example/coap.pcap b/example/coap.pcap
deleted file mode 100644
index b24eeb68a..000000000
--- a/example/coap.pcap
+++ /dev/null
Binary files differ
diff --git a/example/exec.log b/example/exec.log
deleted file mode 100644
index c1df4875f..000000000
--- a/example/exec.log
+++ /dev/null
@@ -1,1579 +0,0 @@
-
------------------------------------------------------------
-* NOTE: This is demo app to show *some* nDPI features.
-* In this demo we have implemented only some basic features
-* just to show you what you can do with the library. Feel
-* free to extend it and send us the patches for inclusion
-------------------------------------------------------------
-
-Using nDPI (1.7.1-dev-282-278a067) [1 thread(s)]
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size is 135
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 0 as entry 0
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 1 as entry 1
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 2 as entry 2
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 5 as entry 3
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 6 as entry 4
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 7 as entry 5
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 8 as entry 6
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 10 as entry 7
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 10 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 11 as entry 8
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 12 as entry 9
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 13 as entry 10
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 14 as entry 11
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 15 as entry 12
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 16 as entry 13
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 16 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 17 as entry 14
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 18 as entry 15
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 19 as entry 16
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 20 as entry 17
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 21 as entry 18
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 21 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 22 as entry 19
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 23 as entry 20
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 24 as entry 21
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 25 as entry 22
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 26 as entry 23
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 27 as entry 24
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 29 as entry 25
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 30 as entry 26
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 31 as entry 27
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 32 as entry 28
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 33 as entry 29
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 34 as entry 30
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 38 as entry 31
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 40 as entry 32
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 42 as entry 33
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 43 as entry 34
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 44 as entry 35
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 44 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 46 as entry 36
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 47 as entry 37
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 47 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 49 as entry 38
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 50 as entry 39
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 51 as entry 40
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 52 as entry 41
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 54 as entry 42
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 56 as entry 43
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 57 as entry 44
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 58 as entry 45
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 59 as entry 46
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 62 as entry 47
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 65 as entry 48
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 66 as entry 49
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 67 as entry 50
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 68 as entry 51
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 69 as entry 52
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 70 as entry 53
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 71 as entry 54
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 72 as entry 55
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 73 as entry 56
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 75 as entry 57
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 76 as entry 58
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 77 as entry 59
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 78 as entry 60
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 80 as entry 61
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 81 as entry 62
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 82 as entry 63
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 84 as entry 64
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 85 as entry 65
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 86 as entry 66
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 87 as entry 67
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 88 as entry 68
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 89 as entry 69
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 90 as entry 70
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 91 as entry 71
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 92 as entry 72
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 93 as entry 73
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 96 as entry 74
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 98 as entry 75
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 99 as entry 76
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 101 as entry 77
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 104 as entry 78
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 105 as entry 79
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 106 as entry 80
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 107 as entry 81
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 108 as entry 82
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 110 as entry 83
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 111 as entry 84
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 112 as entry 85
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 113 as entry 86
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 114 as entry 87
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 115 as entry 88
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 116 as entry 89
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 117 as entry 90
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 118 as entry 91
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 118 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 119 as entry 92
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 120 as entry 93
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 120 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 122 as entry 94
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 124 as entry 95
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 125 as entry 96
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 125 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 126 as entry 97
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 126 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 133 as entry 98
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_payload, adding buffer 134 as entry 99
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_tcp_no_payload, additional adding buffer 134 to no_payload process
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 1 as entry 0
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 3 as entry 1
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 4 as entry 2
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 5 as entry 3
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 7 as entry 4
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 8 as entry 5
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 9 as entry 6
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 10 as entry 7
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 12 as entry 8
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 14 as entry 9
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 15 as entry 10
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 16 as entry 11
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 17 as entry 12
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 21 as entry 13
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 26 as entry 14
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 28 as entry 15
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 29 as entry 16
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 31 as entry 17
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 32 as entry 18
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 33 as entry 19
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 34 as entry 20
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 35 as entry 21
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 36 as entry 22
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 37 as entry 23
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 38 as entry 24
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 39 as entry 25
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 41 as entry 26
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 42 as entry 27
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 44 as entry 28
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 45 as entry 29
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 46 as entry 30
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 47 as entry 31
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 48 as entry 32
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 53 as entry 33
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 54 as entry 34
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 55 as entry 35
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 60 as entry 36
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 61 as entry 37
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 62 as entry 38
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 63 as entry 39
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 64 as entry 40
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 67 as entry 41
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 70 as entry 42
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 73 as entry 43
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 74 as entry 44
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 75 as entry 45
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 76 as entry 46
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 77 as entry 47
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 78 as entry 48
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 79 as entry 49
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 83 as entry 50
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 86 as entry 51
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 87 as entry 52
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 92 as entry 53
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 94 as entry 54
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 95 as entry 55
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 96 as entry 56
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 97 as entry 57
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 100 as entry 58
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 102 as entry 59
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 103 as entry 60
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 104 as entry 61
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 105 as entry 62
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 106 as entry 63
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 107 as entry 64
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 108 as entry 65
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 109 as entry 66
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 112 as entry 67
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 120 as entry 68
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 121 as entry 69
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 123 as entry 70
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 126 as entry 71
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 127 as entry 72
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 128 as entry 73
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 129 as entry 74
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 130 as entry 75
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 131 as entry 76
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 132 as entry 77
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 133 as entry 78
-08/Feb/2016 22:56:52 DEBUG: callback_buffer_size_udp: adding buffer : 134 as entry 79
-Reading packets from pcap file ../../coap.pcap...
-Running thread 0...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: C¡Ó [len: 93]
-08/Feb/2016 22:56:52 DEBUG: Starcraft protocol detection...
-08/Feb/2016 22:56:52 DEBUG: Starcraft excluded
-08/Feb/2016 22:56:52 DEBUG: search stun.
-08/Feb/2016 22:56:52 DEBUG: exclude rtp.
-08/Feb/2016 22:56:52 TRACE: RTSP detection...
-08/Feb/2016 22:56:52 DEBUG: maybe handshake 1; need next packet, return.
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: need next packet.
-08/Feb/2016 22:56:52 DEBUG: searching for HEP.
-08/Feb/2016 22:56:52 DEBUG: exclude HEP.
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: excluded at stage 0
-08/Feb/2016 22:56:52 DEBUG: search yahoo
-08/Feb/2016 22:56:52 TRACE: JABBER detection....
-08/Feb/2016 22:56:52 DEBUG: packet_counter: 1
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: exclude vmware.
-08/Feb/2016 22:56:52 DEBUG: UDP FOUND
-08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 93
-08/Feb/2016 22:56:52 DEBUG: search tvants.
-08/Feb/2016 22:56:52 DEBUG: exclude tvants.
-08/Feb/2016 22:56:52 DEBUG: search sopcast.
-08/Feb/2016 22:56:52 DEBUG: exclude sopcast.
-08/Feb/2016 22:56:52 DEBUG: search tvuplayer.
-08/Feb/2016 22:56:52 DEBUG: exclude tvuplayer.
-08/Feb/2016 22:56:52 DEBUG: exclude ppstream.
-08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: exclude MGCP.
-08/Feb/2016 22:56:52 DEBUG: ZATTOO: discarded the flow (UDP): packet_size: 93; Flowstage: 0
-08/Feb/2016 22:56:52 DEBUG: exclude zattoo.
-08/Feb/2016 22:56:52 DEBUG: search qq udp.
-08/Feb/2016 22:56:52 DEBUG: QQ excluded
-08/Feb/2016 22:56:52 DEBUG: excluding thunder udp at stage 0
-08/Feb/2016 22:56:52 TRACE: TEAMWIEWER detection...
-08/Feb/2016 22:56:52 DEBUG: search socrates.
-08/Feb/2016 22:56:52 DEBUG: exclude socrates.
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: NTP excluded.
-08/Feb/2016 22:56:52 DEBUG: NFS user match stage 1
-08/Feb/2016 22:56:52 DEBUG: NFS user match stage 2
-08/Feb/2016 22:56:52 DEBUG: search ssdp.
-08/Feb/2016 22:56:52 DEBUG: ssdp excluded.
-08/Feb/2016 22:56:52 DEBUG: Quake excluded.
-08/Feb/2016 22:56:52 DEBUG: SNMP excluded.
-08/Feb/2016 22:56:52 DEBUG: search syslog
-08/Feb/2016 22:56:52 DEBUG: no syslog detected.
-08/Feb/2016 22:56:52 DEBUG: netbios udp start
-08/Feb/2016 22:56:52 DEBUG: exclude netbios
-08/Feb/2016 22:56:52 DEBUG: MDNS udp start
-08/Feb/2016 22:56:52 DEBUG: search ipp
-08/Feb/2016 22:56:52 DEBUG: searching for a payload with a pattern like 'number(1to8)blanknumber(1to3)ipp://.
-08/Feb/2016 22:56:52 DEBUG: payload does not begin with a number.
-08/Feb/2016 22:56:52 DEBUG: no ipp detected.
-08/Feb/2016 22:56:52 DEBUG: search ldap
-08/Feb/2016 22:56:52 DEBUG: ldap excluded.
-08/Feb/2016 22:56:52 DEBUG: search WARCRAFT3
-08/Feb/2016 22:56:52 DEBUG: no warcraft3 detected.
-08/Feb/2016 22:56:52 DEBUG: search xdmcp.
-08/Feb/2016 22:56:52 DEBUG: exclude xdmcp.
-08/Feb/2016 22:56:52 DEBUG: search TFTP.
-08/Feb/2016 22:56:52 DEBUG: exclude TFTP.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 50
-08/Feb/2016 22:56:52 DEBUG: search aimini.
-08/Feb/2016 22:56:52 DEBUG: exclude aimini.
-08/Feb/2016 22:56:52 DEBUG: search florensia.
-08/Feb/2016 22:56:52 DEBUG: exclude florensia.
-08/Feb/2016 22:56:52 DEBUG: search crossfire.
-08/Feb/2016 22:56:52 DEBUG: exclude crossfire.
-08/Feb/2016 22:56:52 DEBUG: search armagetron.
-08/Feb/2016 22:56:52 DEBUG: exclude armagetron.
-08/Feb/2016 22:56:52 DEBUG: dropbox detection...
-08/Feb/2016 22:56:52 DEBUG: exclude dropbox.
-08/Feb/2016 22:56:52 DEBUG: spotify detection...
-08/Feb/2016 22:56:52 DEBUG: exclude spotify.
-08/Feb/2016 22:56:52 DEBUG: radius detection...
-08/Feb/2016 22:56:52 DEBUG: gtp detection...
-08/Feb/2016 22:56:52 DEBUG: netflow detection...
-08/Feb/2016 22:56:52 DEBUG: sflow detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: search CISCOVPN.
-08/Feb/2016 22:56:52 DEBUG: calculated CISCOVPN over udp ports.
-08/Feb/2016 22:56:52 DEBUG: exclude CISCOVPN.
-08/Feb/2016 22:56:52 DEBUG: TEAMSPEAK excluded.
-08/Feb/2016 22:56:52 DEBUG: search for VIBER.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: exclude VIBER.
-08/Feb/2016 22:56:52 DEBUG: search for RTCP.
-08/Feb/2016 22:56:52 DEBUG: exclude RTCP.
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: search for MEGACO.
-08/Feb/2016 22:56:52 DEBUG: exclude MEGACO.
-08/Feb/2016 22:56:52 TRACE: VHUA detection...
-08/Feb/2016 22:56:52 TRACE: TELEGRAM detection...
-08/Feb/2016 22:56:52 DEBUG: calculating quic over udp.
-08/Feb/2016 22:56:52 DEBUG: exclude quic.
-08/Feb/2016 22:56:52 DEBUG: Exclude eaq.
-08/Feb/2016 22:56:52 DEBUG: Exclude kakaotalk_voice.
-08/Feb/2016 22:56:52 DEBUG: search for MPEGTS.
-08/Feb/2016 22:56:52 DEBUG: Excluded MPEGTS.
-08/Feb/2016 22:56:52 TRACE: UBNTAC2 detection... plen:93 62202:5683
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: C¡Ó [len: 93]
-08/Feb/2016 22:56:52 DEBUG: skype detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: HTTP detection...
-08/Feb/2016 22:56:52 DEBUG: HTTP stage 0:
-08/Feb/2016 22:56:52 DEBUG: ====>>>> HTTP: 2T08/Feb/2016 22:56:52 DEBUG: Filename HTTP not found, we look for possible truncate flow...
-08/Feb/2016 22:56:52 DEBUG: Exclude HTTP
-08/Feb/2016 22:56:52 DEBUG: Starcraft protocol detection...
-08/Feb/2016 22:56:52 DEBUG: Starcraft excluded
-08/Feb/2016 22:56:52 DEBUG: search ssl
-08/Feb/2016 22:56:52 DEBUG: first ssl packet
-08/Feb/2016 22:56:52 DEBUG: exclude ssl
-08/Feb/2016 22:56:52 TRACE: RTSP detection...
-08/Feb/2016 22:56:52 DEBUG: maybe handshake 1; need next packet, return.
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: exclude sip.
-08/Feb/2016 22:56:52 DEBUG: searching for HEP.
-08/Feb/2016 22:56:52 DEBUG: exclude HEP.
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 TRACE: fasttrack/kazaa excluded.
-08/Feb/2016 22:56:52 TRACE: MSN tcp detection...
-08/Feb/2016 22:56:52 DEBUG: msn 7.
-08/Feb/2016 22:56:52 TRACE: MSN tcp excluded.
-08/Feb/2016 22:56:52 DEBUG: search yahoo
-08/Feb/2016 22:56:52 DEBUG: OSCAR :: TCP
-08/Feb/2016 22:56:52 DEBUG: search applejuice.
-08/Feb/2016 22:56:52 DEBUG: exclude applejuice.
-08/Feb/2016 22:56:52 DEBUG: Soulseek: search soulseec tcp
-08/Feb/2016 22:56:52 DEBUG: irc : search irc
-08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
-08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 TRACE: JABBER detection....
-08/Feb/2016 22:56:52 DEBUG: packet_counter: 1
-08/Feb/2016 22:56:52 DEBUG: search mail_pop
-08/Feb/2016 22:56:52 DEBUG: exclude mail_pop
-08/Feb/2016 22:56:52 DEBUG: search IMAP.
-08/Feb/2016 22:56:52 DEBUG: exclude IMAP.
-08/Feb/2016 22:56:52 DEBUG: search mail_smtp.
-08/Feb/2016 22:56:52 DEBUG: exclude smtp
-08/Feb/2016 22:56:52 DEBUG: USENET: search usenet.
-08/Feb/2016 22:56:52 DEBUG: USENET: STAGE IS 0.
-08/Feb/2016 22:56:52 DEBUG: USENET: exclude usenet.
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 86
-08/Feb/2016 22:56:52 DEBUG: search tvants.
-08/Feb/2016 22:56:52 DEBUG: exclude tvants.
-08/Feb/2016 22:56:52 DEBUG: exclude sopcast TCP.
-08/Feb/2016 22:56:52 DEBUG: search tvuplayer.
-08/Feb/2016 22:56:52 DEBUG: exclude tvuplayer.
-08/Feb/2016 22:56:52 DEBUG: exclude ppstream.
-08/Feb/2016 22:56:52 DEBUG: ZATTOO: discarted the flow (TCP): packet_size: 86; Flowstage: 0
-08/Feb/2016 22:56:52 DEBUG: exclude zattoo.
-08/Feb/2016 22:56:52 DEBUG: excluding ssh at stage 0
-08/Feb/2016 22:56:52 DEBUG: excluding thunder tcp at stage 0
-08/Feb/2016 22:56:52 TRACE: TEAMWIEWER detection...
-08/Feb/2016 22:56:52 DEBUG: search socrates.
-08/Feb/2016 22:56:52 DEBUG: exclude socrates.
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: exclude activesync
-08/Feb/2016 22:56:52 DEBUG: search SMB.
-08/Feb/2016 22:56:52 DEBUG: exclude SMB.
-08/Feb/2016 22:56:52 DEBUG: search telnet.
-08/Feb/2016 22:56:52 DEBUG: NFS user match stage 1
-08/Feb/2016 22:56:52 DEBUG: Search World of Warcraft.
-08/Feb/2016 22:56:52 DEBUG: search icecast.
-08/Feb/2016 22:56:52 DEBUG: Icecast excluded.
-08/Feb/2016 22:56:52 DEBUG: search shoutcast.
-08/Feb/2016 22:56:52 DEBUG: Shoutcast excluded.
-08/Feb/2016 22:56:52 DEBUG: no KERBEROS detected.
-08/Feb/2016 22:56:52 DEBUG: search syslog
-08/Feb/2016 22:56:52 DEBUG: no syslog detected.
-08/Feb/2016 22:56:52 DEBUG: DDL: Packet too small.
-08/Feb/2016 22:56:52 DEBUG: Nothing Found
-08/Feb/2016 22:56:52 DEBUG: netbios tcp start
-08/Feb/2016 22:56:52 DEBUG: exclude netbios
-08/Feb/2016 22:56:52 DEBUG: search ipp
-08/Feb/2016 22:56:52 DEBUG: searching for a payload with a pattern like 'number(1to8)blanknumber(1to3)ipp://.
-08/Feb/2016 22:56:52 DEBUG: read symbols while the symbol is a number.
-08/Feb/2016 22:56:52 DEBUG: there is no blank following the number.
-08/Feb/2016 22:56:52 DEBUG: no ipp detected.
-08/Feb/2016 22:56:52 DEBUG: search ldap
-08/Feb/2016 22:56:52 DEBUG: ldap excluded.
-08/Feb/2016 22:56:52 DEBUG: search WARCRAFT3
-08/Feb/2016 22:56:52 DEBUG: no warcraft3 detected.
-08/Feb/2016 22:56:52 DEBUG: search xdmcp.
-08/Feb/2016 22:56:52 DEBUG: exclude xdmcp.
-08/Feb/2016 22:56:52 DEBUG: search mssql.
-08/Feb/2016 22:56:52 DEBUG: exclude mssql.
-08/Feb/2016 22:56:52 DEBUG: exclude pptp.
-08/Feb/2016 22:56:52 DEBUG: exclude stealthnet.
-08/Feb/2016 22:56:52 DEBUG: search meebo.
-08/Feb/2016 22:56:52 DEBUG: flash not yet excluded. need next packet.
-08/Feb/2016 22:56:52 DEBUG: AFP excluded.
-08/Feb/2016 22:56:52 DEBUG: search aimini.
-08/Feb/2016 22:56:52 DEBUG: exclude aimini.
-08/Feb/2016 22:56:52 DEBUG: search florensia.
-08/Feb/2016 22:56:52 DEBUG: exclude florensia.
-08/Feb/2016 22:56:52 DEBUG: exclude maplestory.
-08/Feb/2016 22:56:52 DEBUG: exclude dofus.
-08/Feb/2016 22:56:52 DEBUG: search world_of_kung_fu.
-08/Feb/2016 22:56:52 DEBUG: exclude world_of_kung_fu.
-08/Feb/2016 22:56:52 DEBUG: search fiesta.
-08/Feb/2016 22:56:52 DEBUG: exclude fiesta.
-08/Feb/2016 22:56:52 DEBUG: search crossfire.
-08/Feb/2016 22:56:52 DEBUG: exclude crossfire.
-08/Feb/2016 22:56:52 DEBUG: search guildwars.
-08/Feb/2016 22:56:52 DEBUG: exclude guildwars.
-08/Feb/2016 22:56:52 DEBUG: spotify detection...
-08/Feb/2016 22:56:52 DEBUG: exclude spotify.
-08/Feb/2016 22:56:52 DEBUG: citrix detection...
-08/Feb/2016 22:56:52 DEBUG: lotus_notes detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: exclude NOE.
-08/Feb/2016 22:56:52 DEBUG: search CISCOVPN.
-08/Feb/2016 22:56:52 DEBUG: calculated CISCOVPN over tcp ports.
-08/Feb/2016 22:56:52 DEBUG: exclude CISCOVPN.
-08/Feb/2016 22:56:52 DEBUG: TEAMSPEAK excluded.
-08/Feb/2016 22:56:52 DEBUG: search for TOR.
-08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
-08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RTCP.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
-08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
-08/Feb/2016 22:56:52 TRACE: WHOIS Excluded.
-08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
-08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for CORBA.
-08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
-08/Feb/2016 22:56:52 DEBUG: RTMP detection...
-08/Feb/2016 22:56:52 DEBUG: RTMP stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_DATA detection...
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: Redis detection...
-08/Feb/2016 22:56:52 TRACE: ZMQ detection...
-08/Feb/2016 22:56:52 TRACE: TELEGRAM detection...
-08/Feb/2016 22:56:52 DEBUG: skype detection...
-08/Feb/2016 22:56:52 DEBUG: stage 0 has no direct detection, fall through
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: cD¡Ó [len: 19]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 0
-08/Feb/2016 22:56:52 DEBUG: search stun.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 2
-08/Feb/2016 22:56:52 TRACE: RTSP detection...
-08/Feb/2016 22:56:52 DEBUG: didn't find handshake, exclude.
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: need next packet.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 5
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 6
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 8
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 9
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 10
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 11
-08/Feb/2016 22:56:52 TRACE: JABBER detection....
-08/Feb/2016 22:56:52 DEBUG: packet_counter: 2
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 15
-08/Feb/2016 22:56:52 DEBUG: UDP FOUND
-08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 19
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 17
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 18
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 19
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 20
-08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 22
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 23
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 24
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 25
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 26
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 27
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 28
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 29
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 30
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 32
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 33
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 34
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 35
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 36
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 37
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 38
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 39
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 40
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 41
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 42
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 43
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 44
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 45
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 46
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 47
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 48
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 49
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 50
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 51
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 52
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 53
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 54
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 55
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 56
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 57
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 58
-08/Feb/2016 22:56:52 DEBUG: netflow detection...
-08/Feb/2016 22:56:52 DEBUG: sflow detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 62
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 64
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 65
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 66
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 67
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 69
-08/Feb/2016 22:56:52 TRACE: VHUA detection...
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 71
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 72
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 73
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 74
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 75
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 76
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: cD¡Ó [len: 19]
-08/Feb/2016 22:56:52 DEBUG: skype detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 TRACE: RTSP detection...
-08/Feb/2016 22:56:52 DEBUG: didn't find handshake, exclude.
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: OSCAR :: TCP
-08/Feb/2016 22:56:52 DEBUG: irc : search irc
-08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
-08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 TRACE: JABBER detection....
-08/Feb/2016 22:56:52 DEBUG: packet_counter: 2
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 4
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: search telnet.
-08/Feb/2016 22:56:52 DEBUG: search meebo.
-08/Feb/2016 22:56:52 DEBUG: flash not yet excluded. need next packet.
-08/Feb/2016 22:56:52 DEBUG: citrix detection...
-08/Feb/2016 22:56:52 DEBUG: lotus_notes detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for TOR.
-08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
-08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RTCP.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
-08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
-08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for CORBA.
-08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
-08/Feb/2016 22:56:52 DEBUG: RTMP detection...
-08/Feb/2016 22:56:52 DEBUG: RTMP stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: Redis detection...
-08/Feb/2016 22:56:52 DEBUG: Exclude Redis.
-08/Feb/2016 22:56:52 TRACE: ZMQ detection...
-08/Feb/2016 22:56:52 DEBUG: skype detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 TRACE: JABBER detection....
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: irc : search irc
-08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
-08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 TRACE: JABBER detection....
-08/Feb/2016 22:56:52 TRACE: JABBER Excluded.
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 60
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: search telnet.
-08/Feb/2016 22:56:52 DEBUG: search meebo.
-08/Feb/2016 22:56:52 DEBUG: flash not yet excluded. need next packet.
-08/Feb/2016 22:56:52 DEBUG: citrix detection...
-08/Feb/2016 22:56:52 DEBUG: lotus_notes detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for TOR.
-08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
-08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RTCP.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
-08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
-08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for CORBA.
-08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
-08/Feb/2016 22:56:52 DEBUG: RTMP detection...
-08/Feb/2016 22:56:52 DEBUG: RTMP stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 TRACE: ZMQ detection...
-08/Feb/2016 22:56:52 DEBUG: skype detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: irc : search irc
-08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
-08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 4
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: search telnet.
-08/Feb/2016 22:56:52 DEBUG: search meebo.
-08/Feb/2016 22:56:52 DEBUG: flash not yet excluded. need next packet.
-08/Feb/2016 22:56:52 DEBUG: citrix detection...
