diff options
80 files changed, 241 insertions, 75 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 7485a9062..a2c8cd317 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -335,6 +335,7 @@ typedef enum { NDPI_PROTOCOL_ULTRASURF = 304, NDPI_PROTOCOL_THREEMA = 305, NDPI_PROTOCOL_ALICLOUD = 306, + NDPI_PROTOCOL_AVAST = 307, #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h" diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 1ac315cf5..ebd88a837 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -233,6 +233,7 @@ void init_riotgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_ultrasurf_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_threema_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_alicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_avast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); /* ndpi_main.c */ extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port); diff --git a/src/lib/inc_generated/ndpi_asn_avast.c.inc b/src/lib/inc_generated/ndpi_asn_avast.c.inc new file mode 100644 index 000000000..c1e645d34 --- /dev/null +++ b/src/lib/inc_generated/ndpi_asn_avast.c.inc @@ -0,0 +1,64 @@ +/* + * + * This file is generated automatically and part of nDPI + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/* ****************************************************** */ + + +static ndpi_network ndpi_protocol_avast_protocol_list[] = { + { 0x052D3800 /* 5.45.56.0/21 */, 21, NDPI_PROTOCOL_AVAST }, + { 0x053E1000 /* 5.62.16.0/23 */, 23, NDPI_PROTOCOL_AVAST }, + { 0x053E1400 /* 5.62.20.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x053E1800 /* 5.62.24.0/23 */, 23, NDPI_PROTOCOL_AVAST }, + { 0x053E2000 /* 5.62.32.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x053E2400 /* 5.62.36.0/22 */, 22, NDPI_PROTOCOL_AVAST }, + { 0x053E2800 /* 5.62.40.0/21 */, 21, NDPI_PROTOCOL_AVAST }, + { 0x053E3000 /* 5.62.48.0/23 */, 23, NDPI_PROTOCOL_AVAST }, + { 0x053E3200 /* 5.62.50.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x053E3400 /* 5.62.52.0/22 */, 22, NDPI_PROTOCOL_AVAST }, + { 0x053E3800 /* 5.62.56.0/21 */, 21, NDPI_PROTOCOL_AVAST }, + { 0x259CB800 /* 37.156.184.0/23 */, 23, NDPI_PROTOCOL_AVAST }, + { 0x259CBB00 /* 37.156.187.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x455E4000 /* 69.94.64.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x455E4300 /* 69.94.67.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x455E4400 /* 69.94.68.0/23 */, 23, NDPI_PROTOCOL_AVAST }, + { 0x455E4600 /* 69.94.70.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x455E4800 /* 69.94.72.0/21 */, 21, NDPI_PROTOCOL_AVAST }, + { 0x4DEA2800 /* 77.234.40.0/22 */, 22, NDPI_PROTOCOL_AVAST }, + { 0x4DEA2C00 /* 77.234.44.0/23 */, 23, NDPI_PROTOCOL_AVAST }, + { 0x4DEA2E00 /* 77.234.46.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x5BD58F00 /* 91.213.143.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x5F8E7000 /* 95.142.112.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x5F8E7300 /* 95.142.115.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x5F8E7600 /* 95.142.118.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x5F8E7900 /* 95.142.121.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x5F8E7C00 /* 95.142.124.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x5F8E7F00 /* 95.142.127.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x9FF2E300 /* 159.242.227.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x9FF2EA00 /* 159.242.234.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0x9FF2EF00 /* 159.242.239.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0xB933E400 /* 185.51.228.0/23 */, 23, NDPI_PROTOCOL_AVAST }, + { 0xB933E600 /* 185.51.230.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0xB936E600 /* 185.54.230.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0xB9A74000 /* 185.167.64.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + { 0xB9BD5C00 /* 185.189.92.0/22 */, 22, NDPI_PROTOCOL_AVAST }, + { 0xC2631C00 /* 194.99.28.0/22 */, 22, NDPI_PROTOCOL_AVAST }, + { 0xC34A4C00 /* 195.74.76.0/24 */, 24, NDPI_PROTOCOL_AVAST }, + /* End */ + { 0x0, 0, 0 } +}; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 53f2dad3a..5f6ff9aa5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -87,6 +87,7 @@ #include "inc_generated/ndpi_asn_riotgames.c.inc" #include "inc_generated/ndpi_asn_threema.c.inc" #include "inc_generated/ndpi_asn_alibaba.c.inc" +#include "inc_generated/ndpi_asn_avast.c.inc" /* Third party libraries */ #include "third_party/include/ndpi_patricia.h" @@ -1954,6 +1955,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "AliCloud", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_AVAST, + "AVAST", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main.c" @@ -2612,6 +2617,7 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_riotgames_protocol_list); ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_threema_protocol_list); ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_alibaba_protocol_list); + ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_avast_protocol_list); } } @@ -4456,6 +4462,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* AliCloud */ init_alicloud_dissector(ndpi_str, &a, detection_bitmask); + /* AVAST */ + init_avast_dissector(ndpi_str, &a, detection_bitmask); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif diff --git a/src/lib/protocols/avast.c b/src/lib/protocols/avast.c new file mode 100644 index 000000000..b94c5ad62 --- /dev/null +++ b/src/lib/protocols/avast.c @@ -0,0 +1,67 @@ +/* + * avast.c + * + * Copyright (C) 2012-22 - ntop.org + * + * This module is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This module is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License. + * If not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AVAST + +#include <stdlib.h> +#include "ndpi_api.h" + +static void ndpi_int_avast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AVAST, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); +} + +static void ndpi_search_avast(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct * packet = &ndpi_struct->packet; + + if (packet->payload_packet_len < 6) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + if (strncmp((char *)&packet->payload[0], "NOSA", NDPI_STATICSTRING_LEN("NOSA")) == 0 && + ntohs(*(uint16_t *)&packet->payload[4]) == packet->payload_packet_len) + { + ndpi_int_avast_add_connection(ndpi_struct, flow); + return; + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +void init_avast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, + NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("AVAST", + ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_AVAST, + ndpi_search_avast, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} diff --git a/src/lib/protocols/avast_securedns.c b/src/lib/protocols/avast_securedns.c index 5edd1e689..a640d6815 100644 --- a/src/lib/protocols/avast_securedns.c +++ b/src/lib/protocols/avast_securedns.c @@ -1,5 +1,5 @@ /* - * avast.c + * avast_securedns.c * * Copyright (C) 2012-22 - ntop.org * @@ -44,7 +44,7 @@ static void ndpi_search_avast_securedns(struct ndpi_detection_module_struct *ndp return; } - if (strncasecmp((char *)&packet->payload[15], "securedns", strlen("securedns")) == 0) + if (strncasecmp((char *)&packet->payload[15], "securedns", NDPI_STATICSTRING_LEN("securedns")) == 0) { ndpi_int_avast_securedns_add_connection(ndpi_struct, flow); return; diff --git a/tests/pcap/avast.pcap b/tests/pcap/avast.pcap Binary files differnew file mode 100644 index 000000000..5a4fe6fd9 --- /dev/null +++ b/tests/pcap/avast.pcap diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index bd2117a80..e5e3c3b70 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -6,7 +6,7 @@ Confidence Unknown : 14 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 5058 (25.68 diss/flow) +Num dissector calls: 5061 (25.69 diss/flow) Unknown 24 6428 14 DNS 2 378 1 diff --git a/tests/result/443-chrome.pcap.out b/tests/result/443-chrome.pcap.out index d4e7d13c9..1bf4bd7bb 100644 --- a/tests/result/443-chrome.pcap.out +++ b/tests/result/443-chrome.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 121 (121.00 diss/flow) +Num dissector calls: 122 (122.00 diss/flow) TLS 1 1506 1 diff --git a/tests/result/443-opvn.pcap.out b/tests/result/443-opvn.pcap.out index a8bffe84f..7cace9a61 100644 --- a/tests/result/443-opvn.pcap.out +++ b/tests/result/443-opvn.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 135 (135.00 diss/flow) +Num dissector calls: 136 (136.00 diss/flow) OpenVPN 46 11573 1 diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index dce0a11c3..2c9402465 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 33 (flows) -Num dissector calls: 879 (23.13 diss/flow) +Num dissector calls: 881 (23.18 diss/flow) DNS 2 217 1 HTTP 1 56 1 diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index c36f17420..a0843f09b 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 6 (1.20 pkts/flow) Confidence Match by port : 4 (flows) Confidence Match by IP : 5 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 999 (49.95 diss/flow) +Num dissector calls: 1003 (50.15 diss/flow) HTTP 5 280 1 QQ 15 1727 1 diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out index c24351f0b..f64b48bb9 100644 --- a/tests/result/Oscar.pcap.out +++ b/tests/result/Oscar.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 352 (352.00 diss/flow) +Num dissector calls: 353 (353.00 diss/flow) TLS 71 9386 1 diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out index fc9d85dc8..c0b7c59a6 100644 --- a/tests/result/alexa-app.pcapng.out +++ b/tests/result/alexa-app.pcapng.out @@ -6,7 +6,7 @@ DPI Packets (other): 6 (1.00 pkts/flow) Confidence Match by port : 5 (flows) Confidence Match by IP : 9 (flows) Confidence DPI : 146 (flows) -Num dissector calls: 2329 (14.56 diss/flow) +Num dissector calls: 2330 (14.56 diss/flow) DNS 4 400 2 DHCP 3 1056 2 diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out index a0013433f..18dce600d 100644 --- a/tests/result/amqp.pcap.out +++ b/tests/result/amqp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 9 (3.