diff options
| -rw-r--r-- | src/lib/ndpi_main.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mining.c | 62 | ||||
| -rw-r--r-- | src/lib/protocols/rtmp.c | 18 | ||||
| -rw-r--r-- | src/lib/protocols/rtp.c | 11 | ||||
| -rw-r--r-- | tests/pcap/ethereum.pcap | bin | 147293 -> 248135 bytes | |||
| -rw-r--r-- | tests/result/ethereum.pcap.out | 79 |
6 files changed, 152 insertions, 20 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 88a9bbfe4..088847c8a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -989,7 +989,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MINING, 0 /* can_have_a_subprotocol */, no_master, no_master, "Mining", CUSTOM_CATEGORY_MINING, - ndpi_build_default_ports(ports_a, 8333, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 8333, 30303, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NEST_LOG_SINK, 0 /* can_have_a_subprotocol */, no_master, diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c index b4361e270..aaedf6c6d 100644 --- a/src/lib/protocols/mining.c +++ b/src/lib/protocols/mining.c @@ -1,7 +1,7 @@ /* * mining.c [Bitcoin, Ethereum, ZCash, Monero] * - * Copyright (C) 2018 - ntop.org + * Copyright (C) 2018-20 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,14 +24,49 @@ #include "ndpi_api.h" +/* ************************************************************************** */ + +void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + u_int16_t source = ntohs(packet->udp->source); + u_int16_t dest = ntohs(packet->udp->dest); + + NDPI_LOG_DBG(ndpi_struct, "search MINING UDP\n"); + + // printf("==> %s()\n", __FUNCTION__); + /* + Ethereum P2P Discovery Protocol + https://github.com/ConsenSys/ethereum-dissectors/blob/master/packet-ethereum-disc.c + */ + if((packet->payload_packet_len > 98) + && (packet->payload_packet_len < 1280) + && ((source == 30303) || (dest == 30303)) + && (packet->payload[97] <= 0x04 /* NODES */) + ) { + if((packet->iph) && ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0xFF000000)) + ; + else if(packet->iphv6 && ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]) == 0xFF020000) + ; + else { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + + ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, __FILE__, __FUNCTION__, __LINE__); +} + +/* ************************************************************************** */ + void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG_DBG(ndpi_struct, "search MINING\n"); + NDPI_LOG_DBG(ndpi_struct, "search MINING TCP\n"); /* Check connection over TCP */ - if(packet->tcp && (packet->payload_packet_len > 10)) { + if(packet->payload_packet_len > 10) { if(packet->tcp->source == htons(8333)) { /* @@ -44,7 +79,14 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, if((*to_match == magic) || (*to_match == magic1)) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); } - } if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len) + } + + if((packet->payload_packet_len > 450) + && (packet->payload_packet_len < 600) + && (packet->tcp->dest == htons(30303) /* Ethereum port */) + && (packet->payload[2] == 0x04)) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + } else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len) && ( ndpi_strnstr((const char *)packet->payload, "\"eth1.0\"", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, "\"worker\":", packet->payload_packet_len) @@ -84,6 +126,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, __FILE__, __FUNCTION__, __LINE__); } +/* ************************************************************************** */ void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) @@ -96,5 +139,16 @@ void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; + + /* ************ */ + + ndpi_set_bitmask_protocol_detection("Mining", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_MINING, + ndpi_search_mining_udp, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; } diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c index 9bf73fecd..6f40ce42d 100644 --- a/src/lib/protocols/rtmp.c +++ b/src/lib/protocols/rtmp.c @@ -1,6 +1,7 @@ /* * rtmp.c * + * Copyright (C) 2020 - ntop.org * Copyright (C) 2014 Tomasz Bujlow <tomasz@skatnet.dk> * * The signature is based on the Libprotoident library. @@ -46,16 +47,16 @@ static void ndpi_check_rtmp(struct ndpi_detection_module_struct *ndpi_struct, st } /* Check if we so far detected the protocol in the request or not. */ - if (flow->rtmp_stage == 0) { - NDPI_LOG_DBG2(ndpi_struct, "RTMP stage 0: \n"); + if(flow->rtmp_stage == 0) { + NDPI_LOG_DBG2(ndpi_struct, "RTMP stage 0: \n"); - if ((payload_len >= 4) && ((packet->payload[0] == 0x03) || (packet->payload[0] == 0x06))) { - NDPI_LOG_DBG2(ndpi_struct, "Possible RTMP request detected, we will look further for the response\n"); + if ((payload_len >= 4) && ((packet->payload[0] == 0x03) || (packet->payload[0] == 0x06))) { + NDPI_LOG_DBG2(ndpi_struct, "Possible RTMP request detected, we will look further for the response\n"); - /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ - flow->rtmp_stage = packet->packet_direction + 1; - } - + /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ + flow->rtmp_stage = packet->packet_direction + 1; + } else + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } else { NDPI_LOG_DBG2(ndpi_struct, "RTMP stage %u: \n", flow->rtmp_stage); @@ -72,7 +73,6 @@ static void ndpi_check_rtmp(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to RTMP, resetting the stage to 0\n"); flow->rtmp_stage = 0; } - } } diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 8074779dd..acea41b54 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -124,12 +124,17 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - + u_int16_t source = ntohs(packet->udp->source); + u_int16_t dest = ntohs(packet->udp->dest); + + // printf("==> %s()\n", __FUNCTION__); + /* printf("*** %s(pkt=%d)\n", __FUNCTION__, flow->packet_counter); */ if((packet->udp != NULL) - /* && (ntohs(packet->udp->source) > 1023) */ - && (ntohs(packet->udp->dest) > 1023)) + && (source != 30303) && (dest != 30303 /* Avoid to mix it with Ethereum that looks alike */) + && (dest > 1023) + ) ndpi_rtp_search(ndpi_struct, flow, packet->payload, packet->payload_packet_len); } diff --git a/tests/pcap/ethereum.pcap b/tests/pcap/ethereum.pcap Binary files differindex f77637d62..e331bc22d 100644 --- a/tests/pcap/ethereum.pcap +++ b/tests/pcap/ethereum.pcap diff --git a/tests/result/ethereum.pcap.out b/tests/result/ethereum.pcap.out index aafe4df89..6006cc1b6 100644 --- a/tests/result/ethereum.pcap.out +++ b/tests/result/ethereum.pcap.out @@ -1,4 +1,77 @@ -Mining 819 134165 2 +Mining 1856 200635 68 +Amazon 144 15476 6 - 1 TCP 192.168.2.92:57726 <-> 94.23.36.128:4444 [proto: 42/Mining][cat: Mining/99][478 pkts/52883 bytes <-> 308 pkts/76667 bytes][Goodput ratio: 40.3/73.4][1191.49 sec][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2596.1/3847.5 9968/11081 3517.9/3668.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110.6/248.9 295/314 59.2/100.1][PLAIN TEXT (worker)] - 2 TCP 192.168.2.92:41680 <-> 91.121.222.33:4444 [proto: 42/Mining][cat: Mining/99][20 pkts/2159 bytes <-> 13 pkts/2456 bytes][Goodput ratio: 38.5/63.7][36.86 sec][bytes ratio: -0.064 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1749.4/1867.9 9914/9999 3194.4/3064.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107.9/188.9 271/314 57.4/116.4][PLAIN TEXT (worker)] + 1 TCP 192.168.1.184:56626 <-> 178.128.195.220:30303 [proto: 42/Mining][cat: Mining/99][32 pkts/3294 bytes <-> 37 pkts/3156 bytes][Goodput ratio: 35.5/21.4][0.16 sec][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1.7/3.6 42/62 8.1/14.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102.9/85.3 612/470 104.7/69.4] + 2 TCP 192.168.1.184:56638 <-> 209.250.240.205:30303 [proto: 42/Mining][cat: Mining/99][34 pkts/3347 bytes <-> 28 pkts/2774 bytes][Goodput ratio: 34.4/32.2][0.15 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.1/2.9 43/41 12.3/10.