-08/Feb/2016 22:56:52 DEBUG: lotus_notes detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for TOR.
-08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
-08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RTCP.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
-08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
-08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for CORBA.
-08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
-08/Feb/2016 22:56:52 DEBUG: RTMP detection...
-08/Feb/2016 22:56:52 DEBUG: RTMP stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 TRACE: ZMQ detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: B¡Ô [len: 155]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 0
-08/Feb/2016 22:56:52 DEBUG: search stun.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 2
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 3
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: need next packet.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 5
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 6
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 8
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 9
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 10
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 11
-08/Feb/2016 22:56:52 TRACE: JABBER detection....
-08/Feb/2016 22:56:52 TRACE: JABBER Excluded.
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 15
-08/Feb/2016 22:56:52 DEBUG: UDP FOUND
-08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 155
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 17
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 18
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 19
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 20
-08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 22
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 23
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 24
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 25
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 26
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 27
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 28
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 29
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 30
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 32
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 33
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 34
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 35
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 36
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 37
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 38
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 39
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 40
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 41
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 42
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 43
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 44
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 45
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 46
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 47
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 48
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 49
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 50
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 51
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 52
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 53
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 54
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 55
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 56
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 57
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 58
-08/Feb/2016 22:56:52 DEBUG: netflow detection...
-08/Feb/2016 22:56:52 DEBUG: sflow detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 62
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 64
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 65
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 66
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 67
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 69
-08/Feb/2016 22:56:52 TRACE: VHUA detection...
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 71
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 72
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 73
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 74
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 75
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 76
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: B¡Ô [len: 155]
-08/Feb/2016 22:56:52 DEBUG: skype detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: irc : search irc
-08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
-08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: TCP FOUND :: Payload 150
-08/Feb/2016 22:56:52 DEBUG: iMesh excluded at stage 0
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: search telnet.
-08/Feb/2016 22:56:52 DEBUG: search meebo.
-08/Feb/2016 22:56:52 DEBUG: exclude meebo.
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for TOR.
-08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
-08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RTCP.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
-08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
-08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for CORBA.
-08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
-08/Feb/2016 22:56:52 DEBUG: RTMP detection...
-08/Feb/2016 22:56:52 DEBUG: RTMP stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 TRACE: ZMQ detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: bD¡Ô [len: 18]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 0
-08/Feb/2016 22:56:52 DEBUG: search stun.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 2
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 3
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: need next packet.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 5
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 6
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 8
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 9
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 10
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 11
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 13
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 15
-08/Feb/2016 22:56:52 DEBUG: UDP FOUND
-08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 18
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 17
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 18
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 19
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 20
-08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 22
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 23
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 24
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 25
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 26
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 27
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 28
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 29
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 30
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 32
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 33
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 34
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 35
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 36
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 37
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 38
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 39
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 40
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 41
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 42
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 43
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 44
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 45
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 46
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 47
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 48
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 49
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 50
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 51
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 52
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 53
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 54
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 55
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 56
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 57
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 58
-08/Feb/2016 22:56:52 DEBUG: netflow detection...
-08/Feb/2016 22:56:52 DEBUG: sflow detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 62
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 64
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 65
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 66
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 67
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 69
-08/Feb/2016 22:56:52 TRACE: VHUA detection...
-08/Feb/2016 22:56:52 TRACE: Exclude VHUA.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 71
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 72
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 73
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 74
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 75
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 76
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: bD¡Ô [len: 18]
-08/Feb/2016 22:56:52 DEBUG: skype detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: irc : search irc
-08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
-08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: search telnet.
-08/Feb/2016 22:56:52 DEBUG: telnet excluded.
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for TOR.
-08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
-08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RTCP.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
-08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
-08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for CORBA.
-08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
-08/Feb/2016 22:56:52 DEBUG: RTMP detection...
-08/Feb/2016 22:56:52 DEBUG: RTMP stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 TRACE: ZMQ detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-
-
-WARNING: only IPv4/IPv6 packets are supported in this demo (nDPI supports both IPv4 and IPv6), all other packets will be discarded
-
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: D¡Õ [len: 94]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 0
-08/Feb/2016 22:56:52 DEBUG: search stun.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 2
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 3
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: need next packet.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 5
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 6
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 8
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 9
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 10
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 11
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 13
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 15
-08/Feb/2016 22:56:52 DEBUG: UDP FOUND
-08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 94
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 17
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 18
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 19
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 20
-08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 22
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 23
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 24
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 25
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 26
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 27
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 28
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 29
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 30
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 32
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 33
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 34
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 35
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 36
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 37
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 38
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 39
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 40
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 41
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 42
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 43
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 44
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 45
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 46
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 47
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 48
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 49
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 50
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 51
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 52
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 53
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 54
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 55
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 56
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 57
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 58
-08/Feb/2016 22:56:52 DEBUG: netflow detection...
-08/Feb/2016 22:56:52 DEBUG: sflow detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 62
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 64
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 65
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 66
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 67
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 69
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 70
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 71
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 72
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 73
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 74
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 75
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 76
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: D¡Õ [len: 94]
-08/Feb/2016 22:56:52 DEBUG: skype detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: irc : search irc
-08/Feb/2016 22:56:52 DEBUG: called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast
-08/Feb/2016 22:56:52 DEBUG: detected_irc:08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for TOR.
-08/Feb/2016 22:56:52 DEBUG: calculating TOR over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for SKINNY.
-08/Feb/2016 22:56:52 DEBUG: calculating SKINNY over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RTCP.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for RSYNC.
-08/Feb/2016 22:56:52 DEBUG: calculating RSYNC over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for ORACLE.
-08/Feb/2016 22:56:52 DEBUG: calculating ORACLE over tcp.
-08/Feb/2016 22:56:52 DEBUG: search for CORBA.
-08/Feb/2016 22:56:52 DEBUG: calculating CORBA over tcp.
-08/Feb/2016 22:56:52 DEBUG: RTMP detection...
-08/Feb/2016 22:56:52 DEBUG: RTMP stage 0:
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL detection...
-08/Feb/2016 22:56:52 DEBUG: FTP_CONTROL stage 0:
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 TRACE: ZMQ detection...
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: dD¡Õ [len: 20]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 0
-08/Feb/2016 22:56:52 DEBUG: search stun.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 2
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 3
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: need next packet.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 5
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 6
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 8
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 9
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 10
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 11
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 13
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 15
-08/Feb/2016 22:56:52 DEBUG: UDP FOUND
-08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 20
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 17
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 18
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 19
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 20
-08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 22
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 23
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 24
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 25
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 26
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 27
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 28
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 29
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 30
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 32
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 33
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 34
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 35
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 36
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 37
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 38
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 39
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 40
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 41
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 42
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 43
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 44
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 45
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 46
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 47
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 48
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 49
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 50
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 51
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 52
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 53
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 54
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 55
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 56
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 57
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 58
-08/Feb/2016 22:56:52 DEBUG: netflow detection...
-08/Feb/2016 22:56:52 DEBUG: sflow detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 62
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 64
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 65
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 66
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 67
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 69
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 70
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 71
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 72
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 73
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 74
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 75
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 76
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: dD¡Õ [len: 20]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 78
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: G¡Ö [len: 160]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 0
-08/Feb/2016 22:56:52 DEBUG: search stun.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 2
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 3
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: need next packet.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 5
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 6
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 8
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 9
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 10
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 11
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 13
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 15
-08/Feb/2016 22:56:52 DEBUG: UDP FOUND
-08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 160
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 17
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 18
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 19
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 20
-08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 22
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 23
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 24
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 25
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 26
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 27
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 28
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 29
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 30
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 32
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 33
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 34
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 35
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 36
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 37
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 38
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 39
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 40
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 41
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 42
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 43
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 44
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 45
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 46
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 47
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 48
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 49
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 50
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 51
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 52
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 53
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 54
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 55
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 56
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 57
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 58
-08/Feb/2016 22:56:52 DEBUG: netflow detection...
-08/Feb/2016 22:56:52 DEBUG: sflow detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 62
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 64
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 65
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 66
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 67
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 69
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 70
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 71
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 72
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 73
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 74
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 75
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 76
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: G¡Ö [len: 160]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 78
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: gD¡Ö [len: 23]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 0
-08/Feb/2016 22:56:52 DEBUG: search stun.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 2
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 3
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: need next packet.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 5
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 6
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 8
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 9
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 10
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 11
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 13
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 15
-08/Feb/2016 22:56:52 DEBUG: UDP FOUND
-08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 23
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 17
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 18
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 19
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 20
-08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 22
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 23
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 24
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 25
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 26
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 27
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 28
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 29
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 30
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 32
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 33
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 34
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 35
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 36
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 37
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 38
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 39
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 40
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 41
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 42
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 43
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 44
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 45
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 46
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 47
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 48
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 49
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 50
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 51
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 52
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 53
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 54
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 55
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 56
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 57
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 58
-08/Feb/2016 22:56:52 DEBUG: netflow detection...
-08/Feb/2016 22:56:52 DEBUG: sflow detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 62
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 64
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 65
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 66
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 67
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 69
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 70
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 71
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 72
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 73
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 74
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 75
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 76
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: gD¡Ö [len: 23]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 78
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: B¡× [len: 92]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 0
-08/Feb/2016 22:56:52 DEBUG: search stun.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 2
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 3
-08/Feb/2016 22:56:52 DEBUG: sip detection...
-08/Feb/2016 22:56:52 DEBUG: need next packet.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 5
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 6
-08/Feb/2016 22:56:52 DEBUG: EDONKEY detection...
-08/Feb/2016 22:56:52 DEBUG: EDONKEY stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 8
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 9
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 10
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 11
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 13
-08/Feb/2016 22:56:52 DEBUG: search DNS.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 15
-08/Feb/2016 22:56:52 DEBUG: UDP FOUND
-08/Feb/2016 22:56:52 DEBUG: iMesh UDP packetlen: 92
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 17
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 18
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 19
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 20
-08/Feb/2016 22:56:52 DEBUG: PPLIVE detection...
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: PPLIVE stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 22
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 23
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 24
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 25
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 26
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 27
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 28
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 29
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 30
-08/Feb/2016 22:56:52 DEBUG: STEAM detection...
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: STEAM stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 32
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 33
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 34
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 35
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 36
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 37
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 38
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 39
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 40
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 41
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 42
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 43
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 44
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 45
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 46
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 47
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 48
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 49
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 50
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 51
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 52
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 53
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 54
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 55
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 56
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 57
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 58
-08/Feb/2016 22:56:52 DEBUG: netflow detection...
-08/Feb/2016 22:56:52 DEBUG: sflow detection...
-08/Feb/2016 22:56:52 DEBUG: search H323.
-08/Feb/2016 22:56:52 DEBUG: calculated dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 62
-08/Feb/2016 22:56:52 DEBUG: search for NOE.
-08/Feb/2016 22:56:52 DEBUG: calculating dport over udp.
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 64
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 65
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 66
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 67
-08/Feb/2016 22:56:52 TRACE: PANDO detection...
-08/Feb/2016 22:56:52 DEBUG: PANDO stage 0:
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 69
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 70
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 71
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 72
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 73
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 74
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 75
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 76
-08/Feb/2016 22:56:52 DEBUG: CoAP detection...
-08/Feb/2016 22:56:52 DEBUG: ====>>>> COAP: B¡× [len: 92]
-08/Feb/2016 22:56:52 DEBUG: [UDP,SKIP] dissector of protocol as callback_buffer idx = 78
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: ipv4 header
-08/Feb/2016 22:56:52 DEBUG: netbios udp start
-08/Feb/2016 22:56:52 DEBUG: found netbios port 137 and payload_packet_len 50
-08/Feb/2016 22:56:52 DEBUG: found netbios with flag 0110 questions = 1 and answers = 0, authority, additional = 0
-08/Feb/2016 22:56:52 DEBUG: Starcraft protocol detection...
-08/Feb/2016 22:56:52 DEBUG: Starcraft excluded
-
-nDPI Memory statistics:
- nDPI Memory (once): 105.99 KB
- Flow Memory (per flow): 1.94 KB
- Actual Memory: 1.86 MB
- Peak Memory: 1.86 MB
-
-Traffic statistics:
- Ethernet bytes: 13857 (includes ethernet CRC/IFC/trailer)
- Discarded bytes: 102
- IP packets: 122 of 124 packets total
- IP bytes: 10929 (avg pkt size 88 bytes)
- Unique flows: 3
- TCP Packets: 85
- UDP Packets: 37
- VLAN Packets: 0
- MPLS Packets: 0
- PPPoE Packets: 0
- Fragmented Packets: 0
- Max Packet size: 170
- Packet Len < 64: 82
- Packet Len 64-128: 30
- Packet Len 128-256: 10
- Packet Len 256-1024: 0
- Packet Len 1024-1500: 0
- Packet Len > 1500: 0
- nDPI throughput: 37.84 K pps / 32.79 Mb/sec
- Traffic throughput: 3.54 pps / 3.15 Kb/sec
- Traffic duration: 34.417 sec
- Guessed flow protos: 1
-
-
-Detected protocols:
- Unknown packets: 85 bytes: 6989 flows: 1
- NetBIOS packets: 7 bytes: 644 flows: 1
- COAP packets: 30 bytes: 3296 flows: 1
-
-
-Protocol statistics:
- Acceptable 3940 bytes
- Unrated 6989 bytes
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 0d84e6f87..e5119692b 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -197,7 +197,8 @@ typedef struct ndpi_flow {
// result only, not used for flow identification
ndpi_protocol detected_protocol;
- char host_server_name[256];
+ char host_server_name[192];
+ char bittorent_hash[41];
struct {
char client_certificate[48], server_certificate[48];
@@ -528,6 +529,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow *flow) {
if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name);
if(flow->ssl.client_certificate[0] != '\0') fprintf(out, "[SSL client: %s]", flow->ssl.client_certificate);
if(flow->ssl.server_certificate[0] != '\0') fprintf(out, "[SSL server: %s]", flow->ssl.server_certificate);
+ if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash);
fprintf(out, "\n");
} else {
@@ -538,7 +540,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow *flow) {
json_object_object_add(jObj,"host_a.name",json_object_new_string(flow->lower_name));
json_object_object_add(jObj,"host_a.port",json_object_new_int(ntohs(flow->lower_port)));
json_object_object_add(jObj,"host_b.name",json_object_new_string(flow->upper_name));
- json_object_object_add(jObj,"host_n.port",json_object_new_int(ntohs(flow->upper_port)));
+ json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->upper_port)));
if(flow->detected_protocol.master_protocol)
json_object_object_add(jObj,"detected.masterprotocol",json_object_new_int(flow->detected_protocol.master_protocol));
@@ -590,8 +592,8 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow *flow) {
static void free_ndpi_flow(struct ndpi_flow *flow) {
if(flow->ndpi_flow) { ndpi_free_flow(flow->ndpi_flow); flow->ndpi_flow = NULL; }
- if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; }
- if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; }
+ if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; }
+ if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; }
}
@@ -651,6 +653,9 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept
u_int16_t thread_id = *((u_int16_t *) user_data);
if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */
+ if((!flow->detection_completed) && flow->ndpi_flow)
+ flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].ndpi_struct, flow->ndpi_flow);
+
if(enable_protocol_guess) {
if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) {
node_guess_undetected_protocol(thread_id, flow);
@@ -1066,11 +1071,25 @@ static unsigned int packet_processing(u_int16_t thread_id,
snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name);
+ if(flow->detected_protocol.protocol == NDPI_PROTOCOL_BITTORRENT) {
+ int i, j, n = 0;
+
+ for(i=0, j = 0; i<20; i++) {
+ sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]);
+ j += 2, n += flow->ndpi_flow->bittorent_hash[i];
+ }
+
+ if(n == 0) flow->bittorent_hash[0] = '\0';
+ }
+
if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) {
snprintf(flow->ssl.client_certificate, sizeof(flow->ssl.client_certificate), "%s", flow->ndpi_flow->protos.ssl.client_certificate);
snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", flow->ndpi_flow->protos.ssl.server_certificate);
}
+ if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN)
+ flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[thread_id].ndpi_struct, flow->ndpi_flow);
+
free_ndpi_flow(flow);
if(verbose > 1) {
@@ -1091,10 +1110,16 @@ static unsigned int packet_processing(u_int16_t thread_id,
ndpi_twalk(ndpi_thread_info[thread_id].ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_idle_scan_walker, &thread_id);
/* remove idle flows (unfortunately we cannot do this inline) */
- while (ndpi_thread_info[thread_id].num_idle_flows > 0)
- ndpi_tdelete(ndpi_thread_info[thread_id].idle_flows[--ndpi_thread_info[thread_id].num_idle_flows],
- &ndpi_thread_info[thread_id].ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_cmp);
-
+ while (ndpi_thread_info[thread_id].num_idle_flows > 0) {
+
+ /* search and delete the idle flow from the "ndpi_flow_root" (see struct reader thread) - here flows are the node of a b-tree */
+ ndpi_tdelete(ndpi_thread_info[thread_id].idle_flows[--ndpi_thread_info[thread_id].num_idle_flows], &ndpi_thread_info[thread_id].ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_cmp);
+
+ /* free the memory associated to idle flow in "idle_flows" - (see struct reader thread)*/
+ free_ndpi_flow(ndpi_thread_info[thread_id].idle_flows[ndpi_thread_info[thread_id].num_idle_flows]);
+ ndpi_free(ndpi_thread_info[thread_id].idle_flows[ndpi_thread_info[thread_id].num_idle_flows]);
+ }
+
if(++ndpi_thread_info[thread_id].idle_scan_idx == NUM_ROOTS) ndpi_thread_info[thread_id].idle_scan_idx = 0;
ndpi_thread_info[thread_id].last_idle_scan_time = ndpi_thread_info[thread_id].last_time;
}
@@ -1434,6 +1459,7 @@ static void printResults(u_int64_t tot_usec) {
static void closePcapFile(u_int16_t thread_id) {
if(ndpi_thread_info[thread_id]._pcap_handle != NULL) {
pcap_close(ndpi_thread_info[thread_id]._pcap_handle);
+
}
}
@@ -1729,7 +1755,7 @@ static void pcap_packet_callback(u_char *args,
break;
default:
- printf("Unknown datalink %d\n", datalink_type);
+ /* printf("Unknown datalink %d\n", datalink_type); */
return;
}
@@ -1946,7 +1972,7 @@ void *processing_thread(void *_thread_id) {
goto pcap_loop;
}
}
-
+
return NULL;
}
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index 364fd0101..a07c96e63 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -1,8 +1,7 @@
/*
* ndpi_api.h
*
- * Copyright (C) 2011-15 - ntop.org
- * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-16 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -32,47 +31,100 @@
extern "C" {
#endif
- /**
- * This function returns the size of the flow struct
- * @return the size of the flow struct
+#define NDPI_DETECTION_ONLY_IPV4 ( 1 << 0 )
+#define NDPI_DETECTION_ONLY_IPV6 ( 1 << 1 )
+
+#define ADD_TO_DETECTION_BITMASK 1
+#define NO_ADD_TO_DETECTION_BITMASK 0
+#define SAVE_DETECTION_BITMASK_AS_UNKNOWN 1
+#define NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN 0
+
+
+ /**
+ * Check if a string is encoded with punycode
+ * ( https://tools.ietf.org/html/rfc3492 )
+ *
+ * @par buff = pointer to the string to ckeck
+ * @par len = len of the string
+ * @return 1 if the string is punycoded;
+ * else 0
+ *
+ */
+ int check_punycode_string(char * buff , int len);
+
+
+ /**
+ * Get the size of the flow struct
+ *
+ * @return the size of the flow struct
+ *
*/
u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void);
+
- /**
- * This function returns the size of the id struct
- * @return the size of the id struct
+ /**
+ * Get the size of the id struct
+ *
+ * @return the size of the id struct
+ *
*/
u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void);
- /* Public malloc/free */
- void* ndpi_malloc(size_t size);
- void* ndpi_calloc(unsigned long count, size_t size);
- void ndpi_free(void *ptr);
- void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size);
- char *ndpi_strdup(const char *s);
/**
- * Find the first occurrence of find in s, where the search is limited to the
- * first slen characters of s.
+ * nDPI personal allocation and free functions
+ **/
+ void * ndpi_malloc(size_t size);
+ void * ndpi_calloc(unsigned long count, size_t size);
+ void * ndpi_realloc(void *ptr, size_t old_size, size_t new_size);
+ char * ndpi_strdup(const char *s);
+ void ndpi_free(void *ptr);
+
+
+ /**
+ * Search the first occurrence of substring -find- in -s-
+ * The search is limited to the first -slen- characters of the string
+ *
+ * @par s = string to parse
+ * @par find = string to match with -s-
+ * @par slen = max length to match between -s- and -find-
+ * @return a pointer to the beginning of the located substring;
+ * NULL if the substring is not found
+ *
*/
char* ndpi_strnstr(const char *s, const char *find, size_t slen);
+
/**
- * This function returns the nDPI protocol id for IP-based protocol detection
+ * Returns the nDPI protocol id for IP-based protocol detection
+ *
+ * @par ndpi_struct = the struct created for the protocol detection
+ * @par pin = IP host address (MUST BE in network byte order):
+ * See man(7) ip for details
+ * @return the nDPI protocol ID
+ *
*/
u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin);
+
/**
- * Same as ndpi_network_ptree_match
- */
- u_int16_t ndpi_host_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host);
+ * Init single protocol match
+ *
+ * @par ndpi_mod = the struct created for the protocol detection
+ * @par match = the struct passed to match the protocol
+ *
+ */
+ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_match *match);
+
/**
- * This function returns a new initialized detection module.
- * @param ticks_per_second the timestamp resolution per second (like 1000 for millisecond resolution)
- * @param __ndpi_malloc function pointer to a memory allocator
- * @param ndpi_debug_printf a function pointer to a debug output function, use NULL in productive envionments
- * @return the initialized detection module
+ * Returns a new initialized detection module
+ *
+ * @par ticks_per_second = the timestamp resolution per second (like 1000 for millisecond resolution)
+ * @par __ndpi_malloc = function pointer to a nDPI memory allocator
+ * @par ndpi_debug_printf = function pointer to a nDPI debug output function (use NULL in productive envionments)
+ * @return the initialized detection module
+ *
*/
struct ndpi_detection_module_struct *ndpi_init_detection_module(u_int32_t ticks_per_second,
void* (*__ndpi_malloc)(size_t size),
@@ -81,47 +133,97 @@ extern "C" {
/**
- * This function frees the memory allocated in the specified flow
- * @param flow to free
+ * Frees the memory allocated in the specified flow
+ *
+ * @par flow = the flow to deallocate
+ *
*/
void ndpi_free_flow(struct ndpi_flow_struct *flow);
+
/**
- * This function enables cache support in nDPI used for some protocol such as Skype
- * @param host host name
- * @param port port number
+ * Enables cache support.
+ * In nDPI is used for some protocol (i.e. Skype)
+ *
+ * @par ndpi_mod = the struct created for the protocol detection
+ * @par host = string for the host name
+ * @par port = unsigned int for the port number
+ *
*/
void ndpi_enable_cache(struct ndpi_detection_module_struct *ndpi_mod, char* host, u_int port);
+
/**
- * This function destroys the detection module
- * @param ndpi_struct the to clearing detection module
- * @param ndpi_free function pointer to a memory free function
+ * Destroys the detection module
+ *
+ * @par ndpi_struct = the struct to clearing for the detection module
+ * @par ndpi_free = function pointer to a nDPI memory free function
+ *
*/
- void
- ndpi_exit_detection_module(struct ndpi_detection_module_struct
- *ndpi_struct, void (*ndpi_free) (void *ptr));
+ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct, void (*ndpi_free) (void *ptr));
+
/**
- * This function sets the protocol bitmask2
- * @param ndpi_struct the detection module
- * @param detection_bitmask the protocol bitmask
+ * Sets a single protocol bitmask
+ * This function does not increment the index of the callback_buffer
+ *
+ * @par label = string for the protocol name
+ * @par ndpi_struct = the detection module
+ * @par detection_bitmask = the protocol bitmask
+ * @par idx = the index of the callback_buffer
+ * @par func = function pointer of the protocol search
+ * @par ndpi_selection_bitmask = the protocol selected bitmask
+ * @par b_save_bitmask_unknow = if set as "true" save the detection bitmask as unknow
+ * @par b_add_detection_bitmask = if set as "true" add the protocol bitmask to the detection bitmask
+ *
*/
- void
- ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct,
- const NDPI_PROTOCOL_BITMASK * detection_bitmask);
+ void ndpi_set_bitmask_protocol_detection(char *label, struct ndpi_detection_module_struct *ndpi_struct,
+ const NDPI_PROTOCOL_BITMASK *detection_bitmask,
+ const u_int32_t idx,
+ u_int16_t ndpi_protocol_id,
+ void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow),
+ const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask,
+ u_int8_t b_save_bitmask_unknow,
+ u_int8_t b_add_detection_bitmask);
+
+
/**
- * This function will processes one packet and returns the ID of the detected protocol.