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 401 (133.67 diss/flow) +Num dissector calls: 402 (134.00 diss/flow) AMQP 160 23514 3 diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 6d04f9f3d..859a229bf 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 2 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 61 (flows) -Num dissector calls: 1170 (16.96 diss/flow) +Num dissector calls: 1171 (16.97 diss/flow) Unknown 19 1054 2 DNS 32 3655 16 diff --git a/tests/result/avast.pcap.out b/tests/result/avast.pcap.out new file mode 100644 index 000000000..436839a3e --- /dev/null +++ b/tests/result/avast.pcap.out @@ -0,0 +1,18 @@ +Guessed flow protos: 0 + +DPI Packets (TCP): 40 (4.00 pkts/flow) +Confidence DPI : 10 (flows) +Num dissector calls: 1340 (134.00 diss/flow) + +AVAST 142 9433 10 + + 1 TCP 192.168.2.100:62741 <-> 5.62.53.131:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/543 bytes <-> 7 pkts/512 bytes][Goodput ratio: 18/20][569.69 sec][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63304/75961 189840/189839 89445/92978][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/73 150/140 31/28][Plen Bins: 67,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.2.100:64903 <-> 5.62.53.53:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/583 bytes <-> 7 pkts/432 bytes][Goodput ratio: 24/4][1385.80 sec][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171484/205784 356850/356863 172007/168697][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/62 150/70 32/3][Plen Bins: 67,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.2.100:49532 <-> 5.62.54.89:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][797.30 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99700/119575 199551/199551 99662/97621][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.2.100:49758 <-> 5.62.53.53:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][1284.92 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 160593/192744 321174/321337 160514/157360][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 192.168.2.100:57727 <-> 5.62.54.29:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][853.64 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 106683/128066 213347/213516 106625/104544][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.2.100:58030 <-> 5.62.54.89:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][996.22 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 124526/149430 249046/249046 124489/121997][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 192.168.2.100:64357 <-> 5.62.54.29:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][749.40 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 93674/112408 187336/187342 93637/91768][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 192.168.2.100:64701 <-> 5.62.53.53:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][792.06 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99006/118807 198003/198005 98970/96994][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 192.168.2.100:58412 <-> 5.62.54.29:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][5 pkts/379 bytes <-> 7 pkts/432 bytes][Goodput ratio: 26/4][587.81 sec][bytes ratio: -0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 46818/139938 187142/372483 81016/154492][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 76/62 150/70 37/3][Plen Bins: 66,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.2.100:54405 <-> 5.62.54.89:80 [proto: 307/AVAST][Encrypted][Confidence: DPI][cat: Network/14][4 pkts/324 bytes <-> 6 pkts/372 bytes][Goodput ratio: 30/4][145.35 sec][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 48/95869 109/369424 45/158040][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/62 150/70 40/4][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/cloudflare-warp.pcap.out b/tests/result/cloudflare-warp.pcap.out index eff72b17d..dbb87fc7c 100644 --- a/tests/result/cloudflare-warp.pcap.out +++ b/tests/result/cloudflare-warp.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (TCP): 41 (5.12 pkts/flow) Confidence Match by IP : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 286 (35.75 diss/flow) +Num dissector calls: 287 (35.88 diss/flow) Jabber 11 890 1 Google 8 476 3 diff --git a/tests/result/emotet.pcap.out b/tests/result/emotet.pcap.out index 8db6960f8..06a71411f 100644 --- a/tests/result/emotet.pcap.out +++ b/tests/result/emotet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 48 (8.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 280 (46.67 diss/flow) +Num dissector calls: 281 (46.83 diss/flow) SMTP 626 438465 1 HTTP 1601 1581542 3 diff --git a/tests/result/ftp-start-tls.pcap.out b/tests/result/ftp-start-tls.pcap.out index 43874bcc7..ef8df8bc4 100644 --- a/tests/result/ftp-start-tls.pcap.out +++ b/tests/result/ftp-start-tls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 176 (176.00 diss/flow) +Num dissector calls: 177 (177.00 diss/flow) FTP_CONTROL 51 7510 1 diff --git a/tests/result/ftp.pcap.out b/tests/result/ftp.pcap.out index 4b7d61d05..46fb28a46 100644 --- a/tests/result/ftp.pcap.out +++ b/tests/result/ftp.