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98.4/99.1 481/560 78.6/94.8] + 3 TCP 192.168.1.184:56660 <-> 51.161.23.12:30303 [proto: 42/Mining][cat: Mining/99][36 pkts/3241 bytes <-> 29 pkts/2723 bytes][Goodput ratio: 28.5/30.7][0.57 sec][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9.9/9.3 147/141 35.6/34.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90.0/93.9 639/487 95.8/80.8] + 4 TCP 192.168.1.184:56658 <-> 157.230.152.87:30303 [proto: 42/Mining][cat: Mining/99][37 pkts/3341 bytes <-> 27 pkts/2583 bytes][Goodput ratio: 28.0/31.8][0.72 sec][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17.3/22.4 182/184 52.7/59.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90.3/95.7 649/457 96.1/78.7] + 5 TCP 192.168.1.184:56645 <-> 185.219.133.62:30303 [proto: 42/Mining][cat: Mining/99][34 pkts/3018 bytes <-> 27 pkts/2540 bytes][Goodput ratio: 25.2/31.4][0.20 sec][bytes ratio: 0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3.5/7.6 51/49 12.6/16.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 88.8/94.1 476/448 71.2/77.2] + 6 TCP 192.168.1.184:56650 <-> 35.228.250.140:30303 [proto: 42/Mining][cat: Mining/99][30 pkts/2806 bytes <-> 24 pkts/2380 bytes][Goodput ratio: 29.0/35.4][0.23 sec][bytes ratio: 0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6.8/5.9 57/56 18.2/16.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 93.5/99.2 528/508 84.2/91.7][PLAIN TEXT (J/hy@y)] + 7 TCP 192.168.1.184:56646 <-> 172.105.94.62:30303 [proto: 42/Mining][cat: Mining/99][28 pkts/2738 bytes <-> 24 pkts/2370 bytes][Goodput ratio: 32.5/35.6][0.22 sec][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7.2/15.4 116/91 24.2/28.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 97.8/98.8 540/398 88.6/89.0] + 8 TCP 192.168.1.184:56661 <-> 52.9.128.68:30303 [proto: 42.178/Mining.Amazon][cat: Mining/99][30 pkts/2768 bytes <-> 23 pkts/2318 bytes][Goodput ratio: 29.8/35.7][0.76 sec][bytes ratio: 0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.7/17.7 194/193 61.2/55.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 92.3/100.8 538/494 86.5/89.7] + 9 TCP 192.168.1.184:56674 <-> 94.68.55.162:30303 [proto: 42/Mining][cat: Mining/99][29 pkts/2801 bytes <-> 21 pkts/2262 bytes][Goodput ratio: 32.1/39.9][0.29 sec][bytes ratio: 0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9.0/7.5 74/75 23.6/22.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96.6/107.7 613/570 100.8/109.2] + 10 TCP 192.168.1.184:56671 <-> 86.107.243.62:30303 [proto: 42/Mining][cat: Mining/99][28 pkts/2804 bytes <-> 20 pkts/2138 bytes][Goodput ratio: 34.1/41.0][0.18 sec][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6.1/7.6 39/38 13.5/15.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 100.1/106.9 606/430 100.5/101.1] + 11 TCP 192.168.1.184:56643 <-> 178.62.29.183:30303 [proto: 42/Mining][cat: Mining/99][31 pkts/2879 bytes <-> 23 pkts/2042 bytes][Goodput ratio: 28.5/27.3][0.18 sec][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.2/8.2 48/47 14.3/16.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 92.9/88.8 535/384 84.2/68.5] + 12 TCP 192.168.1.184:56673 <-> 78.47.147.155:30303 [proto: 42/Mining][cat: Mining/99][28 pkts/2855 bytes <-> 9 pkts/1461 bytes][Goodput ratio: 34.4/58.8][0.41 sec][bytes ratio: 0.323 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 15.2/65.2 285/246 57.3/92.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102.0/162.3 633/413 105.0/125.6] + 13 TCP 192.168.1.184:56634 <-> 159.203.84.31:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2209 bytes <-> 23 pkts/2019 bytes][Goodput ratio: 36.7/28.6][0.33 sec][bytes ratio: 0.045 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12.1/18.3 109/109 33.9/40.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105.2/87.8 637/579 121.9/105.1] + 14 TCP 192.168.1.184:56610 <-> 165.22.107.33:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2212 bytes <-> 24 pkts/1962 bytes][Goodput ratio: 36.8/23.4][0.92 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 34.9/58.0 339/287 98.9/114.