- * This is the main packet processing function.
+ * Sets the protocol bitmask2
+ *
+ * @par ndpi_struct = the detection module
+ * @par detection_bitmask = the protocol bitmask to set
+ *
+ */
+ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct,
+ const NDPI_PROTOCOL_BITMASK * detection_bitmask);
+
+
+ /**
+ * Function to be called before we give up with detection for a given flow.
+ * This function reduces the NDPI_UNKNOWN_PROTOCOL detection
+ *
+ * @par ndpi_struct = the detection module
+ * @par flow = the flow given for the detection module
+ * @return the detected protocol even if the flow is not completed;
+ *
+ */
+ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow);
+
+
+ /**
+ * Processes one packet and returns the ID of the detected protocol.
+ * This is the MAIN PACKET PROCESSING FUNCTION.
+ *
+ * @par ndpi_struct = the detection module
+ * @par flow = pointer to the connection state machine
+ * @par packet = unsigned char pointer to the Layer 3 (IP header)
+ * @par packetlen = the length of the packet
+ * @par current_tick = the current timestamp for the packet
+ * @par src = pointer to the source subscriber state machine
+ * @par dst = pointer to the destination subscriber state machine
+ * @return the detected ID of the protocol
*
- * @param ndpi_struct the detection module
- * @param flow void pointer to the connection state machine
- * @param packet the packet as unsigned char pointer with the length of packetlen. the pointer must point to the Layer 3 (IP header)
- * @param packetlen the length of the packet
- * @param current_tick the current timestamp for the packet
- * @param src void pointer to the source subscriber state machine
- * @param dst void pointer to the destination subscriber state machine
- * @return returns the detected ID of the protocol
*/
ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
@@ -131,106 +233,313 @@ extern "C" {
struct ndpi_id_struct *src,
struct ndpi_id_struct *dst);
+
+ /**
+ * Get the main protocol of the passed flows for the detected module
+ *
+ *
+ * @par ndpi_struct = the detection module
+ * @par flow = the flow given for the detection module
+ * @return the ID of the master protocol detected
+ *
+ */
u_int16_t ndpi_get_flow_masterprotocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
-#define NDPI_DETECTION_ONLY_IPV4 ( 1 << 0 )
-#define NDPI_DETECTION_ONLY_IPV6 ( 1 << 1 )
-
+
/**
- * query the pointer to the layer 4 packet
+ * Query the pointer to the layer 4 packet
+ *
+ * @par l3 = pointer to the layer 3 data
+ * @par l3_len = length of the layer 3 data
+ * @par l4_return = address to the pointer of the layer 4 data if return value == 0, else undefined
+ * @par l4_len_return = length of the layer 4 data if return value == 0, else undefined
+ * @par l4_protocol_return = protocol of the layer 4 data if return value == 0, undefined otherwise
+ * @par flags = limit operation on ipv4 or ipv6 packets. Possible values: NDPI_DETECTION_ONLY_IPV4 - NDPI_DETECTION_ONLY_IPV6 - 0 (any)
+ * @return 0 if layer 4 data could be found correctly;
+ else != 0
*
- * @param l3 pointer to the layer 3 data
- * @param l3_len length of the layer 3 data
- * @param l4_return filled with the pointer the layer 4 data if return value == 0, undefined otherwise
- * @param l4_len_return filled with the length of the layer 4 data if return value == 0, undefined otherwise
- * @param l4_protocol_return filled with the protocol of the layer 4 data if return value == 0, undefined otherwise
- * @param flags limit operation on ipv4 or ipv6 packets, possible values are NDPI_DETECTION_ONLY_IPV4 or NDPI_DETECTION_ONLY_IPV6; 0 means any
- * @return 0 if correct layer 4 data could be found, != 0 otherwise
*/
- u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return,
- u_int8_t * l4_protocol_return, u_int32_t flags);
+ u_int8_t ndpi_detection_get_l4(const u_int8_t *l3, u_int16_t l3_len, const u_int8_t **l4_return, u_int16_t *l4_len_return,
+ u_int8_t *l4_protocol_return, u_int32_t flags);
+
+#if 0
/**
* returns true if the protocol history of the flow of the last packet given to the detection
* contains the given protocol.
*
* @param ndpi_struct the detection module
* @return 1 if protocol has been found, 0 otherwise
+ *
*/
u_int8_t ndpi_detection_flow_protocol_history_contains_protocol(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
- u_int16_t protocol_id);
- ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct,
- u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport);
+ struct ndpi_flow_struct *flow,
+ u_int16_t protocol_id);
+#endif
+
+ /**
+ * Search and return the protocol based on matched ports
+ *
+ * @par ndpi_struct = the detection module
+ * @par shost = source address in host byte order
+ * @par sport = source port number
+ * @par dhost = destination address in host byte order
+ * @par dport = destination port number
+ * @return the struct ndpi_protocol that match the port base protocol
+ *
+ */
+ ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct/* , u_int8_t proto */,
+ u_int32_t shost,
+ u_int16_t sport,
+ u_int32_t dhost,
+ u_int16_t dport);
+
+
+ /**
+ * Search and return the protocol guessed that is undetected
+ *
+ * @par ndpi_struct = the detection module
+ * @par proto = the l4 protocol number
+ * @par shost = source address in host byte order
+ * @par sport = source port number
+ * @par dhost = destination address in host byte order
+ * @par dport = destination port number
+ * @return the struct ndpi_protocol that match the port base protocol
+ *
+ */
ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
- u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport);
+ u_int8_t proto,
+ u_int32_t shost,
+ u_int16_t sport,
+ u_int32_t dhost,
+ u_int16_t dport);
+
+
+ /**
+ * Check if the string passed match with a protocol
+ *
+ * @par ndpi_struct = the detection module
+ * @par string_to_match = the string to match
+ * @par string_to_match_len = the length of the string
+ * @par is_host_match = value of the second field of struct ndpi_automa
+ * @return the ID of the matched subprotocol
+ *
+ */
int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
- char *string_to_match, u_int string_to_match_len);
+ char *string_to_match,
+ u_int string_to_match_len,
+ u_int8_t is_host_match);
+
+
+ /**
+ * Check if the host passed match with a protocol
+ *
+ * @par ndpi_struct = the detection module
+ * @par flow = the flow where match the host
+ * @par string_to_match = the string to match
+ * @par string_to_match_len = the length of the string
+ * @par master_protocol_id = value of the ID associated to the master protocol detected
+ * @return the ID of the matched subprotocol
+ *
+ */
int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len,
+ struct ndpi_flow_struct *flow,
+ char *string_to_match,
+ u_int string_to_match_len,
u_int16_t master_protocol_id);
+
+
+ /**
+ * Check if the string content passed match with a protocol
+ *
+ * @par ndpi_struct = the detection module
+ * @par flow = the flow where match the host
+ * @par string_to_match = the string to match
+ * @par string_to_match_len = the length of the string
+ * @par master_protocol_id = value of the ID associated to the master protocol detected
+ * @return the ID of the matched subprotocol
+ *
+ */
int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
- char *string_to_match, u_int string_to_match_len,
+ char *string_to_match,
+ u_int string_to_match_len,
u_int16_t master_protocol_id);
+
+
+ /**
+ * Check if the string -bigram_to_match- match with a bigram of -automa-
+ *
+ * @par ndpi_struct = the detection module
+ * @par automa = the struct ndpi_automa for the bigram
+ * @par bigram_to_match = the bigram string to match
+ * @return 0
+ *
+ */
int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct,
- ndpi_automa *automa, char *bigram_to_match);
+ ndpi_automa *automa,
+ char *bigram_to_match);
+
+
+ /**
+ * Write the protocol name in the buffer -buf- as master_protocol.protocol
+ *
+ * @par ndpi_mod = the detection module
+ * @par proto = the struct ndpi_protocol contain the protocols name
+ * @par buf = the buffer to write the name of the protocols
+ * @par buf_len = the length of the buffer
+ * @return the buffer contains the master_protocol and protocol name
+ *
+ */
char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len);
+
+
+ /**
+ * Get the protocol name associated to the ID
+ *
+ * @par mod = the detection module
+ * @par proto_id = the ID of the protocol
+ * @return the buffer contains the master_protocol and protocol name
+ *
+ */
char* ndpi_get_proto_name(struct ndpi_detection_module_struct *mod, u_int16_t proto_id);
+
+
+ /**
+ * Return the protocol breed ID associated to the protocol
+ *
+ * @par ndpi_struct = the detection module
+ * @par proto = the ID of the protocol
+ * @return the breed ID associated to the protocol
+ *
+ */
ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t proto);
+
+
+ /**
+ * Return the string name of the protocol breed
+ *
+ * @par ndpi_struct = the detection module
+ * @par breed_id = the breed ID associated to the protocol
+ * @return the string name of the breed ID
+ *
+ */
char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_struct, ndpi_protocol_breed_t breed_id);
+
+
+ /**
+ * Return the ID of the protocol
+ *
+ * @par ndpi_mod = the detection module
+ * @par proto = the ID of the protocol
+ * @return the string name of the breed ID
+ *
+ */
int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto);
+
+
+ /**
+ * Write the list of the supported protocols
+ *
+ * @par ndpi_mod = the detection module
+ */
void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod);
- int matchStringProtocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
- char *string_to_match, u_int string_to_match_len);
+
+ /**
+ * Read a file and load the protocols
+ *
+ * Format: <tcp|udp>:<port>,<tcp|udp>:<port>,.....@<proto>
+ *
+ * Example:
+ * tcp:80,tcp:3128@HTTP
+ * udp:139@NETBIOS
+ *
+ * @par ndpi_mod = the detection module
+ * @par path = the path of the file
+ * @return 0 if the file is loaded correctly;
+ * -1 else
+ *
+ */
int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char* path);
+
+
+ /**
+ * Get the total number of the supported protocols
+ *
+ * @par ndpi_mod = the detection module
+ * @return the number of protocols
+ *
+ */
u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod);
+
+
+ /**
+ * Get the nDPI version release
+ *
+ * @return the NDPI_GIT_RELEASE
+ *
+ */
char* ndpi_revision(void);
- void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct, void* automa);
-#define ADD_TO_DETECTION_BITMASK 1
-#define NO_ADD_TO_DETECTION_BITMASK 0
-#define SAVE_DETECTION_BITMASK_AS_UNKNOWN 1
-#define NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN 0
/**
- * This function sets a single protocol bitmask
- * @param label Protocol name
- * @param ndpi_struct the detection module
- * @param detection_bitmask the protocol bitmask
- * @param idx the index of the callback_buffer
- * @param func void function point of the protocol search
- * @param ndpi_selection_bitmask the protocol selected bitmask
- * @param b_save_bitmask_unknow set true if you want save the detection bitmask as unknow
- * @param b_add_detection_bitmask set true if you want add the protocol bitmask to the detection bitmask
- * NB: this function does not increment the index of the callback_buffer
- */
- void ndpi_set_bitmask_protocol_detection(char * label, struct ndpi_detection_module_struct *ndpi_struct,
- const NDPI_PROTOCOL_BITMASK * detection_bitmask,
- const u_int32_t idx,
- u_int16_t ndpi_protocol_id,
- void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow),
- const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask,
- u_int8_t b_save_bitmask_unknow,
- u_int8_t b_add_detection_bitmask);
+ * Set the automa for the protocol search
+ *
+ * @par ndpi_struct = the detection module
+ * @par automa = the automa to match
+ *
+ */
+ void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct, void* automa);
+
#ifdef NDPI_PROTOCOL_HTTP
- /*
- API used to retrieve information for HTTP flows
+ /**
+ * Retrieve information for HTTP flows
+ *
+ * @par ndpi_mod = the detection module
+ * @par flow = the detected flow
+ * @return the HTTP method information about the flow
+ *
*/
- ndpi_http_method ndpi_get_http_method(struct ndpi_detection_module_struct *ndpi_mod,
- struct ndpi_flow_struct *flow);
-
- char* ndpi_get_http_url(struct ndpi_detection_module_struct *ndpi_mod,
- struct ndpi_flow_struct *flow);
+ ndpi_http_method ndpi_get_http_method(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow);
+
- char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod,
- struct ndpi_flow_struct *flow);
+ /**
+ * Get the HTTP url
+ *
+ * @par ndpi_mod = the detection module
+ * @par flow = the detected flow
+ * @return the HTTP method information about the flow
+ *
+ */
+ char* ndpi_get_http_url(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow);
+
+
+ /**
+ * Get the HTTP content-type
+ *
+ * @par ndpi_mod = the detection module
+ * @par flow = the detected flow
+ * @return the HTTP method information about the flow
+ *
+ */
+ char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow);
#endif
+
#ifdef NDPI_PROTOCOL_TOR
+ /**
+ * Check if the flow could be detected as TOR protocol
+ *
+ * @par ndpi_struct = the detection module
+ * @par flow = the detected flow
+ * @par certificate = the ssl certificate
+ * @return 1 if the flow is TOR;
+ * 0 else
+ *
+ */
int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow, char *certificate);
#endif
diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h
index 266c76968..3fa0b34e6 100644
--- a/src/include/ndpi_define.h
+++ b/src/include/ndpi_define.h
@@ -156,7 +156,6 @@
/* misc definitions */
#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000
-#define NDPI_ENABLE_DEBUG_MESSAGES 1
/* TODO: rebuild all memory areas to have a more aligned memory block here */
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 7dcd86528..59707896b 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -49,14 +49,14 @@
#define NDPI_PROTOCOL_IP_ICMPV6 102
#define NDPI_PROTOCOL_HTTP 7
-#define NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV 60
+#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60
#define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype, Ultrasurf?) - ntop.org */
#define NDPI_PROTOCOL_SSL 91
#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110
#define NDPI_PROTOCOL_HTTP_CONNECT 130
#define NDPI_PROTOCOL_HTTP_PROXY 131
-#define NDPI_PROTOCOL_SOCKS5 172 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_SOCKS4 173 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+
#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow <tomasz@skatnet.dk> */
#define NDPI_PROTOCOL_MAIL_POP 2
@@ -203,7 +203,7 @@
#define NDPI_PROTOCOL_TEREDO 214
#define NDPI_PROTOCOL_HEP 216 /* Sipcapture.org QXIP BV */
#define NDPI_PROTOCOL_UBNTAC2 217 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */
-#define NDPI_PROTOCOL_MS_LYNC 220
+#define NDPI_PROTOCOL_MS_LYNC 173
@@ -232,15 +232,15 @@
#define NDPI_SERVICE_APPLE_ICLOUD 143
#define NDPI_SERVICE_APPLE_ITUNES 145
#define NDPI_SERVICE_TUENTI 149
-#define NDPI_SERVICE_WIKIPEDIA 176 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_SERVICE_MSN NDPI_PROTOCOL_MSN /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_SERVICE_AMAZON 178 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_SERVICE_EBAY 179 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_SERVICE_CNN 180 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_WIKIPEDIA 176 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_MSN NDPI_PROTOCOL_MSN /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_AMAZON 178 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_EBAY 179 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_CNN 180 /* Tomasz Bujlow <tomasz@skatnet.dk> */
#define NDPI_SERVICE_DROPBOX NDPI_PROTOCOL_DROPBOX /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_SERVICE_SKYPE NDPI_PROTOCOL_SKYPE /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_SERVICE_VIBER NDPI_PROTOCOL_VIBER /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_SERVICE_YAHOO NDPI_PROTOCOL_YAHOO /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_SKYPE NDPI_PROTOCOL_SKYPE /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_VIBER NDPI_PROTOCOL_VIBER
+#define NDPI_SERVICE_YAHOO NDPI_PROTOCOL_YAHOO /* Tomasz Bujlow <tomasz@skatnet.dk> */
#define NDPI_SERVICE_PANDORA 187
#define NDPI_PROTOCOL_EAQ 190
#define NDPI_SERVICE_TIMMEU 191
@@ -268,8 +268,10 @@
#define NDPI_SERVICE_HOTSPOT_SHIELD 215
#define NDPI_SERVICE_OCS 218
#define NDPI_SERVICE_OFFICE_365 219
-#define NDPI_PROTOCOL_COAP 221
-#define NDPI_PROTOCOL_MQTT 222
+#define NDPI_SERVICE_CLOUDFLARE 220
+#define NDPI_SERVICE_MS_ONE_DRIVE 221
+#define NDPI_PROTOCOL_COAP 222
+#define NDPI_PROTOCOL_MQTT 223
/* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_MQTT
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index b4ca6dba2..b6ceed257 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -299,6 +299,7 @@ void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
void init_socrates_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_soulseek_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_ssl_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index dcf3e0749..4fe8d5712 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -875,7 +875,7 @@ struct ndpi_flow_struct {
u_int16_t protocol_stack_info;
/* init parameter, internal used to set up timestamp,... */
- u_int16_t guessed_protocol_id, guessed_host_proto_id;
+ u_int16_t guessed_protocol_id, guessed_host_protocol_id;
u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1;
@@ -901,11 +901,13 @@ struct ndpi_flow_struct {
*/
struct ndpi_id_struct *server_id;
/* HTTP host or DNS query */
- u_char host_server_name[256];
+ u_char host_server_name[192];
/* Via HTTP User-Agent */
u_char detected_os[32];
/* Via HTTP X-Forwarded-For */
u_char nat_ip[24];
+ /* Bittorrent hash */
+ u_char bittorent_hash[20];
/*
This structure below will not not stay inside the protos
@@ -992,10 +994,8 @@ struct ndpi_flow_struct {
#ifdef NDPI_PROTOCOL_FLORENSIA
u_int32_t florensia_stage:1;
#endif
-#ifdef NDPI_PROTOCOL_SOCKS5
+#ifdef NDPI_PROTOCOL_SOCKS
u_int32_t socks5_stage:2; // 0 - 3
-#endif
-#ifdef NDPI_PROTOCOL_SOCKS4
u_int32_t socks4_stage:2; // 0 - 3
#endif
#ifdef NDPI_PROTOCOL_EDONKEY
@@ -1032,4 +1032,16 @@ struct ndpi_flow_struct {
struct ndpi_id_struct *dst;
};
+typedef struct {
+ char *string_to_match, *proto_name;
+ int protocol_id;
+ ndpi_protocol_breed_t protocol_breed;
+} ndpi_protocol_match;
+
+typedef struct {
+ u_int32_t network;
+ u_int8_t cidr;
+ u_int8_t value;
+} ndpi_network;
+
#endif/* __NDPI_TYPEDEFS_H__ */
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index b2d3e3d64..2e8b0551a 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -111,8 +111,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
protocols/skype.c \
protocols/smb.c \
protocols/snmp.c \
- protocols/socks4.c \
- protocols/socks5.c \
+ protocols/socks45.c \
protocols/socrates.c \
protocols/sopcast.c \
protocols/soulseek.c \
@@ -140,7 +139,6 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
protocols/twitter.c \
protocols/ubntac2.c \
protocols/usenet.c \
- protocols/veohtv.c \
protocols/viber.c \
protocols/vhua.c \
protocols/vmware.c \
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 74b21b536..411a3961d 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -18,23 +18,62 @@
*
*/
-typedef struct {
- char *string_to_match, *proto_name;
- int protocol_id;
- ndpi_protocol_breed_t protocol_breed;
-} ndpi_protocol_match;
-
-typedef struct {
- u_int32_t network;
- u_int8_t cidr;
- u_int8_t value;
-} ndpi_network;
-
/* ****************************************************** */
static ndpi_network host_protocol_list[] = {
/*
+ Microsoft Corporation (MS One Drive)
+ 204.79.195.0/24
+ 204.79.196.0/23
+ 134.170.0.0/16
+ 131.253.12.0/22
+ 131.253.16.0/23
+ 131.253.18.0/24
+ 65.54.191.0/24
+ */
+ { 0xCC4FC300 /* 204.79.195.0/24 */, 24, NDPI_SERVICE_MS_ONE_DRIVE },
+ { 0xCC4FC400 /* 204.79.196.0/23 */, 23, NDPI_SERVICE_MS_ONE_DRIVE },
+ { 0x86AA0000 /* 134.170.0.0/16 */, 16, NDPI_SERVICE_MS_ONE_DRIVE },
+ { 0x83FD0C00 /* 131.253.12.0/22 */, 22, NDPI_SERVICE_MS_ONE_DRIVE },
+ { 0x83FD1000 /* 131.253.16.0/23 */, 23, NDPI_SERVICE_MS_ONE_DRIVE },
+ { 0x83FD1200 /* 131.253.18.0/24 */, 24, NDPI_SERVICE_MS_ONE_DRIVE },
+ { 0x4136BF00 /* 65.54.191.0/24 */, 24, NDPI_SERVICE_MS_ONE_DRIVE },
+
+
+ /*
+ Amazon-EU-AWS Elastic Compute Cloud, EC2 (also used by Netflix)
+ 46.137.128.0/18
+ */
+ { 0x2E898000 /* 46.137.128.0/18 */, 18, NDPI_SERVICE_AMAZON },
+
+ /*
+ Amazon-EU (also used by Netflix)
+ 176.34.184.0/21
+ */
+ { 0xB022B800 /* 176.34.184.0/21 */, 21, NDPI_SERVICE_AMAZON },
+
+ /*
+ Netflix
+ 23.246.0.0/18
+ 23.21.190.124/32
+ */
+ { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_SERVICE_NETFLIX },
+ { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_SERVICE_NETFLIX },
+
+ /*
+ Cloudflare
+ 104.16.0.0/12
+ 173.245.48.0/20
+ 162.158.0.0/15
+ 141.101.125.0/24 CLOUDFLARE-EU CDN network
+ */
+ { 0x68100000 /* 104.16.0.0/12 */, 12, NDPI_SERVICE_CLOUDFLARE },
+ { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_SERVICE_CLOUDFLARE },
+ { 0xA29E0000 /* 162.158.0.0/15 */, 15, NDPI_SERVICE_CLOUDFLARE },
+ { 0x8D657D00 /* 141.101.125.0/24 */, 24, NDPI_SERVICE_CLOUDFLARE },
+
+ /*
OFFICE 365
13.107.1.0/24
13.107.3.0/24
@@ -81,10 +120,16 @@ static ndpi_network host_protocol_list[] = {
{ 0x4272A000 /* 66.114.160.0 */, 20, NDPI_PROTOCOL_WEBEX },
/*
- Viber
- 54.171.62.0/24
+ Viber Media AWS-VIBER-MEDIA (NET-54-169-63-160-1) 54.169.63.160 - 54.169.63.191
+ Viber Media S a r l AWS-VIBER-MEDIA-S-A-R-L (NET-54-93-255-64-1) 54.93.255.64 - 54.93.255.127
+ Crittercism AWS-VIBER-MEDIA (NET-52-0-252-0-1) 52.0.252.0 - 52.0.255.255
+ 54.169.63.160/27
+ 54.93.255.64/26
+ 52.0.252.0/22
*/
- { 0x36AB3E00 /* 54.171.62.0 */, 24, NDPI_PROTOCOL_VIBER },
+ { 0x36A93FA0 /* 54.169.63.160 */, 27, NDPI_PROTOCOL_VIBER },
+ { 0x365DFF40 /* 54.93.255.64 */, 26, NDPI_PROTOCOL_VIBER },
+ { 0x3400FC00 /* 52.0.252.0 */, 22, NDPI_PROTOCOL_VIBER },
/*
Apple (FaceTime, iMessage,...)