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 49 (16.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 690 (230.00 diss/flow) +Num dissector calls: 692 (230.67 diss/flow) Unknown 1115 1122198 1 FTP_CONTROL 68 5571 1 diff --git a/tests/result/ftp_failed.pcap.out b/tests/result/ftp_failed.pcap.out index a0c746116..3944a87a0 100644 --- a/tests/result/ftp_failed.pcap.out +++ b/tests/result/ftp_failed.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 160 (160.00 diss/flow) +Num dissector calls: 161 (161.00 diss/flow) FTP_CONTROL 18 1700 1 diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out index fbe9512e3..dd3ea0e5c 100644 --- a/tests/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5266 (20.98 diss/flow) +Num dissector calls: 5279 (21.03 diss/flow) Unknown 30 3356 30 FTP_CONTROL 36 2569 12 diff --git a/tests/result/fuzz-2006-09-29-28586.pcap.out b/tests/result/fuzz-2006-09-29-28586.pcap.out index d85f4a68d..6bb45d9af 100644 --- a/tests/result/fuzz-2006-09-29-28586.pcap.out +++ b/tests/result/fuzz-2006-09-29-28586.pcap.out @@ -6,7 +6,7 @@ Confidence Unknown : 3 (flows) Confidence Match by port : 23 (flows) Confidence Match by IP : 2 (flows) Confidence DPI : 12 (flows) -Num dissector calls: 1232 (30.80 diss/flow) +Num dissector calls: 1238 (30.95 diss/flow) Unknown 3 655 3 HTTP 116 27378 35 diff --git a/tests/result/fuzz-2021-10-13.pcap.out b/tests/result/fuzz-2021-10-13.pcap.out index 1f22320cd..644432f05 100644 --- a/tests/result/fuzz-2021-10-13.pcap.out +++ b/tests/result/fuzz-2021-10-13.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 119 (119.00 diss/flow) +Num dissector calls: 120 (120.00 diss/flow) Unknown 1 197 1 diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index 7494ce9e6..df94a07e1 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 28 (28.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 253 (253.00 diss/flow) +Num dissector calls: 254 (254.00 diss/flow) Google 28 9108 1 diff --git a/tests/result/h323-overflow.pcap.out b/tests/result/h323-overflow.pcap.out index b48860db5..cd7c4e6f8 100644 --- a/tests/result/h323-overflow.pcap.out +++ b/tests/result/h323-overflow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 121 (121.00 diss/flow) +Num dissector calls: 122 (122.00 diss/flow) HTTP 1 58 1 diff --git a/tests/result/h323.pcap.out b/tests/result/h323.pcap.out index 59e0551a3..a35ba0e51 100644 --- a/tests/result/h323.pcap.out +++ b/tests/result/h323.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 123 (61.50 diss/flow) +Num dissector calls: 124 (62.00 diss/flow) H323 12 1825 2 diff --git a/tests/result/imap-starttls.pcap.out b/tests/result/imap-starttls.pcap.out index 8158a847f..65dd10236 100644 --- a/tests/result/imap-starttls.pcap.out +++ b/tests/result/imap-starttls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 192 (192.00 diss/flow) +Num dissector calls: 193 (193.00 diss/flow) IMAPS 32 7975 1 diff --git a/tests/result/imap.pcap.out b/tests/result/imap.pcap.out index 2cd1781ca..3fd6bc4f0 100644 --- a/tests/result/imap.pcap.out +++ b/tests/result/imap.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 215 (215.00 diss/flow) +Num dissector calls: 216 (216.00 diss/flow) IMAP 33 3774 1 diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index 74fa6bad6..e4f7114b8 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 2042 (53.74 diss/flow) +Num dissector calls: 2046 (53.84 diss/flow) Unknown 1 66 1 HTTP 116 91784 6 diff --git a/tests/result/irc.pcap.out b/tests/result/irc.pcap.out index f8a32d808..2a1e753c6 100644 --- a/tests/result/irc.pcap.out +++ b/tests/result/irc.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 169 (169.00 diss/flow) +Num dissector calls: 170 (170.00 diss/flow) IRC 29 8945 1 diff --git a/tests/result/jabber.pcap.out b/tests/result/jabber.pcap.out index bec49335e..70ac71270 100644 --- a/tests/result/jabber.pcap.out +++ b/tests/result/jabber.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 74 (6.17 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1523 (126.92 diss/flow) +Num dissector calls: 1532 (127.67 diss/flow) Jabber 358 61304 12 diff --git a/tests/result/kerberos.pcap.out b/tests/result/kerberos.pcap.out index 5e2af9216..e896a37ab 100644 --- a/tests/result/kerberos.pcap.out +++ b/tests/result/kerberos.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (2.14 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 23 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 3866 (107.39 diss/flow) +Num dissector calls: 3891 (108.08 diss/flow) Unknown 9 3031 2 SMBv23 6 1914 3 diff --git a/tests/result/log4j-webapp-exploit.pcap.out b/tests/result/log4j-webapp-exploit.pcap.out index 652b6b9f5..a74ae0ed1 100644 --- a/tests/result/log4j-webapp-exploit.pcap.out +++ b/tests/result/log4j-webapp-exploit.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 63 (9.