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 105.3/81.8 640/462 122.5/79.8] + 15 TCP 192.168.1.184:56621 <-> 52.187.207.27:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2163 bytes <-> 21 pkts/1843 bytes][Goodput ratio: 35.4/27.9][0.99 sec][bytes ratio: 0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37.3/52.8 354/316 105.5/117.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103.0/87.8 591/517 112.4/96.5] + 16 TCP 192.168.1.184:56620 <-> 191.234.162.198:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2150 bytes <-> 21 pkts/1845 bytes][Goodput ratio: 35.0/28.3][0.70 sec][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26.9/36.8 263/221 76.2/82.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102.4/87.9 578/525 109.7/98.2] + 17 TCP 192.168.1.184:56611 <-> 104.42.217.25:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2128 bytes <-> 21 pkts/1859 bytes][Goodput ratio: 34.3/28.5][0.57 sec][bytes ratio: 0.067 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.1/33.7 201/202 62.2/75.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101.3/88.5 556/533 105.1/99.8] + 18 TCP 192.168.1.184:56623 <-> 18.138.81.28:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2109 bytes <-> 22 pkts/1874 bytes][Goodput ratio: 33.7/25.9][0.83 sec][bytes ratio: 0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 31.7/43.5 308/260 89.4/96.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 100.4/85.2 537/488 101.2/88.4] + 19 TCP 192.168.1.184:56615 <-> 35.158.244.151:30303 [proto: 42.178/Mining.Amazon][cat: Mining/99][21 pkts/2133 bytes <-> 21 pkts/1834 bytes][Goodput ratio: 34.4/27.9][0.14 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.9/10.5 62/63 16.6/23.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101.6/87.3 561/514 106.2/95.9] + 20 TCP 192.168.1.184:56618 <-> 52.231.165.108:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2088 bytes <-> 21 pkts/1845 bytes][Goodput ratio: 33.0/28.0][0.70 sec][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26.8/37.0 261/222 76.0/82.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 99.4/87.9 516/519 96.9/96.9][PLAIN TEXT (XMOZOS)] + 21 TCP 192.168.1.184:56628 <-> 3.209.45.79:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2033 bytes <-> 21 pkts/1862 bytes][Goodput ratio: 31.2/28.7][0.41 sec][bytes ratio: 0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 16.6/27.3 163/164 46.9/61.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 96.8/88.7 461/536 85.7/100.5] + 22 TCP 192.168.1.184:56632 <-> 51.38.81.180:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2117 bytes <-> 20 pkts/1765 bytes][Goodput ratio: 33.9/28.5][0.22 sec][bytes ratio: 0.091 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8.2/13.2 78/78 23.0/29.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 100.8/88.2 545/505 102.9/96.1] + 23 TCP 192.168.1.184:56627 <-> 34.255.23.113:30303 [proto: 42.178/Mining.Amazon][cat: Mining/99][21 pkts/2150 bytes <-> 20 pkts/1728 bytes][Goodput ratio: 35.0/27.0][0.20 sec][bytes ratio: 0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3.9/10.7 70/62 16.0/23.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102.4/86.4 578/468 109.7/88.1] + 24 TCP 192.168.1.184:56622 <-> 18.138.108.67:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2169 bytes <-> 21 pkts/1704 bytes][Goodput ratio: 35.5/22.4][0.81 sec][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.7/42.2 300/253 87.1/94.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103.3/81.1 597/384 113.6/68.4] + 25 TCP 192.168.1.184:56639 <-> 18.219.167.159:30303 [proto: 42/Mining][cat: Mining/99][20 pkts/2093 bytes <-> 19 pkts/1750 bytes][Goodput ratio: 36.3/31.6][0.38 sec][bytes ratio: 0.089 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 14.9/24.6 130/122 40.6/48.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 104.7/92.1 587/556 114.0/109.8] + 26 UDP 192.168.1.184:30303 <-> 52.231.165.108:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/426 bytes <-> 4 pkts/3132 bytes][Goodput ratio: 80.1/94.6][0.27 sec][bytes ratio: -0.761 (Download)][IAT c2s/s2c min/avg/max/stddev: 40/0 40.0/6.3 40/19 0.0/9.0][Pkt Len c2s/s2c min/avg/max/stddev: 213/467 213.0/783.0 213/1099 0.0/316.0] + 27 TCP 192.168.1.184:56635 <-> 162.228.29.160:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2051 bytes <-> 16 pkts/1497 bytes][Goodput ratio: 31.8/31.3][0.47 sec][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17.7/32.0 159/152 49.6/60.