@@ -107,12 +152,15 @@ static ndpi_network host_protocol_list[] = {
157.56.0.0/14, 157.60.0.0/16, 157.54.0.0/15
111.221.64.0 - 111.221.127.255
91.190.216.0/21 (AS198015 Skype Communications Sarl)
+ 40.126.129.109/32
*/
{ 0x9D380000 /* 157.56.0.0 */, 14, NDPI_PROTOCOL_SKYPE },
{ 0x9D3C0000 /* 157.60.0.0 */, 16, NDPI_PROTOCOL_SKYPE },
{ 0x9D360000 /* 157.54.0.0 */, 15, NDPI_PROTOCOL_SKYPE },
{ 0x6FDD4000 /* 111.221.64.0 */, 18, NDPI_PROTOCOL_SKYPE },
{ 0x5BBED800 /* 91.190.216.0 */, 21, NDPI_PROTOCOL_SKYPE },
+ { 0x287F816D /* 40.126.129.109 */, 32, NDPI_PROTOCOL_SKYPE },
+
/*
route: 5.42.160.0/19
@@ -124,10 +172,15 @@ static ndpi_network host_protocol_list[] = {
/*
Google
173.194.0.0/16
+ 74.125.0.0/16
64.233.160.0/19
+ 216.58.192.0/19
*/
{ 0xADC20000 /* 173.194.0.0 */, 16, NDPI_SERVICE_GOOGLE },
+ { 0x4A7D0000 /* 74.125.0.0 */, 16, NDPI_SERVICE_GOOGLE },
{ 0x40E91600 /* 64.233.160.0 */, 19, NDPI_SERVICE_GOOGLE },
+ { 0xD83AC000 /* 216.58.192.0 */, 19, NDPI_SERVICE_GOOGLE },
+
/*
Ubuntu One
91.189.89.0/21 (255.255.248.0)
@@ -153,155 +206,7 @@ static ndpi_network host_protocol_list[] = {
{ 0x959AA400 /* 149.154.164.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM},
{ 0x959AA800 /* 149.154.168.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM},
- /* Skype */
- { 0x17600000, 14, NDPI_PROTOCOL_SKYPE },
- { 0x17613000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x17614000, 19, NDPI_PROTOCOL_SKYPE },
- { 0x17616000, 19, NDPI_PROTOCOL_SKYPE },
- { 0x17622000, 21, NDPI_PROTOCOL_SKYPE },
- { 0x17622800, 22, NDPI_PROTOCOL_SKYPE },
- { 0x17623800, 21, NDPI_PROTOCOL_SKYPE },
- { 0x17624000, 18, NDPI_PROTOCOL_SKYPE },
- { 0x17640000, 15, NDPI_PROTOCOL_SKYPE },
- { 0x17660000, 16, NDPI_PROTOCOL_SKYPE },
- { 0x17674000, 18, NDPI_PROTOCOL_SKYPE },
- { 0x17678000, 17, NDPI_PROTOCOL_SKYPE },
- { 0x40040000, 18, NDPI_PROTOCOL_SKYPE },
- { 0x41340000, 14, NDPI_PROTOCOL_SKYPE },
- { 0x4134A000, 19, NDPI_PROTOCOL_SKYPE },
- { 0x41362800, 24, NDPI_PROTOCOL_SKYPE },
- { 0x41364200, 23, NDPI_PROTOCOL_SKYPE },
- { 0x41364400, 24, NDPI_PROTOCOL_SKYPE },
- { 0x41365200, 24, NDPI_PROTOCOL_SKYPE },
- { 0x41365500, 24, NDPI_PROTOCOL_SKYPE },
- { 0x41365A00, 23, NDPI_PROTOCOL_SKYPE },
- { 0x41372C00, 24, NDPI_PROTOCOL_SKYPE },
- { 0x41377500, 24, NDPI_PROTOCOL_SKYPE },
- { 0x4137E600, 24, NDPI_PROTOCOL_SKYPE },
- { 0x4137E700, 24, NDPI_PROTOCOL_SKYPE },
- { 0x42779000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x46250000, 17, NDPI_PROTOCOL_SKYPE },
- { 0x46258000, 18, NDPI_PROTOCOL_SKYPE },
- { 0x46259600, 23, NDPI_PROTOCOL_SKYPE },
- { 0x5EF54000, 18, NDPI_PROTOCOL_SKYPE },
- { 0x5EF54C00, 23, NDPI_PROTOCOL_SKYPE },
- { 0x5EF55200, 24, NDPI_PROTOCOL_SKYPE },
- { 0x68280000, 13, NDPI_PROTOCOL_SKYPE },
- { 0x68920000, 19, NDPI_PROTOCOL_SKYPE },
- { 0x68928000, 17, NDPI_PROTOCOL_SKYPE },
- { 0x68D00000, 13, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD1000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD1000, 21, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD1700, 24, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD4000, 18, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD4000, 21, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD4200, 24, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD4500, 24, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD4600, 24, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD4E00, 23, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD5000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD6000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD7000, 21, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD7800, 22, NDPI_PROTOCOL_SKYPE },
- { 0x6FDD7C00, 22, NDPI_PROTOCOL_SKYPE },
- { 0x83FD0100, 24, NDPI_PROTOCOL_SKYPE },
- { 0x83FD0500, 24, NDPI_PROTOCOL_SKYPE },
- { 0x83FD0600, 24, NDPI_PROTOCOL_SKYPE },
- { 0x83FD0800, 24, NDPI_PROTOCOL_SKYPE },
- { 0x83FD0C00, 22, NDPI_PROTOCOL_SKYPE },
- { 0x83FD1200, 24, NDPI_PROTOCOL_SKYPE },
- { 0x83FD1500, 24, NDPI_PROTOCOL_SKYPE },
- { 0x83FD1800, 21, NDPI_PROTOCOL_SKYPE },
- { 0x83FD2000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x83FD2100, 24, NDPI_PROTOCOL_SKYPE },
- { 0x83FD2200, 24, NDPI_PROTOCOL_SKYPE },
- { 0x83FD3D00, 24, NDPI_PROTOCOL_SKYPE },
- { 0x83FD3E00, 23, NDPI_PROTOCOL_SKYPE },
- { 0x83FD8000, 17, NDPI_PROTOCOL_SKYPE },
- { 0x84F50000, 16, NDPI_PROTOCOL_SKYPE },
- { 0x84F59C00, 22, NDPI_PROTOCOL_SKYPE },
- { 0x84F5A000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x86AA0000, 16, NDPI_PROTOCOL_SKYPE },
- { 0x86AA8000, 21, NDPI_PROTOCOL_SKYPE },
- { 0x86AA8800, 21, NDPI_PROTOCOL_SKYPE },
- { 0x86AAD900, 24, NDPI_PROTOCOL_SKYPE },
- { 0x89740000, 15, NDPI_PROTOCOL_SKYPE },
- { 0x89748000, 19, NDPI_PROTOCOL_SKYPE },
- { 0x8974A000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x89870000, 16, NDPI_PROTOCOL_SKYPE },
- { 0x8A5B0000, 16, NDPI_PROTOCOL_SKYPE },
- { 0x8A5B0000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x8A5B1000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x8A5B2000, 20, NDPI_PROTOCOL_SKYPE },
- { 0x9D370000, 16, NDPI_PROTOCOL_SKYPE },
- { 0x9D380000, 16, NDPI_PROTOCOL_SKYPE },
- { 0x9D3C1700, 24, NDPI_PROTOCOL_SKYPE },
- { 0x9D3C1F00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xA7DCF000, 22, NDPI_PROTOCOL_SKYPE },
- { 0xA83D0000, 16, NDPI_PROTOCOL_SKYPE },
- { 0xA83E0000, 15, NDPI_PROTOCOL_SKYPE },
- { 0xA83F8000, 17, NDPI_PROTOCOL_SKYPE },
- { 0xBFE80000, 13, NDPI_PROTOCOL_SKYPE },
- { 0xC030E100, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC0549F00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC054A000, 23, NDPI_PROTOCOL_SKYPE },
- { 0xC0C59D00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC1954000, 19, NDPI_PROTOCOL_SKYPE },
- { 0xC1DD7100, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC6310800, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC6C88200, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC6CEA400, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC71E1000, 20, NDPI_PROTOCOL_SKYPE },
- { 0xC73C1C00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC74AD200, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC7675A00, 23, NDPI_PROTOCOL_SKYPE },
- { 0xC7677A00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xC7F23000, 21, NDPI_PROTOCOL_SKYPE },
- { 0xCA59E000, 21, NDPI_PROTOCOL_SKYPE },
- { 0xCC4F8700, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCC4FB300, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCC4FC300, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCC4FC500, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCC4FFC00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCC5F6000, 20, NDPI_PROTOCOL_SKYPE },
- { 0xCC988C00, 23, NDPI_PROTOCOL_SKYPE },
- { 0xCE8AA800, 21, NDPI_PROTOCOL_SKYPE },
- { 0xCEBFE000, 19, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E0000, 16, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E0000, 19, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E2000, 20, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E2900, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E3000, 20, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E3A00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E3E00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E4000, 19, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E4800, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E4D00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E6000, 19, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E6200, 24, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E8000, 17, NDPI_PROTOCOL_SKYPE },
- { 0xCF2E8000, 19, NDPI_PROTOCOL_SKYPE },
- { 0xCF2EE000, 20, NDPI_PROTOCOL_SKYPE },
- { 0xCF448000, 18, NDPI_PROTOCOL_SKYPE },
- { 0xCF52FA00, 23, NDPI_PROTOCOL_SKYPE },
- { 0xD0448800, 21, NDPI_PROTOCOL_SKYPE },
- { 0xD04C2D00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xD04C2E00, 24, NDPI_PROTOCOL_SKYPE },
- { 0xD0540000, 24, NDPI_PROTOCOL_SKYPE },
- { 0xD0540100, 24, NDPI_PROTOCOL_SKYPE },
- { 0xD0540200, 24, NDPI_PROTOCOL_SKYPE },
- { 0xD0540300, 24, NDPI_PROTOCOL_SKYPE },
- { 0xD1017000, 23, NDPI_PROTOCOL_SKYPE },
- { 0xD1B98000, 22, NDPI_PROTOCOL_SKYPE },
- { 0xD1B9F000, 22, NDPI_PROTOCOL_SKYPE },
- { 0xD1F0C000, 19, NDPI_PROTOCOL_SKYPE },
- { 0xD5C78000, 18, NDPI_PROTOCOL_SKYPE },
- { 0xD820B400, 22, NDPI_PROTOCOL_SKYPE },
- { 0xD820F000, 22, NDPI_PROTOCOL_SKYPE },
- { 0xD820F200, 24, NDPI_PROTOCOL_SKYPE },
- { 0xD821F000, 22, NDPI_PROTOCOL_SKYPE },
- { 0xD4A10800, 24, NDPI_PROTOCOL_SKYPE },
-
+ /* TOR */
{ 0x012A1231, 32, NDPI_PROTOCOL_TOR },
{ 0x01E69FA1, 32, NDPI_PROTOCOL_TOR },
{ 0x020DE985, 32, NDPI_PROTOCOL_TOR },
@@ -7363,6 +7268,7 @@ ndpi_protocol_match host_match[] = {
{ ".ebaystratus.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_ACCEPTABLE },
{ ".ebayimg.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_ACCEPTABLE },
{ ".facebook.com", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_FUN },
+ { "fbstatic-a.akamaihd.net", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_FUN },
{ ".fbcdn.net", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_FUN },
{ "fbcdn-", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */
{ ".google.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_ACCEPTABLE },
@@ -7392,11 +7298,14 @@ ndpi_protocol_match host_match[] = {
{ ".skypeassets.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE },
{ ".skypedata.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE },
{ ".skypeecs-", /* no final . */ "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".skypeforbusiness.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".lync.com", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE },
{ ".tuenti.com", "Tuenti", NDPI_SERVICE_TUENTI, NDPI_PROTOCOL_ACCEPTABLE },
{ ".twttr.com", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_ACCEPTABLE },
{ "twitter.", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_ACCEPTABLE },
{ "twimg.com", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_ACCEPTABLE },
{ ".viber.com", "Viber", NDPI_SERVICE_VIBER, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".cdn.viber.com", "Viber", NDPI_SERVICE_VIBER, NDPI_PROTOCOL_ACCEPTABLE },
{ "wikipedia.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_ACCEPTABLE },
{ "wikimedia.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_ACCEPTABLE },
{ "mediawiki.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_ACCEPTABLE },
@@ -7450,9 +7359,14 @@ ndpi_protocol_match host_match[] = {
{ "tim-geoportal.geoportal3d.com.br", "TIM_PortasAbertas", NDPI_SERVICE_TIMPORTASABERTAS, NDPI_PROTOCOL_ACCEPTABLE },
{ ".m4u.com.br", "TIM_Recarga", NDPI_SERVICE_TIMRECARGA, NDPI_PROTOCOL_ACCEPTABLE },
{ ".deezer.com", "Deezer", NDPI_SERVICE_DEEZER, NDPI_PROTOCOL_ACCEPTABLE },
+
{ ".microsoft.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_ACCEPTABLE },
+ { "bn1301.storage.live.com", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE, NDPI_PROTOCOL_ACCEPTABLE },
+ { "skyapi.live.net", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE, NDPI_PROTOCOL_ACCEPTABLE },
+ { "d.docs.live.net", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE, NDPI_PROTOCOL_ACCEPTABLE },
{ "update.microsoft.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_ACCEPTABLE },
{ ".windowsupdate.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_ACCEPTABLE },
+
{ "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_FUN },
{ ".anchorfree.", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
{ "hotspotshield.com", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
@@ -7462,20 +7376,27 @@ ndpi_protocol_match host_match[] = {
{ ".ocs.fr", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_FUN },
{ ".labgency.ws", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_FUN },
- { "crl.microsoft.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { "evsecure-ocsp.verisign.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { "evsecure-aia.verisign.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { "evsecure-crl.verisign.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { "sa.symcb.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { "sd.symcb.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { ".omniroot.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { ".verisign.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { ".symcb.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { ".symcd.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { ".verisign.net", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { ".geotrust.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { ".entrust.net", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
- { ".public-trust.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { "crl.microsoft.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { "evsecure-ocsp.verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { "evsecure-aia.verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { "evsecure-crl.verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { "sa.symcb.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { "sd.symcb.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".omniroot.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".symcb.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".symcd.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".verisign.net", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".geotrust.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".entrust.net", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".public-trust.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE },
+
+ /* http://www.urlquery.net/report.php?id=1453233646161 */
+ { "lifedom.top", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_ACCEPTABLE },
+ { "coby.ns.cloudflare.com", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_ACCEPTABLE },
+ { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_ACCEPTABLE },
+
+
{ NULL, 0 }
};
@@ -7522,6 +7443,18 @@ ndpi_protocol_match content_match[] = {
{ "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_FUN },
{ "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_FUN },
{ "application/vnd.apple.mpegurl", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_FUN },
+ { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+ { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_ACCEPTABLE },
+
{ NULL, 0 }
};
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 8fa52fc77..8d40fe9aa 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -38,6 +38,25 @@
#include "third_party/include/ndpi_patricia.h"
#include "third_party/src/ndpi_patricia.c"
+
+/* implementation of the punycode check function */
+int check_punycode_string(char * buffer , int len)
+{
+ int i = 0;
+
+ while(i++ < len)
+ {
+ if( buffer[i] == 'x' &&
+ buffer[i+1] == 'n' &&
+ buffer[i+2] == '-' &&
+ buffer[i+3] == '-' )
+ // is a punycode string
+ return 1;
+ }
+ // not a punycode string
+ return 0;
+}
+
/* ftp://ftp.cc.uoc.gr/mirrors/OpenBSD/src/lib/libc/stdlib/tsearch.c */
/* find or insert datum into search tree */
void *
@@ -306,7 +325,7 @@ void* ndpi_calloc(unsigned long count, size_t size) {
/* ****************************************** */
-void ndpi_free(void *ptr) { _ndpi_free(ptr); }
+void ndpi_free(void *ptr) { _ndpi_free(ptr); }
/* ****************************************** */
@@ -577,30 +596,36 @@ static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct
/* ******************************************************************** */
-static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) {
- int i;
+void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod,
+ ndpi_protocol_match *match) {
+ u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO };
+ ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
- for(i=0; host_match[i].string_to_match != NULL; i++) {
- u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO };
- ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
+ ndpi_add_host_url_subprotocol(ndpi_mod, match->string_to_match,
+ match->protocol_id, match->protocol_breed);
- ndpi_add_host_url_subprotocol(ndpi_mod, host_match[i].string_to_match,
- host_match[i].protocol_id, host_match[i].protocol_breed);
+ if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) {
+ ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name);
+ ndpi_mod->proto_defaults[match->protocol_id].protoId = match->protocol_id;
+ ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed;
+ }
- if(ndpi_mod->proto_defaults[host_match[i].protocol_id].protoName == NULL) {
- ndpi_mod->proto_defaults[host_match[i].protocol_id].protoName = ndpi_strdup(host_match[i].proto_name);
- ndpi_mod->proto_defaults[host_match[i].protocol_id].protoId = host_match[i].protocol_id;
- ndpi_mod->proto_defaults[host_match[i].protocol_id].protoBreed = host_match[i].protocol_breed;
- }
+ ndpi_set_proto_defaults(ndpi_mod,
+ ndpi_mod->proto_defaults[match->protocol_id].protoBreed,
+ ndpi_mod->proto_defaults[match->protocol_id].protoId,
+ no_master, no_master,
+ ndpi_mod->proto_defaults[match->protocol_id].protoName,
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+}
- ndpi_set_proto_defaults(ndpi_mod,
- ndpi_mod->proto_defaults[host_match[i].protocol_id].protoBreed,
- ndpi_mod->proto_defaults[host_match[i].protocol_id].protoId,
- no_master, no_master,
- ndpi_mod->proto_defaults[host_match[i].protocol_id].protoName,
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- }
+/* ******************************************************************** */
+
+static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) {
+ int i;
+
+ for(i=0; host_match[i].string_to_match != NULL; i++)
+ ndpi_init_protocol_match(ndpi_mod, &host_match[i]);
#ifdef DEBUG
ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n');
@@ -842,7 +867,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT,
no_master,
no_master, "BitTorrent",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_a, 51413, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 6771, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO,
no_master,
@@ -954,9 +979,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
no_master, "TVUplayer",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV,
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD,
no_master,
- no_master, "HTTP_APPLICATION_VEOHTV",
+ no_master, "HTTPDownload",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE,
@@ -1137,11 +1162,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
no_master, "IAX",
ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP,
- no_master,
- no_master, "TFTP",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP,
no_master,
no_master, "AFP",
@@ -1160,8 +1180,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP,
no_master,
no_master, "SIP",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 5060, 0, 0, 0, 0) /* UDP */);
+ ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE,
no_master,
no_master, "TruPhone",
@@ -1443,16 +1463,16 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
no_master, "Collectd",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS5,
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS,
no_master,
- no_master, "SOCKS5",
+ no_master, "SOCKS",
ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS4,
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP,
no_master,
- no_master, "SOCKS4",
+ no_master, "TFTP",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP,
no_master,
no_master, "RTMP",
@@ -1476,28 +1496,33 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ,
no_master,
no_master, "ZeroMQ",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) /* UDP */);
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
+ ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) ); /* UDP */
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA,
no_master,
no_master, "VHUA",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0) /* UDP */);
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
+ ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT,
no_master,
no_master, "Starcraft",
- ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */
- ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */
+ ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */
+ ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2,
no_master,
no_master, "UBNTAC2",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
- ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
+ ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MS_LYNC,
no_master,
no_master, "Lync",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER,
+ no_master,
+ no_master, "Viber",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
+ ndpi_build_default_ports(ports_b, 7985, 7987, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_mod,NDPI_PROTOCOL_ACCEPTABLE,NDPI_PROTOCOL_COAP,
no_master,
no_master, "COAP",
@@ -1565,13 +1590,13 @@ u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_str
/* ******************************************* */
-u_int16_t ndpi_host_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host /* network byte order */) {
- struct in_addr pin;
+/* u_int16_t ndpi_host_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host /\* network byte order *\/) { */
+/* struct in_addr pin; */
- pin.s_addr = host;
+/* pin.s_addr = host; */
- return(ndpi_network_ptree_match(ndpi_struct, &pin));
-}
+/* return(ndpi_network_ptree_match(ndpi_struct, &pin)); */
+/* } */
/* ******************************************* */
@@ -1635,7 +1660,7 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp
struct in_addr pin;
int bits = 32;
char *ptr = strrchr(value, '/');
-
+
if (ptr)
{
ptr[0] = '\0';
@@ -1643,12 +1668,12 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp
if (atoi(ptr)>=0 && atoi(ptr)<=32)
bits = atoi(ptr);
}
-
+
inet_pton(AF_INET, value, &pin);
-
+
if((node = add_to_ptree(ndpi_struct->protocols_ptree, AF_INET, &pin, bits)) != NULL)
node->value.user_value = protocol_id;
-
+
return 0;
}
@@ -1865,7 +1890,7 @@ char * strsep(char **sp, char *sep)
int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, u_int8_t do_add) {
-
+
char *at, *proto, *elem;
ndpi_proto_defaults_t *def;
int subprotocol_id, i;
@@ -1980,7 +2005,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule,
*/
int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char* path) {
-
+
FILE *fd = fopen(path, "r");
int i;
@@ -2133,6 +2158,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
/* SOULSEEK */
init_soulseek_dissector(ndpi_struct, &a, detection_bitmask);
+ /* SOCKS */
+ init_socks_dissector(ndpi_struct, &a, detection_bitmask);
+
/* IRC */
init_irc_dissector(ndpi_struct, &a, detection_bitmask);
@@ -2277,9 +2305,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
/* SHOUTCAST */
init_shoutcast_dissector(ndpi_struct, &a, detection_bitmask);
- /* VEOHTV */
- init_veohtv_dissector(ndpi_struct, &a, detection_bitmask);
-
/* KERBEROS */
init_kerberos_dissector(ndpi_struct, &a, detection_bitmask);
@@ -3022,7 +3047,7 @@ void check_ndpi_udp_flow_func(struct ndpi_detection_module_struct *ndpi_struct,
}
for(a = 0; a < ndpi_struct->callback_buffer_size_udp; a++) {
- if((func != ndpi_struct->callback_buffer_tcp_payload[a].func)
+ if((func != ndpi_struct->callback_buffer_udp[a].func)
&& (ndpi_struct->callback_buffer_udp[a].ndpi_selection_bitmask & *ndpi_selection_packet) ==
ndpi_struct->callback_buffer_udp[a].ndpi_selection_bitmask
&& NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask,
@@ -3129,7 +3154,7 @@ void check_ndpi_flow_func(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
const struct ndpi_iphdr *iph,
- struct ndpi_ipv6hdr *iph6,
+ struct ndpi_ipv6hdr *iph6,
struct ndpi_tcphdr *tcp,
struct ndpi_udphdr *udp,
u_int8_t src_to_dst_direction,
@@ -3147,7 +3172,7 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru
flow->packet.tcp = tcp, flow->packet.udp = udp;
flow->packet.payload = payload, flow->packet.payload_packet_len = payload_len;
-
+
if(src_to_dst_direction)
flow->src = src, flow->dst = dst;
else
@@ -3171,11 +3196,6 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru
if(flow->packet.payload_packet_len != 0) {
ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD;
-
- if(!flow->protocol_id_already_guessed) {
- flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, l4_proto, sport, dport);
- flow->protocol_id_already_guessed = 1;
- }
}
if(flow->packet.tcp_retransmission == 0)
@@ -3188,40 +3208,54 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru
a = flow->packet.detected_protocol_stack[0];
if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, a) == 0)
a = NDPI_PROTOCOL_UNKNOWN;
-
+
if(a != NDPI_PROTOCOL_UNKNOWN) {
int i;
for(i=0; (i<sizeof(flow->host_server_name)) && (flow->host_server_name[i] != '\0'); i++)
flow->host_server_name[i] = tolower(flow->host_server_name[i]);
-
+
flow->host_server_name[i] ='\0';
}
ret_protocols:
if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) {
ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0];
-
+
if(ret.protocol == ret.master_protocol)
ret.master_protocol = NDPI_PROTOCOL_UNKNOWN;
} else
ret.protocol = flow->detected_protocol_stack[0];
- if((ret.protocol == NDPI_PROTOCOL_UNKNOWN)
- && flow->packet.iph
- && (!flow->host_already_guessed)) {
-
- if((flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct,
- (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) {
- flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr);
+ return(ret);
+}
+
+/* ********************************************************************************* */
+
+ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow) {
+ ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN };
+
+ if(flow == NULL) return(ret);
+
+ /* TODO: add the remaining stage_XXXX protocols */
+ if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+ if(flow->http_detected)
+ ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_UNKNOWN);
+ else if((flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) {
+ if(flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)
+ ndpi_int_change_protocol(ndpi_struct, flow, flow->guessed_protocol_id, NDPI_PROTOCOL_SSL);
+ else
+ ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN);
+ } else {
+ flow->detected_protocol_stack[1] = flow->guessed_protocol_id, flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id;
+
+ if(flow->detected_protocol_stack[1] == flow->detected_protocol_stack[0])
+ flow->detected_protocol_stack[1] = NDPI_PROTOCOL_UNKNOWN;
}
-
- flow->host_already_guessed = 1;
}
- if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN))
- ret.protocol = flow->guessed_host_proto_id;
-
+ ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0];
return(ret);
}
@@ -3303,6 +3337,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
u_int8_t protocol;
u_int32_t saddr, daddr;
+ flow->protocol_id_already_guessed = 1;
+
#ifdef NDPI_DETECTION_SUPPORT_IPV6
if(flow->packet.iphv6 != NULL) {
protocol = flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, saddr = 0, daddr = 0;
@@ -3319,11 +3355,10 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
else sport = dport = 0;
flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport);
- flow->protocol_id_already_guessed = 1;
- if((protocol != IPPROTO_TCP) && (protocol != IPPROTO_UDP)) {
- flow->detected_protocol_stack[0] = flow->guessed_protocol_id;
- goto ret_protocols;
+ if(flow->packet.iph) {
+ if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN)
+ flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr);
}
}
@@ -3351,20 +3386,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
} else
ret.protocol = flow->detected_protocol_stack[0];
- if((ret.protocol == NDPI_PROTOCOL_UNKNOWN)
- && flow->packet.iph
- && (!flow->host_already_guessed)) {
-
- if((flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) {
- flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr);
- }
-
- flow->host_already_guessed = 1;
- }
-
- if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN))
- ret.protocol = flow->guessed_host_proto_id;
-
return(ret);
}
@@ -3906,27 +3927,27 @@ void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_s
packet->detected_protocol_stack[0] = upper_detected_protocol, packet->detected_protocol_stack[1] = lower_detected_protocol;
}
-/*
- * this function checks whether a protocol can be found in the
- * history. Actually it accesses the packet stack since this is what
- * leaves the library but it could also use the flow stack.