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 546 (78.00 diss/flow) +Num dissector calls: 547 (78.14 diss/flow) Unknown 356 25081 2 HTTP 34 6741 3 diff --git a/tests/result/memcached.cap.out b/tests/result/memcached.cap.out index 3b61ed2ee..8df8a3e6d 100644 --- a/tests/result/memcached.cap.out +++ b/tests/result/memcached.cap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 135 (135.00 diss/flow) +Num dissector calls: 136 (136.00 diss/flow) Memcached 10 1711 1 diff --git a/tests/result/mongo_false_positive.pcapng.out b/tests/result/mongo_false_positive.pcapng.out index decbd9361..5f70a6302 100644 --- a/tests/result/mongo_false_positive.pcapng.out +++ b/tests/result/mongo_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (26.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 414 (414.00 diss/flow) +Num dissector calls: 415 (415.00 diss/flow) TLS 26 12163 1 diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out index f70e038f2..7afca8fa3 100644 --- a/tests/result/mssql_tds.pcap.out +++ b/tests/result/mssql_tds.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 18 (1.50 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 284 (23.67 diss/flow) +Num dissector calls: 285 (23.75 diss/flow) MsSQL-TDS 38 16260 12 diff --git a/tests/result/nest_log_sink.pcap.out b/tests/result/nest_log_sink.pcap.out index 9cfc5cdce..a22d9b80f 100644 --- a/tests/result/nest_log_sink.pcap.out +++ b/tests/result/nest_log_sink.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 128 (9.85 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 13 (flows) -Num dissector calls: 2103 (150.21 diss/flow) +Num dissector calls: 2115 (151.07 diss/flow) DNS 15 1612 1 NestLogSink 676 112058 12 diff --git a/tests/result/netbios.pcap.out b/tests/result/netbios.pcap.out index 5d31a930b..1d5a27846 100644 --- a/tests/result/netbios.pcap.out +++ b/tests/result/netbios.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 14 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 14 (flows) -Num dissector calls: 136 (9.07 diss/flow) +Num dissector calls: 137 (9.13 diss/flow) NetBIOS 258 24196 13 SMBv1 2 486 2 diff --git a/tests/result/nntp.pcap.out b/tests/result/nntp.pcap.out index 43a7e1a1d..44c674eca 100644 --- a/tests/result/nntp.pcap.out +++ b/tests/result/nntp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 141 (141.00 diss/flow) +Num dissector calls: 142 (142.00 diss/flow) Usenet 32 7037 1 diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index a53f7eb78..d40fc61f1 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 392 (130.67 diss/flow) +Num dissector calls: 393 (131.00 diss/flow) OpenVPN 298 57111 3 diff --git a/tests/result/oracle12.pcapng.out b/tests/result/oracle12.pcapng.out index 250c7ca2e..f53b9f2da 100644 --- a/tests/result/oracle12.pcapng.out +++ b/tests/result/oracle12.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 20 (20.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 305 (305.00 diss/flow) +Num dissector calls: 306 (306.00 diss/flow) Oracle 20 2518 1 diff --git a/tests/result/pgsql.pcap.out b/tests/result/pgsql.pcap.out index 2a19914b7..e3ffa7b82 100644 --- a/tests/result/pgsql.pcap.out +++ b/tests/result/pgsql.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 270 (135.00 diss/flow) +Num dissector calls: 272 (136.00 diss/flow) PostgreSQL 39 4709 2 diff --git a/tests/result/pop3.pcap.out b/tests/result/pop3.pcap.out index 8171df058..8ee95c0b2 100644 --- a/tests/result/pop3.pcap.out +++ b/tests/result/pop3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 191 (191.00 diss/flow) +Num dissector calls: 192 (192.00 diss/flow) POP3 31 3915 1 diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 027f65ff9..02886d02b 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -8,11 +8,12 @@ Confidence DPI : 71 (flows) Num dissector calls: 6270 (58.60 diss/flow) Unknown 990 378832 34 -HTTP 377 402676 46 +HTTP 372 399367 45 SSDP 63 17143 10 PPStream 1102 1420975 15 Google 2 1093 1 Cybersec 23 25892 1 +AVAST 5 3309 1 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.54/HTTP.PPStream][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Goodput ratio: 82/96][0.98 sec][Hostname/SNI: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/77 0/8][Pkt Len c2s/s2c min/avg/max/stddev: 303/522 303/1313 303/1314 0/34][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_2.jpg?no=2][StatusCode: 200][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.54/HTTP.PPStream][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Goodput ratio: 82/96][0.82 sec][Hostname/SNI: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/51 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 303/180 303/1312 303/1314 0/49][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_1.jpg?no=1][StatusCode: 200][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] @@ -22,7 +23,7 @@ Cybersec 23 25892 1 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][ClearText][Confidence: DPI][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][6.36 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 46/0 393/0 2654/0 