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 97.7/93.6 479/471 89.4/98.0] + 28 TCP 192.168.1.184:56629 <-> 51.38.60.79:30303 [proto: 42/Mining][cat: Mining/99][19 pkts/1927 bytes <-> 19 pkts/1600 bytes][Goodput ratio: 34.3/25.2][0.16 sec][bytes ratio: 0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2.3/8.6 36/43 8.7/17.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101.4/84.2 487/406 95.1/76.6] + 29 TCP 192.168.1.184:56652 <-> 176.9.136.209:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1971 bytes <-> 17 pkts/1556 bytes][Goodput ratio: 39.1/31.6][0.10 sec][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4.5/8.8 34/33 11.2/14.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 109.5/91.5 597/494 121.6/101.2] + 30 TCP 192.168.1.184:56654 <-> 85.214.108.52:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1930 bytes <-> 14 pkts/1529 bytes][Goodput ratio: 41.2/41.8][0.14 sec][bytes ratio: 0.116 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7.3/12.0 35/36 13.8/17.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 113.5/109.2 574/401 118.9/102.8] + 31 TCP 192.168.1.184:56657 <-> 138.75.171.190:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1913 bytes <-> 16 pkts/1521 bytes][Goodput ratio: 40.7/34.4][0.79 sec][bytes ratio: 0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37.4/88.0 263/261 91.3/122.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 112.5/95.1 605/525 126.5/111.7] + 32 TCP 192.168.1.184:56630 <-> 40.67.144.128:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1871 bytes <-> 17 pkts/1551 bytes][Goodput ratio: 35.8/31.4][0.38 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18.0/28.0 158/112 46.5/48.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103.9/91.2 497/489 99.5/100.0][PLAIN TEXT (t ZZUM)] + 33 TCP 192.168.1.184:56624 <-> 89.38.99.34:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1895 bytes <-> 13 pkts/1495 bytes][Goodput ratio: 40.1/44.9][0.22 sec][bytes ratio: 0.118 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11.1/22.0 65/66 21.6/31.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 111.5/115.0 539/433 110.9/112.8] + 34 TCP 192.168.1.184:56651 <-> 138.201.12.87:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1857 bytes <-> 18 pkts/1521 bytes][Goodput ratio: 35.4/25.7][0.10 sec][bytes ratio: 0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4.6/9.0 36/33 11.6/13.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103.2/84.5 483/393 96.4/75.6] + 35 TCP 192.168.1.184:56672 <-> 139.162.255.210:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1826 bytes <-> 18 pkts/1550 bytes][Goodput ratio: 34.3/27.1][0.13 sec][bytes ratio: 0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.6/10.8 42/42 14.1/18.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101.4/86.1 452/422 89.6/82.1] + 36 TCP 192.168.1.184:56675 <-> 35.235.37.216:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1892 bytes <-> 13 pkts/1450 bytes][Goodput ratio: 40.7/43.1][0.10 sec][bytes ratio: 0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 5.3/13.0 25/25 10.0/12.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 111.3/111.5 596/420 124.7/106.0] + 37 TCP 192.168.1.184:56641 <-> 144.91.120.135:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1914 bytes <-> 14 pkts/1422 bytes][Goodput ratio: 40.7/37.4][0.12 sec][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6.1/10.3 30/29 11.5/13.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 112.6/101.6 606/390 126.7/96.7] + 38 TCP 192.168.1.184:56681 <-> 207.180.206.216:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1864 bytes <-> 13 pkts/1420 bytes][Goodput ratio: 39.8/41.5][0.16 sec][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8.4/10.0 40/40 15.8/17.