- */
-u_int8_t ndpi_detection_flow_protocol_history_contains_protocol(struct ndpi_detection_module_struct * ndpi_struct,
- struct ndpi_flow_struct *flow,
- u_int16_t protocol_id) {
- u_int8_t a;
- struct ndpi_packet_struct *packet = &flow->packet;
+/* /\* */
+/* * this function checks whether a protocol can be found in the */
+/* * history. Actually it accesses the packet stack since this is what */
+/* * leaves the library but it could also use the flow stack. */
+/* *\/ */
+/* u_int8_t ndpi_detection_flow_protocol_history_contains_protocol(struct ndpi_detection_module_struct * ndpi_struct, */
+/* struct ndpi_flow_struct *flow, */
+/* u_int16_t protocol_id) { */
+/* u_int8_t a; */
+/* struct ndpi_packet_struct *packet = &flow->packet; */
- if(!packet)
- return 0;
+/* if(!packet) */
+/* return 0; */
- for(a = 0; a < NDPI_PROTOCOL_HISTORY_SIZE; a++) {
- if(packet->detected_protocol_stack[a] == protocol_id)
- return 1;
- }
+/* for(a = 0; a < NDPI_PROTOCOL_HISTORY_SIZE; a++) { */
+/* if(packet->detected_protocol_stack[a] == protocol_id) */
+/* return 1; */
+/* } */
- return 0;
-}
+/* return 0; */
+/* } */
/* generic function for changing the protocol
*
@@ -3938,6 +3959,9 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int16_t upper_detected_protocol,
u_int16_t lower_detected_protocol) {
+ if(upper_detected_protocol == lower_detected_protocol)
+ lower_detected_protocol = NDPI_PROTOCOL_UNKNOWN;
+
ndpi_int_change_flow_protocol(ndpi_struct, flow, upper_detected_protocol, lower_detected_protocol);
ndpi_int_change_packet_protocol(ndpi_struct, flow, upper_detected_protocol, lower_detected_protocol);
}
@@ -4128,7 +4152,7 @@ u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_ch
/* ****************************************************** */
ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct /* NOTUSED */,
- u_int8_t proto,
+ /* u_int8_t proto, */
u_int32_t shost, u_int16_t sport,
u_int32_t dhost, u_int16_t dport) {
ndpi_protocol p = NDPI_PROTOCOL_NULL;
@@ -4188,7 +4212,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
return(ret);
}
- ret = ndpi_find_port_based_protocol(ndpi_struct, proto, shost, sport, dhost, dport);
+ ret = ndpi_find_port_based_protocol(ndpi_struct/* , proto */, shost, sport, dhost, dport);
if(ret.protocol != NDPI_PROTOCOL_UNKNOWN)
return(ret);
@@ -4323,10 +4347,11 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) {
/* ****************************************************** */
int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
- char *string_to_match, u_int string_to_match_len) {
+ char *string_to_match, u_int string_to_match_len,
+ u_int8_t is_host_match) {
int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN;
AC_TEXT_t ac_input_text;
- ndpi_automa *automa = &ndpi_struct->host_automa;
+ ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa;
if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN);
@@ -4347,8 +4372,9 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru
static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
char *string_to_match, u_int string_to_match_len,
- u_int16_t master_protocol_id) {
- int matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, string_to_match_len);
+ u_int16_t master_protocol_id,
+ u_int8_t is_host_match) {
+ int matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, string_to_match_len, is_host_match);
struct ndpi_packet_struct *packet = &flow->packet;
AC_TEXT_t ac_input_text;
@@ -4360,7 +4386,7 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str
strncpy(m, string_to_match, len);
m[len] = '\0';
- printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n",
+ printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n",
m, ndpi_struct->proto_defaults[matching_protocol_id].protoName);
}
#endif
@@ -4392,7 +4418,7 @@ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct
u_int16_t master_protocol_id) {
return(ndpi_automa_match_string_subprotocol(ndpi_struct,
flow, string_to_match, string_to_match_len,
- master_protocol_id));
+ master_protocol_id, 1));
}
/* ****************************************************** */
@@ -4403,7 +4429,7 @@ int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_str
u_int16_t master_protocol_id) {
return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow,
string_to_match, string_to_match_len,
- master_protocol_id));
+ master_protocol_id, 0));
}
/* ****************************************************** */
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c
index 99420b85e..8213d3b45 100644
--- a/src/lib/protocols/bittorrent.c
+++ b/src/lib/protocols/bittorrent.c
@@ -25,15 +25,53 @@
#include "ndpi_protocols.h"
#ifdef NDPI_PROTOCOL_BITTORRENT
-#define NDPI_PROTOCOL_UNSAFE_DETECTION 0
-#define NDPI_PROTOCOL_SAFE_DETECTION 1
+#define NDPI_PROTOCOL_UNSAFE_DETECTION 0
+#define NDPI_PROTOCOL_SAFE_DETECTION 1
+
+#define NDPI_PROTOCOL_PLAIN_DETECTION 0
+#define NDPI_PROTOCOL_WEBSEED_DETECTION 2
+
+
+struct ndpi_utp_hdr {
+ u_int8_t h_version:4, h_type:4, next_extension;
+ u_int16_t connection_id;
+ u_int32_t ts_usec, tdiff_usec, window_size;
+ u_int16_t sequence_nr, ack_nr;
+};
+
+static u_int8_t is_utp_pkt(const u_int8_t *payload, u_int payload_len) {
+ struct ndpi_utp_hdr *h = (struct ndpi_utp_hdr*)payload;
+
+ if(payload_len < sizeof(struct ndpi_utp_hdr)) return(0);
+ if(h->h_version != 1) return(0);
+ if(h->h_type > 4) return(0);
+ if(h->next_extension > 2) return(0);
+ if(ntohl(h->window_size) > 65565) return(0);
+
+ return(1);
+}
-#define NDPI_PROTOCOL_PLAIN_DETECTION 0
-#define NDPI_PROTOCOL_WEBSEED_DETECTION 2
static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
+ int bt_offset, int check_hash,
const u_int8_t save_detection, const u_int8_t encrypted_connection/* , */
/* ndpi_protocol_type_t protocol_type */)
{
+ if(check_hash) {
+ const char *bt_hash = NULL; /* 20 bytes long */
+ const char *peer_id = NULL; /* 20 bytes long */
+
+ if(bt_offset == -1) {
+ const char *bt_magic = ndpi_strnstr((const char *)flow->packet.payload,
+ "BitTorrent protocol", flow->packet.payload_packet_len);
+
+ if(bt_magic)
+ bt_hash = &bt_magic[19], peer_id = &bt_magic[39];
+ } else
+ bt_hash = (const char*)&flow->packet.payload[28], peer_id = (const char*)&flow->packet.payload[48];
+
+ if(bt_hash) memcpy(flow->bittorent_hash, bt_hash, 20);
+ }
+
ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN);
}
@@ -43,61 +81,57 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t a = 0;
- if (packet->payload_packet_len == 1 && packet->payload[0] == 0x13) {
+ if(packet->payload_packet_len == 1 && packet->payload[0] == 0x13) {
/* reset stage back to 0 so we will see the next packet here too */
flow->bittorrent_stage = 0;
return 0;
}
- if (flow->packet_counter == 2 && packet->payload_packet_len > 20) {
- if (memcmp(&packet->payload[0], "BitTorrent protocol", 19) == 0) {
+ if(flow->packet_counter == 2 && packet->payload_packet_len > 20) {
+ if(memcmp(&packet->payload[0], "BitTorrent protocol", 19) == 0) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT,
ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, 19, 1,
NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */
/* NDPI_REAL_PROTOCOL */);
return 1;
}
}
-
- if (packet->payload_packet_len > 20) {
+ if(packet->payload_packet_len > 20) {
/* test for match 0x13+"BitTorrent protocol" */
- if (packet->payload[0] == 0x13) {
- if (memcmp(&packet->payload[1], "BitTorrent protocol", 19) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_BITTORRENT,
- ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */
- /* NDPI_REAL_PROTOCOL */);
+ if(packet->payload[0] == 0x13) {
+ if(memcmp(&packet->payload[1], "BitTorrent protocol", 19) == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n");
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, 20, 1,
+ NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
return 1;
}
}
}
- if (packet->payload_packet_len > 23 && memcmp(packet->payload, "GET /webseed?info_hash=", 23) == 0) {
+ if(packet->payload_packet_len > 23 && memcmp(packet->payload, "GET /webseed?info_hash=", 23) == 0) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct,
NDPI_LOG_TRACE, "BT: plain webseed BitTorrent protocol detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION/* , */
- /* NDPI_CORRELATED_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION);
return 1;
}
/* seen Azureus as server for webseed, possibly other servers existing, to implement */
/* is Server: hypertracker Bittorrent? */
/* no asymmetric detection possible for answer of pattern "GET /data?fid=". */
- if (packet->payload_packet_len > 60
+ if(packet->payload_packet_len > 60
&& memcmp(packet->payload, "GET /data?fid=", 14) == 0 && memcmp(&packet->payload[54], "&size=", 6) == 0) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct,
NDPI_LOG_TRACE, "BT: plain Bitcomet persistent seed protocol detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION/* , */
/* NDPI_CORRELATED_PROTOCOL */);
return 1;
}
- if (packet->payload_packet_len > 90 && (memcmp(packet->payload, "GET ", 4) == 0
+ if(packet->payload_packet_len > 90 && (memcmp(packet->payload, "GET ", 4) == 0
|| memcmp(packet->payload, "POST ", 5) == 0)) {
const u_int8_t *ptr = &packet->payload[4];
u_int16_t len = packet->payload_packet_len - 4;
@@ -107,32 +141,30 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
/* parse complete get packet here into line structure elements */
ndpi_parse_packet_line_info(ndpi_struct, flow);
/* answer to this pattern is HTTP....Server: hypertracker */
- if (packet->user_agent_line.ptr != NULL
+ if(packet->user_agent_line.ptr != NULL
&& ((packet->user_agent_line.len > 8 && memcmp(packet->user_agent_line.ptr, "Azureus ", 8) == 0)
|| (packet->user_agent_line.len >= 10 && memcmp(packet->user_agent_line.ptr, "BitTorrent", 10) == 0)
|| (packet->user_agent_line.len >= 11 && memcmp(packet->user_agent_line.ptr, "BTWebClient", 11) == 0))) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct,
NDPI_LOG_TRACE, "Azureus /Bittorrent user agent line detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION/* , */
- /* NDPI_CORRELATED_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION);
return 1;
}
- if (packet->user_agent_line.ptr != NULL
- && (packet->user_agent_line.len >= 9 && memcmp(packet->user_agent_line.ptr, "Shareaza ", 9) == 0)
- && (packet->parsed_lines > 8 && packet->line[8].ptr != 0
- && packet->line[8].len >= 9 && memcmp(packet->line[8].ptr, "X-Queue: ", 9) == 0)) {
+ if(packet->user_agent_line.ptr != NULL
+ && (packet->user_agent_line.len >= 9 && memcmp(packet->user_agent_line.ptr, "Shareaza ", 9) == 0)
+ && (packet->parsed_lines > 8 && packet->line[8].ptr != 0
+ && packet->line[8].len >= 9 && memcmp(packet->line[8].ptr, "X-Queue: ", 9) == 0)) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct,
NDPI_LOG_TRACE, "Bittorrent Shareaza detected.\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION/* , */
- /* NDPI_CORRELATED_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION);
return 1;
}
/* this is a self built client, not possible to catch asymmetrically */
- if ((packet->parsed_lines == 10 || (packet->parsed_lines == 11 && packet->line[11].len == 0))
+ if((packet->parsed_lines == 10 || (packet->parsed_lines == 11 && packet->line[11].len == 0))
&& packet->user_agent_line.ptr != NULL
&& packet->user_agent_line.len > 12
&& memcmp(packet->user_agent_line.ptr, "Mozilla/4.0 ",
@@ -160,15 +192,13 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
&& packet->line[8].len > 22 && memcmp(packet->line[8].ptr, "Cache-Control: no-cache", 23) == 0) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "Bitcomet LTS detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */
- /* NDPI_CORRELATED_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
return 1;
-
}
/* FlashGet pattern */
- if (packet->parsed_lines == 8
+ if(packet->parsed_lines == 8
&& packet->user_agent_line.ptr != NULL
&& packet->user_agent_line.len > (sizeof("Mozilla/4.0 (compatible; MSIE 6.0;") - 1)
&& memcmp(packet->user_agent_line.ptr, "Mozilla/4.0 (compatible; MSIE 6.0;",
@@ -187,13 +217,12 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
&& packet->line[6].len > 21 && memcmp(packet->line[6].ptr, "Connection: Keep-Alive", 22) == 0) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "FlashGet detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */
- /* NDPI_CORRELATED_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
return 1;
-
}
- if (packet->parsed_lines == 7
+
+ if(packet->parsed_lines == 7
&& packet->user_agent_line.ptr != NULL
&& packet->user_agent_line.len > (sizeof("Mozilla/4.0 (compatible; MSIE 6.0;") - 1)
&& memcmp(packet->user_agent_line.ptr, "Mozilla/4.0 (compatible; MSIE 6.0;",
@@ -209,19 +238,17 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
&& packet->line[5].len > 21 && memcmp(packet->line[5].ptr, "Connection: Keep-Alive", 22) == 0) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "FlashGet detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */
- /* NDPI_CORRELATED_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
return 1;
-
}
/* answer to this pattern is not possible to implement asymmetrically */
while (1) {
- if (len < 50 || ptr[0] == 0x0d) {
+ if(len < 50 || ptr[0] == 0x0d) {
goto ndpi_end_bt_tracker_check;
}
- if (memcmp(ptr, "info_hash=", 10) == 0) {
+ if(memcmp(ptr, "info_hash=", 10) == 0) {
break;
}
len--;
@@ -237,40 +264,40 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
/* parse bt hash */
for (a = 0; a < 20; a++) {
- if (len < 3) {
+ if(len < 3) {
goto ndpi_end_bt_tracker_check;
}
- if (*ptr == '%') {
+ if(*ptr == '%') {
u_int8_t x1 = 0xFF;
u_int8_t x2 = 0xFF;
- if (ptr[1] >= '0' && ptr[1] <= '9') {
+ if(ptr[1] >= '0' && ptr[1] <= '9') {
x1 = ptr[1] - '0';
}
- if (ptr[1] >= 'a' && ptr[1] <= 'f') {
+ if(ptr[1] >= 'a' && ptr[1] <= 'f') {
x1 = 10 + ptr[1] - 'a';
}
- if (ptr[1] >= 'A' && ptr[1] <= 'F') {
+ if(ptr[1] >= 'A' && ptr[1] <= 'F') {
x1 = 10 + ptr[1] - 'A';
}
- if (ptr[2] >= '0' && ptr[2] <= '9') {
+ if(ptr[2] >= '0' && ptr[2] <= '9') {
x2 = ptr[2] - '0';
}
- if (ptr[2] >= 'a' && ptr[2] <= 'f') {
+ if(ptr[2] >= 'a' && ptr[2] <= 'f') {
x2 = 10 + ptr[2] - 'a';
}
- if (ptr[2] >= 'A' && ptr[2] <= 'F') {
+ if(ptr[2] >= 'A' && ptr[2] <= 'F') {
x2 = 10 + ptr[2] - 'A';
}
- if (x1 == 0xFF || x2 == 0xFF) {
+ if(x1 == 0xFF || x2 == 0xFF) {
goto ndpi_end_bt_tracker_check;
}
ptr += 3;
len -= 3;
- } else if (*ptr >= 32 && *ptr < 127) {
+ } else if(*ptr >= 32 && *ptr < 127) {
ptr++;
len--;
} else {
@@ -280,15 +307,14 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct,
NDPI_LOG_TRACE, " BT stat: tracker info hash parsed\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */
- /* NDPI_CORRELATED_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
return 1;
}
ndpi_end_bt_tracker_check:
- if (packet->payload_packet_len == 80) {
+ if(packet->payload_packet_len == 80) {
/* Warez 80 Bytes Packet
* +----------------+---------------+-----------------+-----------------+
* |20 BytesPattern | 32 Bytes Value| 12 BytesPattern | 16 Bytes Data |
@@ -306,30 +332,28 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
};
/* did not see this pattern anywhere */
- if ((memcmp(&packet->payload[0], pattern_20_bytes, 20) == 0)
+ if((memcmp(&packet->payload[0], pattern_20_bytes, 20) == 0)
&& (memcmp(&packet->payload[52], pattern_12_bytes, 12) == 0)) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct,
NDPI_LOG_TRACE, "BT: Warez - Plain BitTorrent protocol detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */
- /* NDPI_REAL_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
return 1;
}
}
- else if (packet->payload_packet_len > 50) {
- if (memcmp(packet->payload, "GET", 3) == 0) {
+ else if(packet->payload_packet_len > 50) {
+ if(memcmp(packet->payload, "GET", 3) == 0) {
ndpi_parse_packet_line_info(ndpi_struct, flow);
/* haven't fount this pattern anywhere */
- if (packet->host_line.ptr != NULL
+ if(packet->host_line.ptr != NULL
&& packet->host_line.len >= 9 && memcmp(packet->host_line.ptr, "ip2p.com:", 9) == 0) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT,
ndpi_struct, NDPI_LOG_TRACE,
"BT: Warez - Plain BitTorrent protocol detected due to Host: ip2p.com: pattern\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION/* , */
- /* NDPI_CORRELATED_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION);
return 1;
}
}
@@ -341,17 +365,16 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module
/*Search for BitTorrent commands*/
static void ndpi_int_search_bittorrent_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
-
struct ndpi_packet_struct *packet = &flow->packet;
- if (packet->payload_packet_len == 0) {
+ if(packet->payload_packet_len == 0) {
return;
}
- if (flow->bittorrent_stage == 0 && packet->payload_packet_len != 0) {
+ if(flow->bittorrent_stage == 0 && packet->payload_packet_len != 0) {
/* exclude stage 0 detection from next run */
flow->bittorrent_stage = 1;
- if (ndpi_int_search_bittorrent_tcp_zero(ndpi_struct, flow) != 0) {
+ if(ndpi_int_search_bittorrent_tcp_zero(ndpi_struct, flow) != 0) {
NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_DEBUG,
"stage 0 has detected something, returning\n");
return;
@@ -367,6 +390,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st
{
struct ndpi_packet_struct *packet = &flow->packet;
int no_bittorrent = 0;
+ char *bt_proto = NULL;
/* This is broadcast */
if(packet->iph
@@ -378,10 +402,10 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st
return;
}
- if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_BITTORRENT) {
+ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_BITTORRENT) {
/* check for tcp retransmission here */
- if ((packet->tcp != NULL)
+ if((packet->tcp != NULL)
&& (packet->tcp_retransmission == 0 || packet->num_retried_bytes)) {
ndpi_int_search_bittorrent_tcp(ndpi_struct, flow);
}
@@ -400,9 +424,8 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st
if(packet->payload_packet_len >= 23 /* min header size */) {
if(strncmp((const char*)packet->payload, bt_search, strlen(bt_search)) == 0) {
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */
- /* NDPI_REAL_PROTOCOL */);
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1,
+ NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
return;
} else {
/* Check if this is protocol v0 */
@@ -414,27 +437,31 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st
u_int8_t v1_extension = packet->payload[1];
u_int32_t v1_window_size = *((u_int32_t*)&packet->payload[12]);
- if((packet->payload[0]== 0x60)
+ if(is_utp_pkt(packet->payload, packet->payload_packet_len))
+ goto bittorrent_found;
+ else if((packet->payload[0]== 0x60)
&& (packet->payload[1]== 0x0)
&& (packet->payload[2]== 0x0)
&& (packet->payload[3]== 0x0)
&& (packet->payload[4]== 0x0)) {
/* Heuristic */
+ bt_proto = ndpi_strnstr((const char *)&packet->payload[20], "BitTorrent protocol", packet->payload_packet_len-20);
goto bittorrent_found;
} else if(((v1_version & 0x0f) == 1)
&& ((v1_version >> 4) < 5 /* ST_NUM_STATES */)
&& (v1_extension < 3 /* EXT_NUM_EXT */)
&& (v1_window_size < 32768 /* 32k */)
) {
+ bt_proto = ndpi_strnstr((const char *)&packet->payload[20], "BitTorrent protocol", packet->payload_packet_len-20);
goto bittorrent_found;
- } else if((v0_flags < 6 /* ST_NUM_STATES */)
- && (v0_extension < 3 /* EXT_NUM_EXT */)) {
+ } else if((v0_flags < 6 /* ST_NUM_STATES */) && (v0_extension < 3 /* EXT_NUM_EXT */)) {
u_int32_t ts = ntohl(*((u_int32_t*)&(packet->payload[4])));
u_int32_t now;
now = (u_int32_t)time(NULL);
if((ts < (now+86400)) && (ts > (now-86400))) {
+ bt_proto = ndpi_strnstr((const char *)&packet->payload[20], "BitTorrent protocol", packet->payload_packet_len-20);
goto bittorrent_found;
}
}
@@ -444,24 +471,28 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st
flow->bittorrent_stage++;
if(flow->bittorrent_stage < 10) {
- if(packet->payload_packet_len > 19 /* min size */) {
- if(ndpi_strnstr((const char *)packet->payload, ":target20:", packet->payload_packet_len)
- || ndpi_strnstr((const char *)packet->payload, ":find_node1:", packet->payload_packet_len)
- || ndpi_strnstr((const char *)packet->payload, "d1:ad2:id20:", packet->payload_packet_len)
- || ndpi_strnstr((const char *)packet->payload, ":info_hash20:", packet->payload_packet_len)
- || ndpi_strnstr((const char *)packet->payload, ":filter64", packet->payload_packet_len)
- || ndpi_strnstr((const char *)packet->payload, "d1:rd2:id20:", packet->payload_packet_len)
- || ndpi_strnstr((const char *)packet->payload, "BitTorrent protocol", packet->payload_packet_len)
- ) {
- bittorrent_found:
- NDPI_LOG(NDPI_PROTOCOL_BITTORRENT,
- ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n");
- ndpi_add_connection_as_bittorrent(ndpi_struct, flow,
- NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */
- /* NDPI_REAL_PROTOCOL */);
- return;
- }
- }
+ /* We have detected bittorrent but we need to wait until we get a hash */
+
+ if(packet->payload_packet_len > 19 /* min size */) {
+ if(ndpi_strnstr((const char *)packet->payload, ":target20:", packet->payload_packet_len)
+ || ndpi_strnstr((const char *)packet->payload, ":find_node1:", packet->payload_packet_len)
+ || ndpi_strnstr((const char *)packet->payload, "d1:ad2:id20:", packet->payload_packet_len)
+ || ndpi_strnstr((const char *)packet->payload, ":info_hash20:", packet->payload_packet_len)
+ || ndpi_strnstr((const char *)packet->payload, ":filter64", packet->payload_packet_len)
+ || ndpi_strnstr((const char *)packet->payload, "d1:rd2:id20:", packet->payload_packet_len)
+ || (bt_proto = ndpi_strnstr((const char *)packet->payload, "BitTorrent protocol", packet->payload_packet_len))
+ ) {
+ bittorrent_found:
+ if(bt_proto && (packet->payload_packet_len > 47))
+ memcpy(flow->bittorent_hash, &bt_proto[27], 20);
+
+ NDPI_LOG(NDPI_PROTOCOL_BITTORRENT,
+ ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n");
+ ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0,
+ NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
+ return;
+ }
+ }
return;
}
diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c
index cb78c9429..8ffc04d51 100644
--- a/src/lib/protocols/dhcp.c
+++ b/src/lib/protocols/dhcp.c
@@ -35,27 +35,27 @@ static void ndpi_int_dhcp_add_connection(struct ndpi_detection_module_struct *nd
void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
- struct ndpi_packet_struct *packet = &flow->packet;
+ struct ndpi_packet_struct *packet = &flow->packet;
-// struct ndpi_id_struct *src=ndpi_struct->src;
-// struct ndpi_id_struct *dst=ndpi_struct->dst;
+ // struct ndpi_id_struct *src=ndpi_struct->src;
+ // struct ndpi_id_struct *dst=ndpi_struct->dst;
- /* this detection also works for asymmetric dhcp traffic */
+ /* this detection also works for asymmetric dhcp traffic */
- /*check standard DHCP 0.0.0.0:68 -> 255.255.255.255:67 */
- if (packet->payload_packet_len >= 244 && (packet->udp->source == htons(67)
- || packet->udp->source == htons(68))
- && (packet->udp->dest == htons(67) || packet->udp->dest == htons(68))
- && get_u_int32_t(packet->payload, 236) == htonl(0x63825363)
- && get_u_int16_t(packet->payload, 240) == htons(0x3501)) {
+ /*check standard DHCP 0.0.0.0:68 -> 255.255.255.255:67 */
+ if (packet->payload_packet_len >= 244 && (packet->udp->source == htons(67)
+ || packet->udp->source == htons(68))
+ && (packet->udp->dest == htons(67) || packet->udp->dest == htons(68))
+ && get_u_int32_t(packet->payload, 236) == htonl(0x63825363)
+ && get_u_int16_t(packet->payload, 240) == htons(0x3501)) {
- NDPI_LOG(NDPI_PROTOCOL_DHCP, ndpi_struct, NDPI_LOG_DEBUG, "DHCP request\n");
+ NDPI_LOG(NDPI_PROTOCOL_DHCP, ndpi_struct, NDPI_LOG_DEBUG, "DHCP request\n");
- ndpi_int_dhcp_add_connection(ndpi_struct, flow);
- return;
- }
+ ndpi_int_dhcp_add_connection(ndpi_struct, flow);
+ return;
+ }
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DHCP);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DHCP);
}
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 8749f4d5e..c975465ea 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -60,43 +60,46 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
if((s_port == 53 || d_port == 53 || d_port == 5355)
&& (flow->packet.payload_packet_len > sizeof(struct ndpi_dns_packet_header)))
{
- struct ndpi_dns_packet_header *dns_header = (struct ndpi_dns_packet_header*) &flow->packet.payload[x];
+ struct ndpi_dns_packet_header dns_header;
int invalid = 0;
- dns_header->tr_id = ntohs(dns_header->tr_id);
- dns_header->flags = ntohs(dns_header->flags);
- dns_header->num_queries = ntohs(dns_header->num_queries);
- dns_header->num_answers = ntohs(dns_header->num_answers);
- dns_header->authority_rrs = ntohs(dns_header->authority_rrs);
- dns_header->additional_rrs = ntohs(dns_header->additional_rrs);
+ memcpy(&dns_header, (struct ndpi_dns_packet_header*) &flow->packet.payload[x], sizeof(struct ndpi_dns_packet_header));
+ dns_header.tr_id = ntohs(dns_header.tr_id);
+ dns_header.flags = ntohs(dns_header.flags);
+ dns_header.num_queries = ntohs(dns_header.num_queries);
+ dns_header.num_answers = ntohs(dns_header.num_answers);
+ dns_header.authority_rrs = ntohs(dns_header.authority_rrs);
+ dns_header.additional_rrs = ntohs(dns_header.additional_rrs);
/* 0x0000 QUERY */
- if((dns_header->flags & FLAGS_MASK) == 0x0000)
+ if((dns_header.flags & FLAGS_MASK) == 0x0000)
is_query = 1;
/* 0x8000 RESPONSE */
- else if((dns_header->flags & FLAGS_MASK) != 0x8000)
+ else if((dns_header.flags & FLAGS_MASK) != 0x8000)
is_query = 0;
else
invalid = 1;
- if(is_query) {
- /* DNS Request */
- if((dns_header->num_queries > 0) && (dns_header->num_queries <= NDPI_MAX_DNS_REQUESTS)
- && (((dns_header->flags & 0x2800) == 0x2800 /* Dynamic DNS Update */)
- || ((dns_header->num_answers == 0) && (dns_header->authority_rrs == 0)))) {
- /* This is a good query */
- } else
- invalid = 1;
- } else {
- /* DNS Reply */
- if((dns_header->num_queries > 0) && (dns_header->num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */
- && (((dns_header->num_answers > 0) && (dns_header->num_answers <= NDPI_MAX_DNS_REQUESTS))
- || ((dns_header->authority_rrs > 0) && (dns_header->authority_rrs <= NDPI_MAX_DNS_REQUESTS))
- || ((dns_header->additional_rrs > 0) && (dns_header->additional_rrs <= NDPI_MAX_DNS_REQUESTS)))
- ) {
- /* This is a good reply */
- } else
- invalid = 1;
+ if(!invalid) {
+ if(is_query) {
+ /* DNS Request */
+ if((dns_header.num_queries > 0) && (dns_header.num_queries <= NDPI_MAX_DNS_REQUESTS)
+ && (((dns_header.flags & 0x2800) == 0x2800 /* Dynamic DNS Update */)
+ || ((dns_header.num_answers == 0) && (dns_header.authority_rrs == 0)))) {
+ /* This is a good query */
+ } else
+ invalid = 1;
+ } else {
+ /* DNS Reply */
+ if((dns_header.num_queries > 0) && (dns_header.num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */
+ && (((dns_header.num_answers > 0) && (dns_header.num_answers <= NDPI_MAX_DNS_REQUESTS))
+ || ((dns_header.authority_rrs > 0) && (dns_header.authority_rrs <= NDPI_MAX_DNS_REQUESTS))
+ || ((dns_header.additional_rrs > 0) && (dns_header.additional_rrs <= NDPI_MAX_DNS_REQUESTS)))
+ ) {
+ /* This is a good reply */
+ } else
+ invalid = 1;
+ }
}
if(invalid) {
@@ -106,7 +109,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
}
/* extract host name server */
- ret_code = (is_query == 0) ? 0 : (dns_header->flags & 0x0F);
+ ret_code = (is_query == 0) ? 0 : (dns_header.flags & 0x0F);
int j = 0;
int off = sizeof(struct ndpi_dns_packet_header) + 1;
while((flow->packet.payload[off] != '\0'))
@@ -119,7 +122,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
}
flow->host_server_name[j] = '\0';
- flow->protos.dns.num_answers = (u_int8_t) (dns_header->num_answers + dns_header->authority_rrs + dns_header->additional_rrs);
+ flow->protos.dns.num_answers = (u_int8_t) (dns_header.num_answers + dns_header.authority_rrs + dns_header.additional_rrs);
flow->protos.dns.ret_code = ret_code;
if(j > 0)
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index ced34c099..caac7390b 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -37,18 +37,14 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd
/* If no custom protocol has been detected */
if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
- if(protocol != NDPI_PROTOCOL_HTTP) {
- ndpi_search_tcp_or_udp(ndpi_struct, flow);
- ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
- } else {
+ if(protocol == NDPI_PROTOCOL_HTTP)
ndpi_int_reset_protocol(flow);
- ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
- }
+
+ ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
}
flow->http_detected = 1;
}
-
}
#ifdef NDPI_CONTENT_FLASH
@@ -202,21 +198,14 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc
/*
NOTE
-
+
If http_dont_dissect_response = 1 dissection of HTTP response
mime types won't happen
- */
-
- if(!ndpi_struct->http_dont_dissect_response) {
- if(flow->http.url && flow->http_detected)
- ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)&flow->http.url[7],
- strlen((const char *)&flow->http.url[7]),
- NDPI_PROTOCOL_HTTP);
- } else
- ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name,
- strlen((const char *)flow->host_server_name),
- NDPI_PROTOCOL_HTTP);
- }
+ */
+ ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name,
+ strlen((const char *)flow->host_server_name),
+ NDPI_PROTOCOL_HTTP);
+ }
}
/*
diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c
index 3d79561ac..94386d61e 100644
--- a/src/lib/protocols/sip.c
+++ b/src/lib/protocols/sip.c
@@ -19,7 +19,7 @@
*
* You should have received a copy of the GNU Lesser General Public License
* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
+ *
*/
@@ -31,7 +31,7 @@ static void ndpi_int_sip_add_connection(struct ndpi_detection_module_struct *ndp
u_int8_t due_to_correlation) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SIP, NDPI_PROTOCOL_UNKNOWN);
}
-
+
#if !defined(WIN32)
static inline
#else
@@ -41,7 +41,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
-
+
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
const u_int8_t *packet_payload = packet->payload;
@@ -92,7 +92,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct
* maybe it could be deleted, if somebody sees it in the first direction,
* please delete this comment.
*/
-
+
/*
if (memcmp(packet_payload, "SIP/2.0 200 OK", 14) == 0 || memcmp(packet_payload, "sip/2.0 200 OK", 14) == 0) {
NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip SIP/2.0 0K.\n");
@@ -121,7 +121,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct
}
if ((memcmp(packet_payload, "CANCEL ", 7) == 0 || memcmp(packet_payload, "cancel ", 7) == 0)
- && (memcmp(&packet_payload[4], "SIP:", 7) == 0 || memcmp(&packet_payload[4], "sip:", 7) == 0)) {
+ && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) {
NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip CANCEL.\n");
ndpi_int_sip_add_connection(ndpi_struct, flow, 0);
return;
diff --git a/src/lib/protocols/socks4.c b/src/lib/protocols/socks4.c
deleted file mode 100644
index 87bc3a634..000000000
--- a/src/lib/protocols/socks4.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * socks4.c
- *
- * Copyright (C) 2014 Tomasz Bujlow <tomasz@skatnet.dk>
- *
- * The signature is based on the Libprotoident library.
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-
-#include "ndpi_api.h"
-
-#ifdef NDPI_PROTOCOL_SOCKS4
-static void ndpi_int_socks4_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOCKS4, NDPI_PROTOCOL_UNKNOWN);
-}
-
-static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &flow->packet;
- u_int32_t payload_len = packet->payload_packet_len;
-
- /* Break after 20 packets. */
- if (flow->packet_counter > 20) {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS4, ndpi_struct, NDPI_LOG_DEBUG, "Exclude SOCKS4.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCKS4);
- return;
- }
-
- /* Check if we so far detected the protocol in the request or not. */
- if (flow->socks4_stage == 0) {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS4, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage 0: \n");
-
- /*Octets 3 and 4 contain the port number, port 80 and 25 for now. */
- if ((payload_len == 9) &&
- (((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x50))
- ||
- ((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x19)))) {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS4, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS4 request detected, we will look further for the response...\n");
-
- /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */
- flow->socks4_stage = packet->packet_direction + 1;
- }
-
- } else {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS4, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage %u: \n", flow->socks4_stage);
-
- /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */
- if ((flow->socks4_stage - packet->packet_direction) == 1) {
- return;
- }
-
- /* This is a packet in another direction. Check if we find the proper response. */
- if (payload_len == 0) {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS4, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS4.\n");
- ndpi_int_socks4_add_connection(ndpi_struct, flow);
- } else {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS4, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS4, resetting the stage to 0...\n");
- flow->socks4_stage = 0;
- }
-
- }
-}
-
-void ndpi_search_socks4(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &flow->packet;
-
- NDPI_LOG(NDPI_PROTOCOL_SOCKS4, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 detection...\n");
-
- /* skip marked packets */
- if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SOCKS4) {
- if (packet->tcp_retransmission == 0) {
- ndpi_check_socks4(ndpi_struct, flow);
- }
- }
-}
-
-#endif
diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c
new file mode 100644
index 000000000..7ad0868d2
--- /dev/null
+++ b/src/lib/protocols/socks45.c
@@ -0,0 +1,155 @@
+/*
+ * socks4.c
+ *
+ * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2014 Tomasz Bujlow <tomasz@skatnet.dk>
+ *
+ * The signature is based on the Libprotoident library.
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_api.h"
+
+#ifdef NDPI_PROTOCOL_SOCKS
+static void ndpi_int_socks_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOCKS, NDPI_PROTOCOL_UNKNOWN);
+}
+
+static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int32_t payload_len = packet->payload_packet_len;
+
+ /* Break after 20 packets. */
+ if(flow->packet_counter > 20) {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude SOCKS4.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCKS);
+ return;
+ }
+
+ /* Check if we so far detected the protocol in the request or not. */
+ if(flow->socks4_stage == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage 0: \n");
+
+ /*Octets 3 and 4 contain the port number, port 80 and 25 for now. */
+ if((payload_len == 9) &&
+ (((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x50))
+ ||
+ ((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x19)))) {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS4 request detected, we will look further for the response...\n");
+
+ /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */
+ flow->socks4_stage = packet->packet_direction + 1;
+ }
+
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage %u: \n", flow->socks4_stage);
+
+ /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */
+ if((flow->socks4_stage - packet->packet_direction) == 1) {
+ return;
+ }
+
+ /* This is a packet in another direction. Check if we find the proper response. */
+ if(payload_len == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS4.\n");
+ ndpi_int_socks_add_connection(ndpi_struct, flow);
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS4, resetting the stage to 0...\n");
+ flow->socks4_stage = 0;
+ }
+
+ }
+}
+
+static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int32_t payload_len = packet->payload_packet_len;
+
+ /* Break after 20 packets. */
+ if(flow->packet_counter > 20) {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude SOCKS5.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCKS);
+ return;
+ }
+
+ /* Check if we so far detected the protocol in the request or not. */
+ if(flow->socks5_stage == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS5 stage 0: \n");
+
+ if((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS5 request detected, we will look further for the response...\n");
+
+ /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */
+ flow->socks5_stage = packet->packet_direction + 1;
+ }
+
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS5 stage %u: \n", flow->socks5_stage);
+
+ /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */
+ if((flow->socks5_stage - packet->packet_direction) == 1) {
+ return;
+ }
+
+ /* This is a packet in another direction. Check if we find the proper response. */
+ if((payload_len == 0) || ((payload_len == 2) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x00))) {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS5.\n");
+ ndpi_int_socks_add_connection(ndpi_struct, flow);
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS5, resetting the stage to 0...\n");
+ flow->socks5_stage = 0;
+ }
+
+ }
+}
+
+void ndpi_search_socks(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+
+ NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS detection...\n");
+
+ /* skip marked packets */
+ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SOCKS) {
+ if(packet->tcp_retransmission == 0) {
+ ndpi_check_socks4(ndpi_struct, flow);
+
+ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SOCKS)
+ ndpi_check_socks5(ndpi_struct, flow);
+ }
+ }
+}
+
+void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("SOCKS", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SOCKS,
+ ndpi_search_socks,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
+#endif
diff --git a/src/lib/protocols/socks5.c b/src/lib/protocols/socks5.c
deleted file mode 100644
index f7cf89dfc..000000000
--- a/src/lib/protocols/socks5.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * socks5.c
- *
- * Copyright (C) 2014 Tomasz Bujlow <tomasz@skatnet.dk>
- *
- * The signature is based on the Libprotoident library.
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-
-#include "ndpi_api.h"
-
-#ifdef NDPI_PROTOCOL_SOCKS5
-static void ndpi_int_socks5_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOCKS5, NDPI_PROTOCOL_UNKNOWN);
-}
-
-static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &flow->packet;
- u_int32_t payload_len = packet->payload_packet_len;
-
- /* Break after 20 packets. */
- if (flow->packet_counter > 20) {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS5, ndpi_struct, NDPI_LOG_DEBUG, "Exclude SOCKS5.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCKS5);
- return;
- }
-
- /* Check if we so far detected the protocol in the request or not. */
- if (flow->socks5_stage == 0) {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS5, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS5 stage 0: \n");
-
- if ((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS5, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS5 request detected, we will look further for the response...\n");
-
- /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */
- flow->socks5_stage = packet->packet_direction + 1;
- }
-
- } else {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS5, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS5 stage %u: \n", flow->socks5_stage);
-
- /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */
- if ((flow->socks5_stage - packet->packet_direction) == 1) {
- return;
- }
-
- /* This is a packet in another direction. Check if we find the proper response. */
- if ((payload_len == 0) || ((payload_len == 2) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x00))) {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS5, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS5.\n");
- ndpi_int_socks5_add_connection(ndpi_struct, flow);
- } else {
- NDPI_LOG(NDPI_PROTOCOL_SOCKS5, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS5, resetting the stage to 0...\n");
- flow->socks5_stage = 0;
- }
-
- }
-}
-
-void ndpi_search_socks5(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &flow->packet;
-
- NDPI_LOG(NDPI_PROTOCOL_SOCKS5, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS5 detection...\n");
-
- /* skip marked packets */
- if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SOCKS5) {
- if (packet->tcp_retransmission == 0) {
- ndpi_check_socks5(ndpi_struct, flow);
- }
- }
-}
-
-#endif
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
index bc0aa4f3c..2269ae782 100644
--- a/src/lib/protocols/ssl.c
+++ b/src/lib/protocols/ssl.c
@@ -92,11 +92,12 @@ static void ndpi_int_ssl_add_connection(struct ndpi_detection_module_struct *ndp
((ch) >= '{' && (ch) <= '~'))
static void stripCertificateTrailer(char *buffer, int buffer_len) {
- int i;
+
+ int i, is_puny;
// printf("->%s<-\n", buffer);
- for(i=0; i<buffer_len; i++) {
+ for(i = 0; i < buffer_len; i++) {
// printf("%c [%d]\n", buffer[i], buffer[i]);
if((buffer[i] != '.')