855/0][Pkt Len c2s/s2c min/avg/max/stddev: 473/0 518/0 553/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.54/HTTP.PPStream][ClearText][Confidence: DPI][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Goodput ratio: 92/94][0.04 sec][Hostname/SNI: cache.video.iqiyi.com][URL: cache.video.iqiyi.com/vi/500494600/562e26caed5695900212eb3259070f8a/?src=1_11_114][StatusCode: 200][PLAIN TEXT (GET /vi/500494600/562)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Goodput ratio: 94/73][0.55 sec][Hostname/SNI: msg.71.am][bytes ratio: 0.653 (Upload)][IAT c2s/s2c min/avg/max/stddev: 117/118 216/217 315/316 99/99][Pkt Len c2s/s2c min/avg/max/stddev: 946/199 948/199 952/199 3/0][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Download/7][4 pkts/2953 bytes <-> 1 pkts/356 bytes][Goodput ratio: 93/85][0.24 sec][Risk: ** Binary App Transfer **][Risk Score: 250][Risk Info: Found mime exe octet-stream][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0] + 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7.307/HTTP.AVAST][ClearText][Confidence: DPI][cat: Download/7][4 pkts/2953 bytes <-> 1 pkts/356 bytes][Goodput ratio: 93/85][0.24 sec][Risk: ** Binary App Transfer **][Risk Score: 250][Risk Info: Found mime exe octet-stream][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0] 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Goodput ratio: 73/90][0.09 sec][Hostname/SNI: static.qiyi.com][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/19 27/27 34/35 6/7][Pkt Len c2s/s2c min/avg/max/stddev: 198/526 200/528 202/530 2/2][URL: static.qiyi.com/ext/common/qisu2/masauto.ini][StatusCode: 200][User-Agent: masauto_runxx][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Goodput ratio: 82/95][0.06 sec][Hostname/SNI: meta.video.qiyi.com][URL: meta.video.qiyi.com/20160625/a5/bf/413f91ad101e780a6b63f826e28b9920.xml][StatusCode: 200][User-Agent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /20160625/a)][Plen Bins: 0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0] 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Goodput ratio: 94/73][2.78 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1][StatusCode: 200][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/reasm_crash_anon.pcapng.out b/tests/result/reasm_crash_anon.pcapng.out index fec1939c0..32c3ab998 100644 --- a/tests/result/reasm_crash_anon.pcapng.out +++ b/tests/result/reasm_crash_anon.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 338 (338.00 diss/flow) +Num dissector calls: 339 (339.00 diss/flow) Unknown 200 20067 1 diff --git a/tests/result/reasm_segv_anon.pcapng.out b/tests/result/reasm_segv_anon.pcapng.out index 0a2c207e4..b0970929e 100644 --- a/tests/result/reasm_segv_anon.pcapng.out +++ b/tests/result/reasm_segv_anon.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 317 (317.00 diss/flow) +Num dissector calls: 318 (318.00 diss/flow) HTTP 82 77940 1 diff --git a/tests/result/rsh.pcap.out b/tests/result/rsh.pcap.out index d47bce8a4..f319d3470 100644 --- a/tests/result/rsh.pcap.out +++ b/tests/result/rsh.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 322 (161.00 diss/flow) +Num dissector calls: 324 (162.00 diss/flow) RSH 24 1721 2 diff --git a/tests/result/rsync.pcap.out b/tests/result/rsync.pcap.out index 0153b6e26..bfbcfffa0 100644 --- a/tests/result/rsync.pcap.out +++ b/tests/result/rsync.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 183 (183.00 diss/flow) +Num dissector calls: 184 (184.00 diss/flow) RSYNC 30 2493 1 diff --git a/tests/result/rtmp.pcap.out b/tests/result/rtmp.pcap.out index d34e8e54c..65c8a08f9 100644 --- a/tests/result/rtmp.pcap.out +++ b/tests/result/rtmp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 165 (165.00 diss/flow) +Num dissector calls: 166 (166.00 diss/flow) RTMP 26 8368 1 diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index a5debdcb5..7684bc692 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 61 (flows) Confidence Match by port : 27 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 204 (flows) -Num dissector calls: 31972 (109.12 diss/flow) +Num dissector calls: 32058 (109.41 diss/flow) Unknown 1575 272476 61 DNS 2 267 1 diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 4ec4425f6..e405b780b 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 45 (flows) Confidence Match by port : 22 (flows) Confidence DPI : 200 (flows) -Num dissector calls: 26166 (98.00 diss/flow) +Num dissector calls: 26230 (98.24 diss/flow) Unknown 850 152468 45 DNS 2 267 1 diff --git a/tests/result/smb_frags.pcap.out b/tests/result/smb_frags.pcap.out index 09aab382e..388fddadb 100644 --- a/tests/result/smb_frags.pcap.out +++ b/tests/result/smb_frags.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 159 (159.00 diss/flow) +Num dissector calls: 160 (160.00 diss/flow) SMBv1 8 2763 1 diff --git a/tests/result/smbv1.pcap.out b/tests/result/smbv1.pcap.out index 682276185..21527d258 100644 --- a/tests/result/smbv1.pcap.out +++ b/tests/result/smbv1.