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 109.6/109.2 568/384 118.3/97.8] + 39 TCP 192.168.1.184:56617 <-> 34.97.172.22:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1834 bytes <-> 12 pkts/1437 bytes][Goodput ratio: 38.8/46.4][1.13 sec][bytes ratio: 0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 61.5/67.8 318/271 118.0/117.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 107.9/119.8 538/461 111.5/118.7] + 40 TCP 192.168.1.184:56613 <-> 162.243.160.83:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1832 bytes <-> 14 pkts/1433 bytes][Goodput ratio: 38.1/37.9][0.51 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 28.5/52.0 154/153 54.7/71.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 107.8/102.4 524/401 108.0/99.0][PLAIN TEXT (fOZarJ)] + 41 TCP 192.168.1.184:56633 <-> 82.145.220.249:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1816 bytes <-> 15 pkts/1418 bytes][Goodput ratio: 37.5/34.2][0.20 sec][bytes ratio: 0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10.8/38.5 76/77 26.2/38.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 106.8/94.5 508/488 104.4/105.9] + 42 TCP 192.168.1.184:56679 <-> 35.228.158.52:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1748 bytes <-> 13 pkts/1472 bytes][Goodput ratio: 35.8/43.6][0.23 sec][bytes ratio: 0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12.1/20.0 59/60 23.1/28.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 102.8/113.2 452/436 92.1/109.4] + 43 TCP 192.168.1.184:56670 <-> 167.86.122.50:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1751 bytes <-> 13 pkts/1439 bytes][Goodput ratio: 35.9/42.3][0.16 sec][bytes ratio: 0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8.7/12.7 43/38 16.4/17.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103.0/110.7 455/403 92.8/102.0] + 44 TCP 192.168.1.184:56642 <-> 178.62.10.218:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1777 bytes <-> 12 pkts/1369 bytes][Goodput ratio: 36.8/44.2][0.17 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 9.0/22.0 43/42 17.1/20.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 104.5/114.1 481/399 98.6/104.4] + 45 TCP 192.168.1.184:56684 <-> 51.83.237.44:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1923 bytes <-> 7 pkts/1108 bytes][Goodput ratio: 41.6/57.5][0.13 sec][bytes ratio: 0.269 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9.0/14.3 43/42 17.1/19.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 113.1/158.3 627/432 131.8/131.9] + 46 TCP 192.168.1.184:56655 <-> 202.112.28.106:30303 [proto: 42/Mining][cat: Mining/99][18 pkts/1982 bytes <-> 6 pkts/948 bytes][Goodput ratio: 39.4/57.3][0.88 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 58.0/109.8 436/438 147.7/189.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/67 110.1/158.0 560/434 112.9/130.5] + 47 TCP 192.168.1.184:56662 <-> 35.229.232.19:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/1833 bytes <-> 9 pkts/1016 bytes][Goodput ratio: 36.8/48.9][0.59 sec][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32.6/48.2 298/288 92.1/107.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 87.3/112.9 489/487 93.8/132.5] + 48 TCP 192.168.1.184:56663 <-> 124.217.235.180:30303 [proto: 42/Mining][cat: Mining/99][17 pkts/1919 bytes <-> 5 pkts/730 bytes][Goodput ratio: 40.9/53.6][0.77 sec][bytes ratio: 0.449 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 55.0/127.0 388/377 134.3/176.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.9/146.0 611/394 127.9/124.7] + 49 UDP 192.168.1.184:30303 <-> 18.219.167.159:30303 [proto: 42/Mining][cat: Mining/99][3 pkts/575 bytes <-> 4 pkts/1928 bytes][Goodput ratio: 78.0/91.2][0.75 sec][bytes ratio: -0.541 (Download)][IAT c2s/s2c min/avg/max/stddev: 127/0 314.0/208.7 501/626 187.0/295.1][Pkt Len c2s/s2c min/avg/max/stddev: 170/170 191.7/482.0 213/1099 17.6/375.0] + 50 TCP 192.168.1.184:56647 <-> 182.162.161.61:30303 [proto: 42/Mining][cat: Mining/99][11 pkts/1520 bytes <-> 5 pkts/842 bytes][Goodput ratio: 45.9/59.8][0.75 sec][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 82.6/124.0 372/371 154.2/174.