@@ -110,21 +111,28 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) {
}
}
- if(i > 0) i--;
-
- while(i > 0) {
- if(!ndpi_isalpha(buffer[i])) {
- buffer[i] = '\0';
- buffer_len = i;
- i--;
- } else
- break;
- }
-
- for(i=buffer_len; i>0; i--) {
- if(buffer[i] == '.') break;
- else if(ndpi_isdigit(buffer[i]))
- buffer[i] = '\0', buffer_len = i;
+ /* check for punycode encoding */
+ is_puny = check_punycode_string(buffer, buffer_len);
+
+ // not a punycode string - need more checks
+ if(is_puny == 0) {
+
+ if(i > 0) i--;
+
+ while(i > 0) {
+ if(!ndpi_isalpha(buffer[i])) {
+ buffer[i] = '\0';
+ buffer_len = i;
+ i--;
+ } else
+ break;
+ }
+
+ for(i = buffer_len; i > 0; i--) {
+ if(buffer[i] == '.') break;
+ else if(ndpi_isdigit(buffer[i]))
+ buffer[i] = '\0', buffer_len = i;
+ }
}
}
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index 69e1cad52..e21f9331b 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -27,7 +27,7 @@
#ifdef NDPI_PROTOCOL_STUN
-#define MAX_NUM_STUN_PKTS 6
+#define MAX_NUM_STUN_PKTS 10
struct stun_packet_header {
@@ -55,8 +55,13 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
u_int16_t msg_type, msg_len;
struct stun_packet_header *h = (struct stun_packet_header*)payload;
- if(payload_length < sizeof(struct stun_packet_header))
- return(NDPI_IS_NOT_STUN);
+ if(payload_length < sizeof(struct stun_packet_header)) {
+ if(flow->num_stun_udp_pkts > 0) {
+ *is_whatsapp = 1;
+ return NDPI_IS_STUN; /* This is WhatsApp Voice */
+ } else
+ return(NDPI_IS_NOT_STUN);
+ }
if((strncmp((const char*)payload, (const char*)"RSP/", 4) == 0)
&& (strncmp((const char*)&payload[7], (const char*)" STUN_", 6) == 0)) {
@@ -215,10 +220,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
#endif
- if(
- ((flow->num_stun_udp_pkts > 0) && (msg_type == 0x0800))
- || ((msg_type == 0x0800) && (msg_len == 106))
- ) {
+ if((flow->num_stun_udp_pkts > 0) && (msg_type <= 0x00FF)) {
*is_whatsapp = 1;
return NDPI_IS_STUN; /* This is WhatsApp Voice */
} else
diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c
index 9f9febfeb..2c6792551 100644
--- a/src/lib/protocols/tcp_udp.c
+++ b/src/lib/protocols/tcp_udp.c
@@ -30,6 +30,7 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc
u_int16_t sport, u_int16_t dport) /* host endianess */
{
u_int16_t rc;
+ struct in_addr host;
if(protocol == IPPROTO_UDP) {
if((sport == dport) && (sport == 17500)) {
@@ -37,9 +38,12 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc
}
}
- if((rc = ndpi_host_ptree_match(ndpi_struct, htonl(saddr))) != NDPI_PROTOCOL_UNKNOWN) return(rc);
-
- return(ndpi_host_ptree_match(ndpi_struct, htonl(daddr)));
+ host.s_addr = htonl(saddr);
+ if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN)
+ return (rc);
+
+ host.s_addr = htonl(daddr);
+ return (ndpi_network_ptree_match(ndpi_struct, &host));
}
void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c
index f2c2eae4c..f53e5da66 100644
--- a/src/lib/protocols/tor.c
+++ b/src/lib/protocols/tor.c
@@ -24,7 +24,7 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
if((certificate == NULL)
|| (strlen(certificate) < 6)
- || strncmp(certificate, "www.", 4))
+ || !(strncmp(certificate, "www.", 4)))
return(0);
// printf("***** [SSL] %s(): %s\n", __FUNCTION__, certificate);
diff --git a/src/lib/protocols/veohtv.c b/src/lib/protocols/veohtv.c
deleted file mode 100644
index a3ab267b9..000000000
--- a/src/lib/protocols/veohtv.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * veohtv.c
- *
- * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-
-#include "ndpi_api.h"
-
-
-#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV
-
-static void ndpi_int_veohtv_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV, NDPI_PROTOCOL_UNKNOWN);
-}
-
-void ndpi_search_veohtv_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &flow->packet;
-
-// struct ndpi_id_struct *src=ndpi_struct->src;
-// struct ndpi_id_struct *dst=ndpi_struct->dst;
-
- if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV)
- return;
-
- if (flow->l4.tcp.veoh_tv_stage == 1 || flow->l4.tcp.veoh_tv_stage == 2) {
- if (packet->packet_direction != flow->setup_packet_direction &&
- packet->payload_packet_len > NDPI_STATICSTRING_LEN("HTTP/1.1 20")
- && memcmp(packet->payload, "HTTP/1.1 ", NDPI_STATICSTRING_LEN("HTTP/1.1 ")) == 0 &&
- (packet->payload[NDPI_STATICSTRING_LEN("HTTP/1.1 ")] == '2' ||
- packet->payload[NDPI_STATICSTRING_LEN("HTTP/1.1 ")] == '3' ||
- packet->payload[NDPI_STATICSTRING_LEN("HTTP/1.1 ")] == '4' ||
- packet->payload[NDPI_STATICSTRING_LEN("HTTP/1.1 ")] == '5')) {
-#ifdef NDPI_CONTENT_FLASH
- ndpi_parse_packet_line_info(ndpi_struct, flow);
- if (packet->detected_protocol_stack[0] == NDPI_CONTENT_FLASH &&
- packet->server_line.ptr != NULL &&
- packet->server_line.len > NDPI_STATICSTRING_LEN("Veoh-") &&
- memcmp(packet->server_line.ptr, "Veoh-", NDPI_STATICSTRING_LEN("Veoh-")) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV, ndpi_struct, NDPI_LOG_DEBUG, "VeohTV detected.\n");
- ndpi_int_veohtv_add_connection(ndpi_struct, flow);
- return;
- }
-#endif
- if (flow->l4.tcp.veoh_tv_stage == 2) {
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask,
- NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV);
- return;
- }
- NDPI_LOG(NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV, ndpi_struct, NDPI_LOG_DEBUG, "VeohTV detected.\n");
- ndpi_int_veohtv_add_connection(ndpi_struct, flow);
- return;
- } else if (flow->packet_direction_counter[(flow->setup_packet_direction == 1) ? 0 : 1] > 3) {
- if (flow->l4.tcp.veoh_tv_stage == 2) {
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask,
- NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV);
- return;
- }
- NDPI_LOG(NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV, ndpi_struct, NDPI_LOG_DEBUG, "VeohTV detected.\n");
- ndpi_int_veohtv_add_connection(ndpi_struct, flow);
- return;
- } else {
- if (flow->packet_counter > 10) {
- if (flow->l4.tcp.veoh_tv_stage == 2) {
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask,
- NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV);
- return;
- }
- NDPI_LOG(NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV, ndpi_struct, NDPI_LOG_DEBUG, "VeohTV detected.\n");
- ndpi_int_veohtv_add_connection(ndpi_struct, flow);
- return;
- }
- return;
- }
- } else if (packet->udp) {
- /* UDP packets from Veoh Client Player
- *
- * packet starts with 16 byte random? value
- * then a 4 byte mode value
- * values between 21 and 26 has been seen
- * then a 4 byte counter */
-
- if (packet->payload_packet_len == 28 &&
- get_u_int32_t(packet->payload, 16) == htonl(0x00000021) &&
- get_u_int32_t(packet->payload, 20) == htonl(0x00000000) && get_u_int32_t(packet->payload, 24) == htonl(0x01040000)) {
- NDPI_LOG(NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV, ndpi_struct, NDPI_LOG_DEBUG, "UDP VeohTV found.\n");
- ndpi_int_veohtv_add_connection(ndpi_struct, flow);
- return;
- }
- }
-
-
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV);
-}
-
-
-void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
-{
- ndpi_set_bitmask_protocol_detection("HTTP_APPLICATION_VEOHTV", ndpi_struct, detection_bitmask, *id,
- NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV,
- ndpi_search_veohtv_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
-
-#endif
diff --git a/tests/pcap/Viber_session.pcap b/tests/pcap/Viber_session.pcap
new file mode 100644
index 000000000..f4bafa8e3
--- /dev/null
+++ b/tests/pcap/Viber_session.pcap
Binary files differ
diff --git a/tests/pcap/bittorrent.pcap b/tests/pcap/bittorrent.pcap
new file mode 100644
index 000000000..68f1ca203
--- /dev/null
+++ b/tests/pcap/bittorrent.pcap
Binary files differ
diff --git a/tests/pcap/bittorrent_utp.pcap b/tests/pcap/bittorrent_utp.pcap
new file mode 100644
index 000000000..c5aad330d
--- /dev/null
+++ b/tests/pcap/bittorrent_utp.pcap
Binary files differ
diff --git a/tests/pcap/viber_mobile.pcap b/tests/pcap/viber_mobile.pcap
new file mode 100644
index 000000000..d014e574d
--- /dev/null
+++ b/tests/pcap/viber_mobile.pcap
Binary files differ
diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out
index b569250c6..8840f63fd 100644
--- a/tests/result/KakaoTalk_chat.pcap.out
+++ b/tests/result/KakaoTalk_chat.pcap.out
@@ -1,10 +1,10 @@
Unknown 2 181 1
DNS 2 217 1
-HTTP 15 840 2
+HTTP 1 56 1
ICMP 1 147 1
-SSL 34 4913 5
+SSL 33 4830 4
Facebook 211 51558 11
-Google 1 164 1
+Google 16 1031 3
HTTP_Proxy 26 3926 1
KakaoTalk 55 9990 15
@@ -35,10 +35,10 @@ KakaoTalk 55 9990 15
25 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes]
26 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa]
27 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com]
- 28 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][14 pkts/784 bytes]
+ 28 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes]
29 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com]
30 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes]
- 31 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91/SSL][1 pkts/83 bytes]
+ 31 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes]
32 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com]
33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][SSL client: graph.facebook.com]
34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][SSL client: api.facebook.com]
diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out
index d3ab0c8ce..7a942006f 100644
--- a/tests/result/KakaoTalk_talk.pcap.out
+++ b/tests/result/KakaoTalk_talk.pcap.out
@@ -3,9 +3,9 @@ HTTP 5 280 1
QQ 15 1727 1
SSL_No_Cert 74 14132 2
RTP 2991 398751 2
-SSL 10 1517 5
+SSL 8 1378 3
Facebook 2 197 1
-Google 2 220 2
+Google 4 359 4
HTTP_Proxy 16 1838 2
Tor 40 10538 1
KakaoTalk_Voice 44 6196 2
@@ -27,8 +27,8 @@ KakaoTalk_Voice 44 6196 2
15 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes]
16 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes]
17 UDP 1.201.1.174:23044 <-> 10.24.82.188:11320 [proto: 87/RTP][1503 pkts/200241 bytes]
- 18 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91/SSL][1 pkts/83 bytes]
- 19 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91/SSL][1 pkts/56 bytes]
+ 18 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes]
+ 19 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes]
Undetected flows:
diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out
new file mode 100644
index 000000000..89bdd3a92
--- /dev/null
+++ b/tests/result/Viber_session.pcap.out
@@ -0,0 +1,51 @@
+Unknown 163 9995 7
+HTTP 14 862 8
+SSL_No_Cert 34 4141 1
+ICMP 2 196 1
+SSL 109 11647 10
+DropBox 1 97 1
+GMail 21 1891 1
+Google 50 4084 5
+Viber 4163 392492 4
+
+ 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 126/Google][10 pkts/757 bytes]
+ 2 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][9 pkts/692 bytes]
+ 3 TCP 93.184.221.200:80 <-> 192.168.200.222:60828 [proto: 7/HTTP][1 pkts/60 bytes]
+ 4 TCP 158.85.58.23:443 <-> 192.168.200.222:44058 [proto: 91/SSL][5 pkts/412 bytes]
+ 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes]
+ 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91/SSL][23 pkts/3345 bytes]
+ 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes]
+ 8 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7/HTTP][1 pkts/66 bytes]
+ 9 TCP 54.169.63.186:443 <-> 192.168.200.222:39339 [proto: 91.144/SSL.Viber][6 pkts/412 bytes]
+ 10 TCP 93.184.221.200:80 <-> 192.168.200.222:33161 [proto: 7/HTTP][1 pkts/60 bytes]
+ 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91/SSL][6 pkts/599 bytes]
+ 12 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][1 pkts/60 bytes]
+ 13 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][24 pkts/2079 bytes]
+ 14 TCP 112.124.219.93:80 <-> 192.168.200.222:46761 [proto: 7/HTTP][7 pkts/436 bytes]
+ 15 TCP 93.184.221.200:80 <-> 192.168.200.222:52977 [proto: 7/HTTP][1 pkts/60 bytes]
+ 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes]
+ 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes]
+ 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes]
+ 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes]
+ 20 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][5 pkts/424 bytes]
+ 21 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes]
+ 22 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][15 pkts/1484 bytes][SSL client: e.crashlytics.com]
+ 23 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][12 pkts/1161 bytes]
+ 24 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][SSL client: mail.google.com]
+ 25 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][1 pkts/60 bytes]
+ 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes]
+ 27 UDP 54.169.63.186:7987 <-> 192.168.200.222:48564 [proto: 144/Viber][2 pkts/138 bytes]
+ 28 UDP 54.169.63.186:7985 <-> 192.168.200.222:48564 [proto: 144/Viber][4143 pkts/390781 bytes]
+ 29 TCP 93.184.221.200:80 <-> 192.168.200.222:50854 [proto: 7/HTTP][1 pkts/60 bytes]
+ 30 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.DropBox][1 pkts/97 bytes]
+ 31 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][16 pkts/1419 bytes][SSL client: settings.crashlytics.com]
+
+
+Undetected flows:
+ 1 TCP 113.31.80.142:7003 <-> 192.168.200.222:55554 [proto: 0/Unknown][6 pkts/446 bytes]
+ 2 UDP 175.157.52.135:37299 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
+ 3 UDP 175.157.52.135:37301 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
+ 4 TCP 113.31.80.142:7003 <-> 192.168.200.222:55565 [proto: 0/Unknown][7 pkts/549 bytes]
+ 5 UDP 10.216.246.82:59027 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
+ 6 UDP 175.157.52.135:37300 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
+ 7 UDP 175.157.52.135:37302 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out
new file mode 100644
index 000000000..415673d20
--- /dev/null
+++ b/tests/result/bittorrent.pcap.out
@@ -0,0 +1,26 @@
+BitTorrent 299 305728 24
+
+ 1 TCP 192.168.1.3:52908 <-> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 2 TCP 79.53.228.2:14627 <-> 192.168.1.3:52896 [proto: 37/BitTorrent][5 pkts/1180 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 3 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][5 pkts/1205 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 4 TCP 192.168.1.3:52925 <-> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 5 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][4 pkts/1401 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][5 pkts/1281 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 7 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][5 pkts/1213 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 8 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][5 pkts/1212 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 9 TCP 192.168.1.3:52894 <-> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 10 TCP 192.168.1.3:52910 <-> 120.62.33.241:39332 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 11 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][8 pkts/1558 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 12 TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][5 pkts/1378 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 13 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][5 pkts/1205 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 14 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][4 pkts/614 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 15 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][7 pkts/1550 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 16 TCP 192.168.1.3:52893 <-> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 17 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][4 pkts/612 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 18 TCP 79.53.228.2:14627 <-> 192.168.1.3:52909 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 19 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][6 pkts/1261 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 20 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][210 pkts/285139 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 21 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][3 pkts/930 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 22 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][2 pkts/758 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 23 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][5 pkts/1201 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+ 24 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][5 pkts/1226 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
diff --git a/tests/result/bittorrent_utp.pcap.out b/tests/result/bittorrent_utp.pcap.out
new file mode 100644
index 000000000..2078b7210
--- /dev/null
+++ b/tests/result/bittorrent_utp.pcap.out
@@ -0,0 +1,3 @@
+BitTorrent 86 41489 1
+
+ 1 UDP 192.168.1.5:40959 <-> 82.243.113.43:64969 [proto: 37/BitTorrent][86 pkts/41489 bytes]
diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out
index 2513a4e83..f6f36acbf 100644
--- a/tests/result/mpeg.pcap.out
+++ b/tests/result/mpeg.pcap.out
@@ -1,3 +1,3 @@
-HTTP 19 10643 1
+MPEG 19 10643 1
- 1 TCP 46.101.157.119:80 <-> 192.168.80.160:55804 [proto: 7/HTTP][19 pkts/10643 bytes][Host: luca.ntop.org]
+ 1 TCP 46.101.157.119:80 <-> 192.168.80.160:55804 [proto: 7.42/HTTP.MPEG][19 pkts/10643 bytes][Host: luca.ntop.org]
diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out
index 8f3129150..253583c88 100644
--- a/tests/result/ocs.pcap.out
+++ b/tests/result/ocs.pcap.out
@@ -1,7 +1,7 @@
-Unknown 2 120 1
+Unknown 8 480 2
DNS 3 214 3
+HTTP 13 1019 2
SSL 45 5771 3
-Skype 19 1379 3
Google 14 2349 3
OCS 863 57552 7
@@ -17,14 +17,14 @@ OCS 863 57552 7
10 UDP 192.168.180.2:3621 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com]
11 UDP 192.168.180.2:11793 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes][Host: play.googleapis.com]
12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][SSL client: ocs.labgency.ws]
- 13 TCP 192.168.180.2:46166 <-> 137.135.131.52:5122 [proto: 125/Skype][6 pkts/360 bytes]
- 14 TCP 192.168.180.2:53356 <-> 137.135.129.206:80 [proto: 7.125/HTTP.Skype][6 pkts/479 bytes]
- 15 UDP 192.168.180.2:24245 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr]
- 16 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws]
- 17 UDP 192.168.180.2:40097 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com]
- 18 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][SSL client: mtalk.google.com]
- 19 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7.125/HTTP.Skype][7 pkts/540 bytes]
+ 13 TCP 192.168.180.2:53356 <-> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes]
+ 14 UDP 192.168.180.2:24245 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr]
+ 15 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws]
+ 16 UDP 192.168.180.2:40097 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com]
+ 17 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][SSL client: mtalk.google.com]
+ 18 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes]
Undetected flows:
- 1 TCP 192.168.180.2:47699 <-> 64.233.184.188:5228 [proto: 0/Unknown][2 pkts/120 bytes]
+ 1 TCP 192.168.180.2:46166 <-> 137.135.131.52:5122 [proto: 0/Unknown][6 pkts/360 bytes]
+ 2 TCP 192.168.180.2:47699 <-> 64.233.184.188:5228 [proto: 0/Unknown][2 pkts/120 bytes]
diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out
index d4e820f04..abcece480 100644
--- a/tests/result/skype.pcap.out
+++ b/tests/result/skype.pcap.out
@@ -1,12 +1,13 @@
-Unknown 377 46993 14
+Unknown 396 52104 15
DNS 8 807 4
MDNS 8 1736 2
NTP 2 180 1
SSDP 101 38156 6
ICMP 8 656 1
IGMP 5 258 4
+SSL 88 8268 6
DropBox 38 17948 5
-Skype 2414 504755 251
+Skype 2307 491376 244
Apple 15 2045 2
AppleiCloud 88 20520 2
Spotify 5 430 1
@@ -98,198 +99,197 @@ Spotify 5 430 1
85 UDP 192.168.1.1:53 <-> 192.168.1.34:64085 [proto: 5/DNS][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net]
86 UDP 192.168.1.1:53 <-> 192.168.1.34:65045 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net]
87 UDP 192.168.1.1:53 <-> 192.168.1.34:65037 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 88 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 125/Skype][19 pkts/5111 bytes]
- 89 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes]
- 90 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes]
- 91 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes]
- 92 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][3 pkts/168 bytes]
- 93 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][SSL client: p05-keyvalueservice.icloud.com]
- 94 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][SSL client: apps.skypeassets.com]
- 95 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][SSL client: apps.skype.com]
- 96 UDP 192.168.1.34:13021 <-> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes]
- 97 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes]
- 98 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes]
- 99 UDP 192.168.1.34:13021 <-> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes]
- 100 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][12 pkts/1877 bytes]
- 101 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes]
- 102 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes]
- 103 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes]
- 104 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes]
- 105 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes]
- 106 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes]
- 107 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes]
- 108 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes]
- 109 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes]
- 110 UDP 65.55.223.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/69 bytes]
- 111 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes]
- 112 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes]
- 113 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes]
- 114 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes]
- 115 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes]
- 116 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes]
- 117 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes]
- 118 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes]
- 119 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes]
- 120 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes]
- 121 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes]
- 122 UDP 65.55.223.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes]
- 123 UDP 65.55.223.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes]
- 124 UDP 65.55.223.21:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes]
- 125 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes]
- 126 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes]
- 127 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
- 128 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes]
- 129 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 125/Skype][13 pkts/1287 bytes]
- 130 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 125/Skype][12 pkts/1107 bytes]
- 131 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes]
- 132 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes]
- 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes]
- 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes]
- 135 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes]
- 136 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes]
- 137 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes]
- 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes]
- 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes]
- 140 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
- 141 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes]
- 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes]
- 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes]
- 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes]
- 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes]
- 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes]
- 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes]
- 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes]
- 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes]
- 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes]
- 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes]
- 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes]
- 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes]
- 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes]
- 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes]
- 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes]
- 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes]
- 158 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes]
- 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 125/Skype][387 pkts/198090 bytes]
- 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 125/Skype][14 pkts/1328 bytes]
- 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 125/Skype][15 pkts/1569 bytes]
- 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 125/Skype][15 pkts/1411 bytes]
- 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 125/Skype][15 pkts/1351 bytes]
- 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 125/Skype][15 pkts/1349 bytes]
- 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 125/Skype][15 pkts/1401 bytes]
- 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 125/Skype][15 pkts/1513 bytes]
- 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 125/Skype][16 pkts/1754 bytes]
- 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 125/Skype][15 pkts/1590 bytes]
- 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes]
- 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes]
- 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes]
- 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes]
- 173 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes]
- 174 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
- 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes]
- 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes]
- 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes]
- 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes]
- 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes]
- 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes]
- 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes]
- 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes]
- 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes]
- 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes]
- 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes]
- 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes]
- 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes]
- 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes]
- 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes]
- 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes]
- 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes]
- 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes]
- 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes]
- 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes]
- 195 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 196 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes]
- 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes]
- 198 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
- 199 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 125/Skype][8 pkts/608 bytes]
- 200 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][6 pkts/3264 bytes]
- 201 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][5 pkts/2720 bytes]
- 202 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes]
- 203 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
- 206 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
- 207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 125/Skype][16 pkts/1592 bytes]
- 208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 125/Skype][16 pkts/1376 bytes]
- 209 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
- 210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes]
- 211 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes]
- 212 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes]
- 213 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes]
- 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
- 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 216 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 217 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes]
- 218 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes]
- 219 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes]
- 220 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes]
- 221 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes]
- 222 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes]
- 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 224 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
- 225 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 226 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes]
- 227 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net]
- 228 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net]
- 229 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes]
- 230 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
- 231 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
- 232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes]
- 233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes]
- 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com]
- 235 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes]
- 236 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes]
- 237 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes]
- 238 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes]
- 239 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
- 240 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes]
- 241 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes]
- 242 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes]
- 243 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes]
- 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes]
- 245 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes]
- 246 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes]
- 247 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
- 248 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes]
- 249 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes]
- 250 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 125/Skype][12 pkts/1147 bytes]
- 251 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 125/Skype][15 pkts/1311 bytes]
- 252 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 125/Skype][15 pkts/1452 bytes]
- 253 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 125/Skype][14 pkts/1390 bytes]
- 254 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes]
- 255 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes]
- 256 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes]
- 257 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes]
- 258 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes]
- 259 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes]
- 260 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes]
- 261 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes]
- 262 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes]
- 263 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
- 264 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes]
- 265 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
- 266 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
- 267 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes]
- 268 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
- 269 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes]
- 270 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes]
- 271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 125/Skype][20 pkts/1516 bytes]
- 272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes]
- 273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes]
- 274 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.DropBox][16 pkts/5980 bytes]
- 275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 125/Skype][14 pkts/1208 bytes]
- 276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 125/Skype][13 pkts/1109 bytes]
- 277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes]
- 278 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes]
- 279 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes]
+ 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes]
+ 89 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes]
+ 90 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes]
+ 91 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][3 pkts/168 bytes]
+ 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][SSL client: p05-keyvalueservice.icloud.com]
+ 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][SSL client: apps.skypeassets.com]
+ 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][SSL client: apps.skype.com]
+ 95 UDP 192.168.1.34:13021 <-> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes]
+ 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes]
+ 97 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes]
+ 98 UDP 192.168.1.34:13021 <-> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes]
+ 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][12 pkts/1877 bytes]
+ 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes]
+ 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes]
+ 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes]
+ 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes]
+ 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes]
+ 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes]
+ 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes]
+ 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes]
+ 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes]
+ 109 UDP 65.55.223.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/69 bytes]
+ 110 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes]
+ 111 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes]
+ 112 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes]
+ 113 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes]
+ 114 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes]
+ 115 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes]
+ 116 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes]
+ 117 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes]
+ 118 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes]
+ 119 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes]
+ 120 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes]
+ 121 UDP 65.55.223.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes]
+ 122 UDP 65.55.223.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes]
+ 123 UDP 65.55.223.21:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes]
+ 124 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes]
+ 125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes]
+ 126 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
+ 127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes]
+ 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 125/Skype][13 pkts/1287 bytes]
+ 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 125/Skype][12 pkts/1107 bytes]
+ 130 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes]
+ 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes]
+ 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes]
+ 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes]
+ 134 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes]
+ 135 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes]
+ 136 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes]
+ 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes]
+ 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes]
+ 139 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
+ 140 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes]
+ 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes]
+ 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes]
+ 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes]
+ 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes]
+ 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes]
+ 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes]
+ 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes]
+ 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes]
+ 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes]
+ 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes]
+ 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes]
+ 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes]
+ 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes]
+ 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes]
+ 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes]
+ 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes]
+ 157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes]
+ 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 125/Skype][387 pkts/198090 bytes]
+ 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 125/Skype][14 pkts/1328 bytes]
+ 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 125/Skype][15 pkts/1569 bytes]
+ 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 125/Skype][15 pkts/1411 bytes]
+ 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 125/Skype][15 pkts/1351 bytes]
+ 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 125/Skype][15 pkts/1349 bytes]
+ 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 125/Skype][15 pkts/1401 bytes]
+ 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 125/Skype][15 pkts/1513 bytes]
+ 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 125/Skype][16 pkts/1754 bytes]
+ 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 125/Skype][15 pkts/1590 bytes]
+ 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes]
+ 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes]
+ 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes]
+ 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes]
+ 172 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes]
+ 173 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
+ 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes]
+ 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes]
+ 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes]
+ 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes]
+ 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes]
+ 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes]
+ 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes]
+ 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes]
+ 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes]
+ 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes]
+ 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes]
+ 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes]
+ 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes]
+ 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes]
+ 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes]
+ 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes]
+ 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes]
+ 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes]
+ 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes]
+ 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes]
+ 194 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 195 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes]
+ 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes]
+ 197 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
+ 198 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 125/Skype][8 pkts/608 bytes]
+ 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][6 pkts/3264 bytes]
+ 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][5 pkts/2720 bytes]
+ 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes]
+ 202 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
+ 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
+ 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes]
+ 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes]
+ 208 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
+ 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes]
+ 210 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes]
+ 211 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes]
+ 212 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes]
+ 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
+ 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes]
+ 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes]
+ 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes]
+ 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes]
+ 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes]
+ 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes]
+ 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
+ 224 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes]
+ 226 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net]
+ 227 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net]
+ 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes]
+ 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
+ 230 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
+ 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes]
+ 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes]
+ 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com]
+ 234 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes]
+ 235 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes]
+ 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes]
+ 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes]
+ 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
+ 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes]
+ 240 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes]
+ 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes]
+ 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes]
+ 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes]
+ 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes]
+ 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes]
+ 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
+ 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes]
+ 248 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes]
+ 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes]
+ 250 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes]
+ 251 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes]
+ 252 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes]
+ 253 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes]
+ 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes]
+ 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes]
+ 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes]
+ 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes]
+ 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes]
+ 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes]
+ 260 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes]
+ 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes]
+ 262 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
+ 263 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes]
+ 264 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
+ 265 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
+ 266 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes]
+ 267 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
+ 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes]
+ 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes]
+ 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 125/Skype][20 pkts/1516 bytes]
+ 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes]
+ 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes]
+ 273 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.DropBox][16 pkts/5980 bytes]
+ 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 125/Skype][14 pkts/1208 bytes]
+ 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 125/Skype][13 pkts/1109 bytes]