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 153 (153.00 diss/flow) +Num dissector calls: 154 (154.00 diss/flow) SMBv1 7 1197 1 diff --git a/tests/result/smtp.pcap.out b/tests/result/smtp.pcap.out index 5bbe595e7..fffce7c9c 100644 --- a/tests/result/smtp.pcap.out +++ b/tests/result/smtp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 208 (208.00 diss/flow) +Num dissector calls: 209 (209.00 diss/flow) SMTP 95 23157 1 diff --git a/tests/result/soap.pcap.out b/tests/result/soap.pcap.out index 8a4d9d1d6..b3b914695 100644 --- a/tests/result/soap.pcap.out +++ b/tests/result/soap.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (3.67 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 364 (121.33 diss/flow) +Num dissector calls: 366 (122.00 diss/flow) Microsoft 1 1506 1 SOAP 19 9442 2 diff --git a/tests/result/socks-http-example.pcap.out b/tests/result/socks-http-example.pcap.out index 0cc599ddd..1da44c57f 100644 --- a/tests/result/socks-http-example.pcap.out +++ b/tests/result/socks-http-example.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 29 (9.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 515 (171.67 diss/flow) +Num dissector calls: 518 (172.67 diss/flow) SOCKS 46 8383 3 diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index ee8e0fb6d..3ccd735df 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 8 (flows) Confidence Match by IP : 5 (flows) Confidence DPI : 39 (flows) -Num dissector calls: 1863 (35.83 diss/flow) +Num dissector calls: 1866 (35.88 diss/flow) DNS 26 2848 7 HTTP 450 294880 19 diff --git a/tests/result/synscan.pcap.out b/tests/result/synscan.pcap.out index 6c6a077c2..4819f90c8 100644 --- a/tests/result/synscan.pcap.out +++ b/tests/result/synscan.pcap.out @@ -104,7 +104,7 @@ iSCSI 2 116 2 43 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 307/iSCSI][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 308/iSCSI][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][ClearText][Confidence: Match by port][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][ClearText][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -165,7 +165,7 @@ iSCSI 2 116 2 104 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 105 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 106 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 107 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 307/iSCSI][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 107 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 308/iSCSI][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 108 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][ClearText][Confidence: Match by port][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 109 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][ClearText][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index 1956bac58..6c5818be4 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 1142 (13.76 diss/flow) +Num dissector calls: 1143 (13.77 diss/flow) Unknown 4 456 1 DNS 10 1357 5 diff --git a/tests/result/telnet.pcap.out b/tests/result/telnet.pcap.out index 03dab2978..b761eb08d 100644 --- a/tests/result/telnet.pcap.out +++ b/tests/result/telnet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 163 (163.00 diss/flow) +Num dissector calls: 164 (164.00 diss/flow) Telnet 87 7418 1 diff --git a/tests/result/threema.pcap.out b/tests/result/threema.pcap.out index c7236de50..8d1b32d8b 100644 --- a/tests/result/threema.pcap.out +++ b/tests/result/threema.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 66 (11.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 4 (flows) -Num dissector calls: 1330 (221.67 diss/flow) +Num dissector calls: 1336 (222.67 diss/flow) Threema 83 11578 6 diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out index 7715e523c..d6efe7059 100644 --- a/tests/result/tinc.pcap.out +++ b/tests/result/tinc.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 19 (9.50 pkts/flow) DPI Packets (UDP): 2 (1.00 pkts/flow) Confidence DPI (cache) : 2 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 556 (139.00 diss/flow) +Num dissector calls: 558 (139.50 diss/flow) TINC 317 352291 4 diff --git a/tests/result/tls-appdata.pcap.out b/tests/result/tls-appdata.pcap.out index c64ac8014..1e4ad61a4 100644 --- a/tests/result/tls-appdata.pcap.out +++ b/tests/result/tls-appdata.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 20 (10.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 123 (61.50 diss/flow) +Num dissector calls: 124 (62.00 diss/flow) Facebook 6 789 1 Twitch 114 119156 1 diff --git a/tests/result/tls_certificate_too_long.pcap.out b/tests/result/tls_certificate_too_long.pcap.out index d14680137..014d50152 100644 --- a/tests/result/tls_certificate_too_long.pcap.out +++ b/tests/result/tls_certificate_too_long.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 33 (flows) -Num dissector calls: 752 (21.49 diss/flow) +Num dissector calls: 755 (21.57 diss/flow) Unknown 13 5582 1 MDNS 5 983 3 diff --git a/tests/result/tls_false_positives.pcapng.out b/tests/result/tls_false_positives.pcapng.out index 952f5ee50..1c461866b 100644 --- a/tests/result/tls_false_positives.pcapng.out +++ b/tests/result/tls_false_positives.