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 138.2/168.4 588/554 146.8/192.9] + 51 TCP 192.168.1.184:56685 <-> 88.99.93.219:30303 [proto: 42/Mining][cat: Mining/99][9 pkts/1362 bytes <-> 3 pkts/603 bytes][Goodput ratio: 55.5/65.7][0.08 sec][bytes ratio: 0.386 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 11.3/20.5 41/38 17.6/17.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 151.3/201.0 646/463 178.8/185.3] + 52 UDP 192.168.1.184:30303 <-> 18.138.108.67:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1566 bytes][Goodput ratio: 79.9/94.6][0.27 sec] + 53 UDP 192.168.1.184:30303 <-> 35.180.246.169:30301 [proto: 42.178/Mining.Amazon][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1566 bytes][Goodput ratio: 79.9/94.6][0.03 sec] + 54 UDP 192.168.1.184:30303 <-> 3.209.45.79:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 79.9/94.6][0.14 sec] + 55 UDP 192.168.1.184:30303 <-> 34.97.172.22:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 79.9/94.6][0.27 sec][PLAIN TEXT (PbEvGi)] + 56 UDP 192.168.1.184:30303 <-> 54.36.160.211:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 79.9/94.6][0.08 sec][PLAIN TEXT (PbEvGi)] + 57 UDP 192.168.1.184:30303 <-> 128.0.51.140:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/213 bytes <-> 2 pkts/1564 bytes][Goodput ratio: 79.9/94.6][0.08 sec] + 58 TCP 192.168.1.184:56612 <-> 66.42.82.246:30303 [proto: 42/Mining][cat: Mining/99][3 pkts/639 bytes <-> 2 pkts/140 bytes][Goodput ratio: 67.0/0.0][0.32 sec] + 59 TCP 192.168.1.184:56680 <-> 138.59.17.58:30303 [proto: 42/Mining][cat: Mining/99][3 pkts/657 bytes <-> 1 pkts/74 bytes][Goodput ratio: 67.9/0.0][0.20 sec] + 60 UDP 183.129.242.164:1024 <-> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/360 bytes <-> 2 pkts/362 bytes][Goodput ratio: 76.5/76.6][0.38 sec] + 61 TCP 192.168.1.184:56686 <-> 206.189.107.35:30303 [proto: 42/Mining][cat: Mining/99][3 pkts/617 bytes <-> 1 pkts/74 bytes][Goodput ratio: 65.9/0.0][0.05 sec] + 62 TCP 192.168.1.184:56678 <-> 13.251.14.199:30303 [proto: 42.178/Mining.Amazon][cat: Web/5][3 pkts/614 bytes <-> 1 pkts/74 bytes][Goodput ratio: 65.7/0.0][0.25 sec] + 63 UDP 192.168.1.184:30303 <-> 66.42.82.246:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes <-> 1 pkts/191 bytes][Goodput ratio: 77.9/77.6][0.64 sec] + 64 UDP 87.14.222.25:56693 -> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 77.9/0.0][1.06 sec] + 65 UDP 192.168.1.184:30303 -> 111.229.0.180:20182 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 77.9/0.0][1.00 sec] + 66 UDP 192.168.1.184:30303 -> 209.97.143.1:50000 [proto: 42/Mining][cat: Mining/99][2 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 77.9/0.0][1.00 sec] + 67 UDP 192.168.1.184:30303 <-> 202.112.28.106:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/170 bytes <-> 1 pkts/191 bytes][Goodput ratio: 74.9/77.6][0.44 sec][PLAIN TEXT (0/XoR/Q)] + 68 UDP 192.168.1.184:30303 <-> 167.86.122.50:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/170 bytes <-> 1 pkts/189 bytes][Goodput ratio: 74.9/77.4][0.03 sec] + 69 UDP 3.112.138.57:25516 -> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 76.4/0.0][< 1 sec] + 70 UDP 60.191.32.71:30303 -> 192.168.1.184:30303 [proto: 42/Mining][cat: Mining/99][1 pkts/171 bytes -> 0 pkts/0 bytes][Goodput ratio: 75.0/0.0][< 1 sec] + 71 UDP 192.168.1.184:30303 -> 106.12.39.168:30333 [proto: 42/Mining][cat: Mining/99][1 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 74.9/0.0][< 1 sec] + 72 TCP 192.168.1.184:56625 -> 5.1.83.226:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/156 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][1.10 sec] + 73 TCP 192.168.1.184:56637 -> 35.233.197.131:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/156 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][1.11 sec] + 74 TCP 192.168.1.184:56644 -> 13.230.108.42:30303 [proto: 42.178/Mining.Amazon][cat: Web/5][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 0.0/0.0][< 1 sec] |