+ 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes]
+ 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes]
+ 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes]
Undetected flows:
@@ -299,11 +299,12 @@ Undetected flows:
4 UDP 192.168.1.1:5351 <-> 192.168.1.34:49511 [proto: 0/Unknown][4 pkts/216 bytes]
5 UDP 192.168.1.1:5351 <-> 192.168.1.34:54067 [proto: 0/Unknown][4 pkts/216 bytes]
6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes]
- 7 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes]
- 8 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes]
- 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes]
- 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes]
- 11 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes]
- 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes]
- 13 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes]
- 14 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes]
+ 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes]
+ 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes]
+ 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes]
+ 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes]
+ 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes]
+ 12 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes]
+ 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes]
+ 14 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes]
+ 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes]
diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out
index eabcf69fb..c307ca471 100644
--- a/tests/result/skype_no_unknown.pcap.out
+++ b/tests/result/skype_no_unknown.pcap.out
@@ -1,13 +1,13 @@
-Unknown 212 58232 12
+Unknown 236 70600 14
DNS 6 627 3
MDNS 3 400 2
NetBIOS 22 3106 7
SSDP 40 14100 3
ICMP 4 328 1
IGMP 4 226 4
-SSL 6 468 1
+SSL 79 7742 6
DropBox 16 7342 5
-Skype 1682 382296 227
+Skype 1585 362654 220
Apple 84 20699 2
1 UDP 192.168.1.34:13021 <-> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes]
@@ -70,7 +70,7 @@ Apple 84 20699 2
58 TCP 149.13.32.15:13392 <-> 192.168.1.34:51305 [proto: 125/Skype][18 pkts/1426 bytes]
59 TCP 149.13.32.15:13392 <-> 192.168.1.34:51309 [proto: 125/Skype][15 pkts/1197 bytes]
60 UDP 192.168.1.1:53 <-> 192.168.1.34:51753 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 125/Skype][16 pkts/1637 bytes]
+ 61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][16 pkts/1637 bytes]
62 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][16 pkts/1297 bytes]
63 UDP 111.221.74.14:443 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/60 bytes]
64 UDP 192.168.1.34:13021 <-> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes]
@@ -87,184 +87,182 @@ Apple 84 20699 2
75 UDP 192.168.1.1:53 <-> 192.168.1.34:63661 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net]
76 UDP 192.168.1.1:53 <-> 192.168.1.34:64971 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com]
77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][14 pkts/1142 bytes]
- 78 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 125/Skype][23 pkts/12290 bytes]
- 79 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 125/Skype][1 pkts/78 bytes]
- 80 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][16 pkts/1238 bytes]
- 81 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][199 pkts/90615 bytes]
- 82 UDP 192.168.1.34:13021 <-> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes]
- 83 UDP 192.168.1.34:58061 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
- 84 IGMP 233.89.188.1:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes]
- 85 UDP 192.168.1.34:59237 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
- 86 TCP 192.168.1.34:50407 <-> 17.143.160.149:5223 [proto: 140/Apple][8 pkts/1118 bytes]
- 87 UDP 192.168.1.34:13021 <-> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes]
- 88 UDP 65.55.223.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
- 89 UDP 192.168.1.34:13021 <-> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes]
- 90 TCP 157.56.52.28:40009 <-> 192.168.1.34:51229 [proto: 125/Skype][16 pkts/1292 bytes]
- 91 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][18 pkts/1454 bytes]
- 92 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1330 bytes]
- 93 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][16 pkts/1265 bytes]
- 94 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][18 pkts/1426 bytes]
- 95 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][17 pkts/1367 bytes]
- 96 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][17 pkts/1329 bytes]
- 97 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][17 pkts/1426 bytes]
- 98 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 125/Skype][13 pkts/1257 bytes]
- 99 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 125/Skype][15 pkts/1533 bytes]
- 100 UDP 192.168.1.34:13021 <-> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes]
- 101 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes]
- 102 UDP 192.168.1.34:13021 <-> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes]
- 103 UDP 192.168.1.34:13021 <-> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes]
- 104 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes]
- 105 UDP 65.55.223.17:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
- 106 UDP 65.55.223.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes]
- 107 UDP 65.55.223.22:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
- 108 UDP 65.55.223.20:40023 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes]
- 109 UDP 65.55.223.18:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
- 110 UDP 65.55.223.27:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes]
- 111 UDP 65.55.223.24:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
- 112 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 125/Skype][6 pkts/377 bytes]
- 113 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 125/Skype][10 pkts/599 bytes]
- 114 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes]
- 115 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
- 116 TCP 192.168.1.34:51222 <-> 108.160.163.108:443 [proto: 91.121/SSL.DropBox][8 pkts/2990 bytes]
- 117 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 125/Skype][14 pkts/1253 bytes]
- 118 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes]
- 119 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes]
- 120 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes]
- 121 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes]
- 122 UDP 111.221.74.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes]
- 123 UDP 111.221.74.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
- 124 UDP 111.221.74.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
- 125 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes]
- 126 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes]
- 127 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes]
- 128 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes]
- 129 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes]
- 130 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes]
- 131 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes]
- 132 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes]
- 133 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes]
- 134 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes]
- 135 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes]
- 136 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes]
- 137 TCP 91.190.216.24:12350 <-> 192.168.1.34:51297 [proto: 125/Skype][15 pkts/3532 bytes]
- 138 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes]
- 139 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes]
- 140 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes]
- 141 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes]
- 142 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes]
- 143 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 125/Skype][348 pkts/181687 bytes]
- 144 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes]
- 145 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 125/Skype][15 pkts/1584 bytes]
- 146 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 125/Skype][15 pkts/1569 bytes]
- 147 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 125/Skype][15 pkts/1380 bytes]
- 148 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes]
- 149 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes]
- 150 UDP 157.56.52.19:40020 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes]
- 151 UDP 157.56.52.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes]
- 152 UDP 157.56.52.25:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes]
- 153 UDP 157.56.52.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
- 154 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes]
- 155 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes]
- 156 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes]
- 157 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes]
- 158 UDP 157.56.52.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes]
- 159 UDP 157.56.52.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
- 160 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes]
- 161 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes]
- 162 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes]
- 163 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes]
- 164 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes]
- 165 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes]
- 166 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes]
- 167 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes]
- 168 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes]
- 169 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes]
- 170 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes]
- 171 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes]
- 172 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes]
- 173 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes]
- 174 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes]
- 175 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes]
- 176 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes]
- 177 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes]
- 178 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes]
- 179 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
- 180 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes]
- 181 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes]
- 182 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes]
- 183 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes]
- 184 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
- 185 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes]
- 186 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 125/Skype][15 pkts/1415 bytes]
- 187 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com]
- 188 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes]
- 189 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes]
- 190 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 191 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
- 192 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com]
- 193 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes]
- 194 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes]
- 195 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes]
- 196 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes]
- 197 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes]
- 198 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes]
- 199 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes]
- 200 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes]
- 201 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes]
- 202 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net]
- 203 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
- 204 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com]
- 205 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes]
- 206 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 207 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com]
- 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
- 209 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 210 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
- 211 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes]
- 212 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes]
- 213 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes]
- 214 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes]
- 215 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes]
- 216 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes]
- 217 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes]
- 218 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes]
- 219 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes]
- 220 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes]
- 221 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes]
- 222 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes]
- 223 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes]
- 224 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes]
- 225 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com]
- 226 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][SSL client: apps.skype.com]
- 227 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes]
- 228 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes]
- 229 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes]
- 230 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 125/Skype][14 pkts/1432 bytes]
- 231 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes]
- 232 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes]
- 233 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes]
- 234 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes]
- 235 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes]
- 236 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes]
- 237 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes]
- 238 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes]
- 239 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes]
- 240 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes]
- 241 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes]
- 242 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes]
- 243 UDP 65.55.223.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
- 244 UDP 65.55.223.32:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
- 245 UDP 65.55.223.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
- 246 UDP 65.55.223.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
- 247 UDP 65.55.223.15:40030 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
- 248 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes]
- 249 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes]
- 250 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes]
- 251 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes]
- 252 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 125/Skype][14 pkts/1373 bytes]
- 253 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes]
- 254 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 125/Skype][14 pkts/1363 bytes]
- 255 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes]
+ 78 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][16 pkts/1238 bytes]
+ 79 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][199 pkts/90615 bytes]
+ 80 UDP 192.168.1.34:13021 <-> 157.55.235.141:443 [proto: 125/Skype][1 pkts/60 bytes]
+ 81 UDP 192.168.1.34:58061 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
+ 82 IGMP 233.89.188.1:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes]
+ 83 UDP 192.168.1.34:59237 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
+ 84 TCP 192.168.1.34:50407 <-> 17.143.160.149:5223 [proto: 140/Apple][8 pkts/1118 bytes]
+ 85 UDP 192.168.1.34:13021 <-> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes]
+ 86 UDP 65.55.223.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
+ 87 UDP 192.168.1.34:13021 <-> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes]
+ 88 TCP 157.56.52.28:40009 <-> 192.168.1.34:51229 [proto: 125/Skype][16 pkts/1292 bytes]
+ 89 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][18 pkts/1454 bytes]
+ 90 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1330 bytes]
+ 91 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][16 pkts/1265 bytes]
+ 92 TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][18 pkts/1426 bytes]
+ 93 TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][17 pkts/1367 bytes]
+ 94 TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][17 pkts/1329 bytes]
+ 95 TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][17 pkts/1426 bytes]
+ 96 TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][13 pkts/1257 bytes]
+ 97 TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][15 pkts/1533 bytes]
+ 98 UDP 192.168.1.34:13021 <-> 64.4.23.165:40004 [proto: 125/Skype][1 pkts/75 bytes]
+ 99 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/78 bytes]
+ 100 UDP 192.168.1.34:13021 <-> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes]
+ 101 UDP 192.168.1.34:13021 <-> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes]
+ 102 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes]
+ 103 UDP 65.55.223.17:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
+ 104 UDP 65.55.223.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes]
+ 105 UDP 65.55.223.22:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
+ 106 UDP 65.55.223.20:40023 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes]
+ 107 UDP 65.55.223.18:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
+ 108 UDP 65.55.223.27:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes]
+ 109 UDP 65.55.223.24:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
+ 110 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 125/Skype][6 pkts/377 bytes]
+ 111 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 125/Skype][10 pkts/599 bytes]
+ 112 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes]
+ 113 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
+ 114 TCP 192.168.1.34:51222 <-> 108.160.163.108:443 [proto: 91.121/SSL.DropBox][8 pkts/2990 bytes]
+ 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 125/Skype][14 pkts/1253 bytes]
+ 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes]
+ 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes]
+ 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes]
+ 119 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes]
+ 120 UDP 111.221.74.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes]
+ 121 UDP 111.221.74.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
+ 122 UDP 111.221.74.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
+ 123 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes]
+ 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes]
+ 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes]
+ 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes]
+ 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes]
+ 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes]
+ 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes]
+ 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes]
+ 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes]
+ 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes]
+ 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes]
+ 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes]
+ 135 TCP 91.190.216.24:12350 <-> 192.168.1.34:51297 [proto: 125/Skype][15 pkts/3532 bytes]
+ 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes]
+ 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes]
+ 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes]
+ 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes]
+ 140 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes]
+ 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 125/Skype][348 pkts/181687 bytes]
+ 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes]
+ 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 125/Skype][15 pkts/1584 bytes]
+ 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 125/Skype][15 pkts/1569 bytes]
+ 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 125/Skype][15 pkts/1380 bytes]
+ 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes]
+ 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes]
+ 148 UDP 157.56.52.19:40020 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes]
+ 149 UDP 157.56.52.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes]
+ 150 UDP 157.56.52.25:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes]
+ 151 UDP 157.56.52.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
+ 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes]
+ 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes]
+ 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes]
+ 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes]
+ 156 UDP 157.56.52.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes]
+ 157 UDP 157.56.52.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
+ 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes]
+ 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes]
+ 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes]
+ 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes]
+ 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes]
+ 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes]
+ 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes]
+ 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes]
+ 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes]
+ 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes]
+ 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes]
+ 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes]
+ 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes]
+ 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes]
+ 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes]
+ 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes]
+ 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes]
+ 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes]
+ 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes]
+ 177 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
+ 178 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes]
+ 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes]
+ 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes]
+ 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes]
+ 182 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
+ 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes]
+ 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes]
+ 185 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com]
+ 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes]
+ 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes]
+ 188 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 189 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
+ 190 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com]
+ 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes]
+ 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes]
+ 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes]
+ 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes]
+ 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes]
+ 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes]
+ 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes]
+ 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes]
+ 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes]
+ 200 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net]
+ 201 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
+ 202 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com]
+ 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes]
+ 204 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 205 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com]
+ 206 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
+ 207 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
+ 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes]
+ 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes]
+ 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes]
+ 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes]
+ 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes]
+ 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes]
+ 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes]
+ 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes]
+ 217 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes]
+ 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes]
+ 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes]
+ 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes]
+ 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes]
+ 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes]
+ 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com]
+ 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][SSL client: apps.skype.com]
+ 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes]
+ 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes]
+ 227 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes]
+ 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes]
+ 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes]
+ 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes]
+ 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes]
+ 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes]
+ 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes]
+ 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes]
+ 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes]
+ 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes]
+ 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes]
+ 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes]
+ 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes]
+ 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes]
+ 241 UDP 65.55.223.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
+ 242 UDP 65.55.223.32:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
+ 243 UDP 65.55.223.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes]
+ 244 UDP 65.55.223.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes]
+ 245 UDP 65.55.223.15:40030 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes]
+ 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes]
+ 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes]
+ 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes]
+ 249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes]
+ 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 125/Skype][14 pkts/1373 bytes]
+ 251 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes]
+ 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 125/Skype][14 pkts/1363 bytes]
+ 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes]
Undetected flows:
@@ -272,11 +270,13 @@ Undetected flows:
2 TCP 149.13.32.15:13392 <-> 192.168.1.34:51307 [proto: 0/Unknown][26 pkts/17499 bytes]
3 TCP 149.13.32.15:13392 <-> 192.168.1.34:51317 [proto: 0/Unknown][20 pkts/6208 bytes]
4 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][18 pkts/1482 bytes]
- 5 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes]
- 6 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes]
- 7 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes]
- 8 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes]
- 9 TCP 76.167.161.6:20274 <-> 192.168.1.34:51300 [proto: 0/Unknown][3 pkts/206 bytes]
- 10 TCP 149.13.32.15:13392 <-> 192.168.1.34:51312 [proto: 0/Unknown][25 pkts/15642 bytes]
- 11 UDP 192.168.1.1:5351 <-> 192.168.1.34:59052 [proto: 0/Unknown][4 pkts/216 bytes]
- 12 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes]
+ 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes]
+ 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes]
+ 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes]
+ 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes]
+ 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes]
+ 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes]
+ 11 TCP 76.167.161.6:20274 <-> 192.168.1.34:51300 [proto: 0/Unknown][3 pkts/206 bytes]
+ 12 TCP 149.13.32.15:13392 <-> 192.168.1.34:51312 [proto: 0/Unknown][25 pkts/15642 bytes]
+ 13 UDP 192.168.1.1:5351 <-> 192.168.1.34:59052 [proto: 0/Unknown][4 pkts/216 bytes]
+ 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes]
diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out
index 918647cef..e221e9ab6 100644
--- a/tests/result/starcraft_battle.pcap.out
+++ b/tests/result/starcraft_battle.pcap.out
@@ -1,11 +1,12 @@
Unknown 2 121 1
DNS 26 2848 7
-HTTP 450 294880 19
+HTTP 271 160676 18
SSDP 11 4984 1
+HTTPDownload 179 134204 1
WorldOfWarcraft 9 880 1
IGMP 2 120 1
-SSL 43 2903 13
-Google 12 1467 2
+SSL 41 2782 12
+Google 14 1588 3
Quic 6 475 1
Starcraft 236 51494 6
@@ -22,7 +23,7 @@ Starcraft 236 51494 6
11 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][3 pkts/168 bytes]
12 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][4 pkts/228 bytes]
13 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][2 pkts/104 bytes]
- 14 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91/SSL][2 pkts/121 bytes]
+ 14 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][2 pkts/121 bytes]
15 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25105 bytes][Host: bnetcmsus-a.akamaihd.net]
16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes]
@@ -38,7 +39,7 @@ Starcraft 236 51494 6
27 TCP 80.239.186.40:80 <-> 192.168.1.100:3525 [proto: 7/HTTP][12 pkts/3933 bytes][Host: eu.battle.net]
28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes]
29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes]
- 30 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][179 pkts/134204 bytes][Host: llnw.blizzard.com]
+ 30 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTPDownload][179 pkts/134204 bytes][Host: llnw.blizzard.com]
31 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/Quic][6 pkts/475 bytes]
32 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net]
33 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa]
diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out
new file mode 100644
index 000000000..df601dd7d
--- /dev/null
+++ b/tests/result/viber_mobile.pcap.out
@@ -0,0 +1,96 @@
+Unknown 163 9995 7
+DNS 16 1943 7
+HTTP 51 5299 8
+BitTorrent 57 13074 27
+SSL_No_Cert 36 5874 1
+ICMP 4 518 3
+SSL 90 22731 8
+Facebook 39 16382 2
+DropBox 2 163 1
+GMail 35 14773 2
+Google 75 17027 7
+WhatsApp 31 6224 2
+Viber 10081 1413446 4
+
+ 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][SSL client: mtalk.google.com]
+ 2 UDP 122.146.250.88:9415 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes]
+ 3 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][16 pkts/5838 bytes]
+ 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes]
+ 5 TCP 93.184.221.200:80 <-> 192.168.200.222:60828 [proto: 7/HTTP][5 pkts/300 bytes]
+ 6 TCP 158.85.58.23:443 <-> 192.168.200.222:44058 [proto: 91/SSL][7 pkts/532 bytes]
+ 7 UDP 8.8.8.8:53 <-> 192.168.200.222:15836 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com]
+ 8 UDP 84.202.23.122:22737 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 9 UDP 178.57.5.53:64731 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/498 bytes]
+ 10 UDP 60.71.113.134:37764 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 11 UDP 23.113.222.89:49548 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/503 bytes]
+ 12 UDP 1.163.234.205:58738 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/471 bytes]
+ 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes]
+ 14 UDP 90.19.187.56:40500 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes]
+ 15 UDP 80.47.129.1:44420 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 16 UDP 70.112.231.62:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][3 pkts/438 bytes]
+ 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][SSL client: graph.facebook.com]
+ 18 UDP 94.6.33.9:46735 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes]
+ 20 UDP 88.176.55.218:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes]
+ 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes]
+ 22 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7/HTTP][8 pkts/528 bytes]
+ 23 UDP 8.8.8.8:53 <-> 192.168.200.222:47874 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com]
+ 24 TCP 54.169.63.186:443 <-> 192.168.200.222:39339 [proto: 91.144/SSL.Viber][6 pkts/412 bytes]
+ 25 UDP 92.249.148.218:53810 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 26 TCP 93.184.221.200:80 <-> 192.168.200.222:33161 [proto: 7/HTTP][5 pkts/300 bytes]
+ 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91/SSL][11 pkts/1073 bytes]
+ 28 UDP 8.8.8.8:53 <-> 192.168.200.222:55854 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn]
+ 29 UDP 8.8.8.8:53 <-> 192.168.200.222:58434 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com]
+ 30 UDP 2.85.108.0:21241 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 31 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][9 pkts/2188 bytes]
+ 32 UDP 8.8.8.8:53 <-> 192.168.200.222:60474 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com]
+ 33 UDP 24.43.1.206:17193 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][8 pkts/1992 bytes]
+ 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/148 bytes]
+ 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 36 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][SSL client: googleads.g.doubleclick.net]
+ 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes]
+ 38 UDP 80.234.25.211:12624 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 39 TCP 112.124.219.93:80 <-> 192.168.200.222:46761 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com]
+ 40 TCP 93.184.221.200:80 <-> 192.168.200.222:52977 [proto: 7/HTTP][5 pkts/300 bytes]
+ 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 42 UDP 8.8.8.8:53 <-> 192.168.200.222:16965 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com]
+ 43 UDP 24.43.1.206:40959 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][4 pkts/996 bytes]
+ 44 UDP 46.181.170.37:36237 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 45 UDP 8.8.8.8:53 <-> 192.168.200.222:22761 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com]
+ 46 UDP 188.165.225.138:6881 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/480 bytes]
+ 47 UDP 8.8.8.8:53 <-> 192.168.200.222:39149 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io]
+ 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes]
+ 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes]
+ 50 UDP 178.157.199.144:22133 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes]
+ 51 UDP 8.8.8.8:53 <-> 192.168.200.222:39695 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com]
+ 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes]
+ 53 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes]
+ 54 UDP 8.8.8.8:53 <-> 192.168.200.222:43901 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net]
+ 55 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][7 pkts/532 bytes]
+ 56 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes]
+ 57 UDP 8.8.8.8:53 <-> 192.168.200.222:52263 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net]
+ 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][SSL client: e.crashlytics.com]
+ 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes]
+ 60 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][SSL client: mail.google.com]
+ 61 UDP 37.214.167.82:11905 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes]
+ 62 UDP 8.8.8.8:53 <-> 192.168.200.222:58921 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io]
+ 63 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][5 pkts/300 bytes]
+ 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes]
+ 65 UDP 93.100.186.199:6881 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/498 bytes]
+ 66 UDP 54.169.63.186:7985 <-> 192.168.200.222:48564 [proto: 144/Viber][10057 pkts/1410853 bytes]
+ 67 UDP 54.169.63.186:7987 <-> 192.168.200.222:48564 [proto: 144/Viber][2 pkts/138 bytes]
+ 68 TCP 93.184.221.200:80 <-> 192.168.200.222:50854 [proto: 7/HTTP][5 pkts/300 bytes]
+ 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes]
+ 70 UDP 92.245.59.202:12998 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes]
+ 71 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.DropBox][2 pkts/163 bytes]
+ 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][SSL client: settings.crashlytics.com]
+
+
+Undetected flows:
+ 1 TCP 113.31.80.142:7003 <-> 192.168.200.222:55554 [proto: 0/Unknown][6 pkts/446 bytes]
+ 2 UDP 175.157.52.135:37299 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
+ 3 UDP 175.157.52.135:37301 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
+ 4 TCP 113.31.80.142:7003 <-> 192.168.200.222:55565 [proto: 0/Unknown][7 pkts/549 bytes]
+ 5 UDP 10.216.246.82:59027 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
+ 6 UDP 175.157.52.135:37300 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
+ 7 UDP 175.157.52.135:37302 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes]
diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out
index 49a6b96e0..0429e66a0 100644
--- a/tests/result/waze.pcap.out
+++ b/tests/result/waze.pcap.out
@@ -1,6 +1,6 @@
Unknown 10 786 1
-HTTP 37 63205 1
NTP 2 180 1
+HTTPDownload 37 63205 1
SSL_No_Cert 13 2142 1
Waze 484 289335 19
WhatsApp 15 1341 1
@@ -26,7 +26,7 @@ Simet 36 2004 9
18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1328 bytes][Host: cres.waze.com]
19 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1323 bytes][Host: cres.waze.com]
20 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1319 bytes][Host: cres.waze.com]
- 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net]
+ 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTPDownload][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net]
22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][13 pkts/2142 bytes]
23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91.200/SSL.Simet][4 pkts/216 bytes]
24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][SSL server: *.waze.com]
diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out
index 289214e9c..fd2edb823 100644
--- a/tests/result/whatsapp_login_call.pcap.out
+++ b/tests/result/whatsapp_login_call.pcap.out
@@ -1,8 +1,7 @@
-Unknown 662 83338 2
HTTP 11 726 3
MDNS 8 952 4
DHCP 10 3420 1
-STUN 141 19604 18
+STUN 97 11786 16
ICMP 10 700 1
SSL 8 589 2
DropBox 4 2176 1
@@ -10,64 +9,62 @@ Apple 127 28102 20
WhatsApp 182 25154 2
AppleiTunes 85 28087 2
Spotify 3 258 1
+WhatsAppVoice 706 91156 4
1 UDP [fe80::da30:62ff:fe56:1c]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes]
2 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/DropBox][4 pkts/2176 bytes]
3 ICMP 192.168.2.4:0 <-> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes]
- 4 UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78/STUN][5 pkts/676 bytes]
- 5 UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com]
- 6 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 7 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes]
- 8 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 9 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 10 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 11 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 12 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 14 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com]
- 15 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes]
- 16 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 18 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 19 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 20 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 21 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 22 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 23 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 78/STUN][24 pkts/4825 bytes]
- 24 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 26 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 27 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 28 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 78/STUN][20 pkts/2993 bytes]
- 29 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78/STUN][5 pkts/676 bytes]
- 30 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes]
- 31 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes]
- 32 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes]
- 33 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes]
- 34 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes]
- 35 UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net]
- 36 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes]
- 37 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes]
- 38 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 39 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 40 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 41 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 42 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 43 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com]
- 44 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 45 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 46 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 47 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
- 48 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes]
- 49 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com]
- 50 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes]
- 51 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes]
- 52 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
- 53 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
- 54 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes]
- 55 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes]
-
-
-Undetected flows:
- 1 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 0/Unknown][198 pkts/30418 bytes]
- 2 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 0/Unknown][464 pkts/52920 bytes]
+ 4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][198 pkts/30418 bytes]
+ 5 UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78/STUN][5 pkts/676 bytes]
+ 6 UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com]
+ 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes]
+ 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com]
+ 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes]
+ 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 19 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 21 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 22 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 23 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 24 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes]
+ 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 29 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes]
+ 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes]
+ 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes]
+ 33 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes]
+ 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes]
+ 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes]
+ 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes]
+ 37 UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net]
+ 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes]
+ 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes]
+ 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com]
+ 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes]
+ 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com]
+ 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes]
+ 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes]
+ 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
+ 55 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
+ 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes]
+ 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes]
Powered by cgit, Themed by Ted Yin.