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 30 (30.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 410 (410.00 diss/flow) +Num dissector calls: 411 (411.00 diss/flow) Unknown 30 37313 1 diff --git a/tests/result/tls_invalid_reads.pcap.out b/tests/result/tls_invalid_reads.pcap.out index 837c43721..20c96b8e7 100644 --- a/tests/result/tls_invalid_reads.pcap.out +++ b/tests/result/tls_invalid_reads.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 10 (3.33 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 143 (47.67 diss/flow) +Num dissector calls: 144 (48.00 diss/flow) TLS 7 1827 1 Crashlytics 3 560 1 diff --git a/tests/result/tls_missing_ch_frag.pcap.out b/tests/result/tls_missing_ch_frag.pcap.out index b350a2d18..cd8934d6d 100644 --- a/tests/result/tls_missing_ch_frag.pcap.out +++ b/tests/result/tls_missing_ch_frag.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) TLS 14 10082 1 diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 51e4ab2e1..ab7e1275a 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 703 (24.24 diss/flow) +Num dissector calls: 704 (24.28 diss/flow) DNS 8 1267 4 MDNS 4 412 1 diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out index 593745647..302a2846f 100644 --- a/tests/result/vnc.pcap.out +++ b/tests/result/vnc.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (5.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 280 (140.00 diss/flow) +Num dissector calls: 282 (141.00 diss/flow) VNC 4551 329158 2 diff --git a/tests/result/wa_video.pcap.out b/tests/result/wa_video.pcap.out index 83aae9e27..535df00f9 100644 --- a/tests/result/wa_video.pcap.out +++ b/tests/result/wa_video.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 33 (33.00 pkts/flow) DPI Packets (UDP): 13 (1.00 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 13 (flows) -Num dissector calls: 530 (37.86 diss/flow) +Num dissector calls: 531 (37.93 diss/flow) SSDP 8 1377 3 DHCP 2 684 1 diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 78e6cced9..c7f327ac7 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 9 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 890 (26.97 diss/flow) +Num dissector calls: 891 (27.00 diss/flow) Unknown 10 786 1 HTTP 65 64777 8 diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 15b2e5c9f..638295fc2 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Match by port : 17 (flows) Confidence Match by IP : 8 (flows) Confidence DPI : 78 (flows) -Num dissector calls: 1531 (14.86 diss/flow) +Num dissector calls: 1532 (14.87 diss/flow) DNS 13 1075 8 HTTP 70 4620 8 diff --git a/tests/result/whatsapp.pcap.out b/tests/result/whatsapp.pcap.out index 3910b36f3..adef2b112 100644 --- a/tests/result/whatsapp.pcap.out +++ b/tests/result/whatsapp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 344 (4.00 pkts/flow) Confidence DPI : 86 (flows) -Num dissector calls: 13072 (152.00 diss/flow) +Num dissector calls: 13158 (153.00 diss/flow) WhatsApp 679 96293 86 diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 7d0187c55..ad80872b4 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 25 (8.33 pkts/flow) DPI Packets (UDP): 7 (1.17 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 315 (35.00 diss/flow) +Num dissector calls: 316 (35.11 diss/flow) MDNS 2 202 2 DHCP 6 2052 1 diff --git a/tests/result/whois.pcapng.out b/tests/result/whois.pcapng.out index 7050cd29a..7ab41402e 100644 --- a/tests/result/whois.pcapng.out +++ b/tests/result/whois.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 16 (5.33 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 215 (71.67 diss/flow) +Num dissector calls: 216 (72.00 diss/flow) TLS 7 2046 1 Whois-DAS 16 4294 2 diff --git a/tests/result/z3950.pcapng.out b/tests/result/z3950.pcapng.out index afd8f62d6..af811f34e 100644 --- a/tests/result/z3950.pcapng.out +++ b/tests/result/z3950.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 494 (247.00 diss/flow) +Num dissector calls: 496 (248.00 diss/flow) Z3950 31 6308 2 diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index b38968a2f..0768a705a 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 25 (1.47 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 31 (flows) -Num dissector calls: 941 (28.52 diss/flow) +Num dissector calls: 943 (28.58 diss/flow) DNS 2 205 1 MDNS 1 87 1 diff --git a/utils/asn_update.sh b/utils/asn_update.sh index 8e7aa7cea..9c716147c 100755 --- a/utils/asn_update.sh +++ b/utils/asn_update.sh @@ -144,6 +144,11 @@ DEST=../src/lib/inc_generated/ndpi_asn_alibaba.c.inc create_list NDPI_PROTOCOL_ALIBABA $DEST "AS134963" echo "(3) AliBaba IPs are available in $DEST" +echo "(1) Downloading AVAST..." +DEST=../src/lib/inc_generated/ndpi_asn_avast.c.inc +create_list NDPI_PROTOCOL_AVAST $DEST "AS198605" +echo "(3) AVAST IPs are available in $DEST" + if [ ${TOTAL_ASN} -eq ${FAILED_ASN} ]; then printf '%s: %s\n' "${0}" "All download(s) failed, ./get_routes_by_asn.sh broken?" exit 1 |