diff options
232 files changed, 284 insertions, 264 deletions
diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 70107cae9..e591f3eda 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -107,20 +107,11 @@ #define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) #define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - /* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ #define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) #define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) #define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - #define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) #define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) #define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) diff --git a/src/lib/inc_generated/ndpi_whatsapp_match.c.inc b/src/lib/inc_generated/ndpi_whatsapp_match.c.inc index 4b5651f13..c19098f48 100644 --- a/src/lib/inc_generated/ndpi_whatsapp_match.c.inc +++ b/src/lib/inc_generated/ndpi_whatsapp_match.c.inc @@ -21,8 +21,11 @@ static ndpi_network ndpi_protocol_whatsapp_protocol_list[] = { - { 0x1F0D4033 /* 31.13.64.51/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, - { 0x1F0D4035 /* 31.13.64.53/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x0321DD30 /* 3.33.221.48/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x0321FC3D /* 3.33.252.61/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x0FC5CED9 /* 15.197.206.217/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x0FC5D2D0 /* 15.197.210.208/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x1F0D403C /* 31.13.64.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4131 /* 31.13.65.49/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4132 /* 31.13.65.50/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4233 /* 31.13.66.51/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, @@ -201,6 +204,38 @@ static ndpi_network ndpi_protocol_whatsapp_protocol_list[] = { { 0x9DF0FC3C /* 157.240.252.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, { 0x9DF0FD3C /* 157.240.253.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, { 0x9DF0FE3C /* 157.240.254.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346803C /* 163.70.128.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346813C /* 163.70.129.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346823C /* 163.70.130.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346833C /* 163.70.131.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346843C /* 163.70.132.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346853C /* 163.70.133.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346863C /* 163.70.134.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346873C /* 163.70.135.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346883C /* 163.70.136.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346893C /* 163.70.137.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468A3C /* 163.70.138.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468B3C /* 163.70.139.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468C3C /* 163.70.140.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468D3C /* 163.70.141.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468E3C /* 163.70.142.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468F3C /* 163.70.143.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346903C /* 163.70.144.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346913C /* 163.70.145.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346923C /* 163.70.146.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346933C /* 163.70.147.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346943C /* 163.70.148.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346953C /* 163.70.149.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346963C /* 163.70.150.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346973C /* 163.70.151.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346983C /* 163.70.152.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346993C /* 163.70.153.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469A3C /* 163.70.154.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469B3C /* 163.70.155.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469C3C /* 163.70.156.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469D3C /* 163.70.157.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469E3C /* 163.70.158.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469F3C /* 163.70.159.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, { 0xB33CC031 /* 179.60.192.49/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0xB33CC033 /* 179.60.192.51/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0xB33CC13C /* 179.60.193.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5f6ff9aa5..9337d003f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6383,8 +6383,10 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct flow->tree_risk_checked = 1; } - /* It is common to not trigger any dissectors for pure TCP ACK packets */ - if(num_calls == 0 && packet->payload_packet_len != 0) + /* It is common to don't trigger any dissectors for pure TCP ACKs + and for for retransmissions */ + if(num_calls == 0 && + (packet->tcp_retransmission == 0 && packet->payload_packet_len != 0)) flow->fail_with_unknown = 1; flow->num_dissector_calls += num_calls; diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c index 297d180bc..b6ddb78ee 100644 --- a/src/lib/protocols/aimini.c +++ b/src/lib/protocols/aimini.c @@ -262,7 +262,7 @@ void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ndpi_set_bitmask_protocol_detection("Aimini", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AIMINI, ndpi_search_aimini, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c index 0afe8736b..f2a9ec920 100644 --- a/src/lib/protocols/ajp.c +++ b/src/lib/protocols/ajp.c @@ -139,7 +139,7 @@ void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, { ndpi_set_bitmask_protocol_detection("AJP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AJP, ndpi_search_ajp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/amazon_video.c b/src/lib/protocols/amazon_video.c index 6250962bd..afe1e2095 100644 --- a/src/lib/protocols/amazon_video.c +++ b/src/lib/protocols/amazon_video.c @@ -71,7 +71,7 @@ void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struc ndpi_set_bitmask_protocol_detection("AMAZON_VIDEO", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AMAZON_VIDEO, ndpi_search_amazon_video, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c index 082df1a10..890c113b6 100644 --- a/src/lib/protocols/amqp.c +++ b/src/lib/protocols/amqp.c @@ -78,7 +78,7 @@ void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("AMQP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AMQP, ndpi_search_amqp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c index fab5dc85f..04fa11a80 100644 --- a/src/lib/protocols/apple_push.c +++ b/src/lib/protocols/apple_push.c @@ -100,7 +100,7 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("APPLE_PUSH", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_APPLE_PUSH, ndpi_search_apple_push, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 435dc1089..505f2ad16 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -477,8 +477,6 @@ static void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_str } if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_BITTORRENT) { - /* check for tcp retransmission here */ - if(packet->tcp != NULL) { ndpi_int_search_bittorrent_tcp(ndpi_struct, flow); } else if(packet->udp != NULL) { diff --git a/src/lib/protocols/cassandra.c b/src/lib/protocols/cassandra.c index 058590ba9..154882f81 100644 --- a/src/lib/protocols/cassandra.c +++ b/src/lib/protocols/cassandra.c @@ -142,7 +142,7 @@ void init_cassandra_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id, NDPI_PROTOCOL_CASSANDRA, ndpi_search_cassandra, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c index a356dd6cf..d33fedbef 100644 --- a/src/lib/protocols/ciscovpn.c +++ b/src/lib/protocols/ciscovpn.c @@ -75,7 +75,7 @@ void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u ndpi_set_bitmask_protocol_detection("CiscoVPN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CISCOVPN, ndpi_search_ciscovpn, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 404f447e6..e11498c51 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -717,7 +717,7 @@ void init_directdownloadlink_dissector(struct ndpi_detection_module_struct *ndpi ndpi_set_bitmask_protocol_detection("Direct_Download_Link", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_search_direct_download_link_tcp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/dnscrypt.c b/src/lib/protocols/dnscrypt.c index 1480abd62..3191c305b 100644 --- a/src/lib/protocols/dnscrypt.c +++ b/src/lib/protocols/dnscrypt.c @@ -71,7 +71,7 @@ void init_dnscrypt_dissector(struct ndpi_detection_module_struct *ndpi_struct, u { ndpi_set_bitmask_protocol_detection( "DNScrypt", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_DNSCRYPT, ndpi_search_dnscrypt, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_PROTOCOL_DNSCRYPT, ndpi_search_dnscrypt, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; } diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 5dfb9b6bd..54ccbbeca 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -165,11 +165,6 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, return; } - if(payload_len == 0) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; - } - /* Check if we so far detected the protocol in the request or not. */ if(flow->edonkey_stage == 0) { NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage 0: \n"); @@ -218,7 +213,7 @@ void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("eDonkey", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_EDONKEY, ndpi_search_edonkey, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index c52ddb0f6..8cb819448 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -122,7 +122,7 @@ void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("H323", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_H323, ndpi_search_h323, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index 35ca5c630..3c463bbc6 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -129,7 +129,7 @@ void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("GoogleHangout", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_HANGOUT_DUO, ndpi_search_hangout, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, /* TODO: IPv6? */ + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, /* TODO: IPv6? */ SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index dd63c27a4..6e2cf924b 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1470,7 +1470,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("HTTP",ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_HTTP, ndpi_search_http_tcp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index c8dac6b48..fa7ecaa2b 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -92,7 +92,7 @@ void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("IceCast", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_ICECAST, ndpi_search_icecast_tcp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/memcached.c b/src/lib/protocols/memcached.c index 6c8514f76..fa988bf3e 100644 --- a/src/lib/protocols/memcached.c +++ b/src/lib/protocols/memcached.c @@ -185,7 +185,7 @@ void init_memcached_dissector( ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MEMCACHED, ndpi_search_memcached, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/mongodb.c b/src/lib/protocols/mongodb.c index 1f09efd63..1f1619141 100644 --- a/src/lib/protocols/mongodb.c +++ b/src/lib/protocols/mongodb.c @@ -150,7 +150,7 @@ void init_mongodb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("MongoDB", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MONGODB, ndpi_search_mongodb, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index 4d6773abe..25594ad33 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -268,7 +268,7 @@ void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection ("MQTT", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MQTT, ndpi_search_mqtt, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id +=1; } diff --git a/src/lib/protocols/nest_log_sink.c b/src/lib/protocols/nest_log_sink.c index 2f6a9f7a9..01bce9e64 100644 --- a/src/lib/protocols/nest_log_sink.c +++ b/src/lib/protocols/nest_log_sink.c @@ -71,7 +71,7 @@ void init_nest_log_sink_dissector( ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_NEST_LOG_SINK, ndpi_search_nest_log_sink, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ookla.c b/src/lib/protocols/ookla.c index 968f3e1c8..5f4c170bf 100644 --- a/src/lib/protocols/ookla.c +++ b/src/lib/protocols/ookla.c @@ -141,7 +141,7 @@ void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("Ookla", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_OOKLA, ndpi_search_ookla, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c index 4a7c6567d..0ecef5cc8 100644 --- a/src/lib/protocols/openvpn.c +++ b/src/lib/protocols/openvpn.c @@ -181,7 +181,7 @@ void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("OpenVPN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_OPENVPN, ndpi_search_openvpn, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c index 069991feb..b5af62e5c 100644 --- a/src/lib/protocols/ppstream.c +++ b/src/lib/protocols/ppstream.c @@ -228,7 +228,7 @@ void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u ndpi_set_bitmask_protocol_detection("PPStream", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_PPSTREAM, ndpi_search_ppstream, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c index eb4a7ce79..be0fb48ce 100644 --- a/src/lib/protocols/rtcp.c +++ b/src/lib/protocols/rtcp.c @@ -76,7 +76,7 @@ void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("RTCP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_RTCP, ndpi_search_rtcp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 0e08157ff..c6a8b1f26 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -109,7 +109,7 @@ void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("RTSP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_RTSP, ndpi_search_rtsp_tcp_udp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/soap.c b/src/lib/protocols/soap.c index 8ba885974..a2504f15c 100644 --- a/src/lib/protocols/soap.c +++ b/src/lib/protocols/soap.c @@ -89,7 +89,7 @@ void init_soap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int { ndpi_set_bitmask_protocol_detection( "SOAP", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_SOAP, ndpi_search_soap, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_PROTOCOL_SOAP, ndpi_search_soap, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; } diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index c99e8d27c..6409f175d 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -207,7 +207,7 @@ void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SOMEIP, ndpi_search_someip, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id +=1; } diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index b4f36ef94..789e662e1 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -217,7 +217,7 @@ void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("Sopcast", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SOPCAST, ndpi_search_sopcast, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index 5d35260a6..3a2c47db5 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -304,7 +304,7 @@ void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("Steam", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STEAM, ndpi_search_steam, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index cadd9f983..6dfe89f75 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -65,7 +65,7 @@ void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("TeamSpeak", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TEAMSPEAK, ndpi_search_teamspeak, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index 53b78f8a4..b40f6d1fc 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -110,7 +110,7 @@ void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("TeamViewer", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TEAMVIEWER, ndpi_search_teamview, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index d4f660374..93c308304 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -49,9 +49,6 @@ void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "search telegram\n"); - if(packet->payload_packet_len == 0) - return; - if(packet->tcp != NULL) { if(packet->payload_packet_len > 56) { u_int16_t dport = ntohs(packet->tcp->dest); @@ -112,7 +109,7 @@ void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u ndpi_set_bitmask_protocol_detection("Telegram", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TELEGRAM, ndpi_search_telegram, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c index 24c1d870c..3843c153b 100644 --- a/src/lib/protocols/tvuplayer.c +++ b/src/lib/protocols/tvuplayer.c @@ -152,7 +152,7 @@ void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("TVUplayer", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TVUPLAYER, ndpi_search_tvuplayer, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ultrasurf.c b/src/lib/protocols/ultrasurf.c index a0c7cdd4e..cac25f84e 100644 --- a/src/lib/protocols/ultrasurf.c +++ b/src/lib/protocols/ultrasurf.c @@ -63,7 +63,7 @@ void init_ultrasurf_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("UltraSurf", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_ULTRASURF, ndpi_search_ultrasurf, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK ); diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index dd9e3a6bc..22311d157 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -97,7 +97,7 @@ void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("Warcraft3", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_WARCRAFT3, ndpi_search_warcraft3, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/websocket.c b/src/lib/protocols/websocket.c index eef20ade5..e009e7916 100644 --- a/src/lib/protocols/websocket.c +++ b/src/lib/protocols/websocket.c @@ -122,8 +122,8 @@ void init_websocket_dissector(struct ndpi_detection_module_struct *ndpi_struct, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("WEBSOCKET", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_WEBSOCKET, - ndpi_search_websocket, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + ndpi_search_websocket, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; } diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 74d3d7bbe..dc7d1ae5a 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -223,7 +223,7 @@ void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ndpi_set_bitmask_protocol_detection("Zattoo", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_ZATTOO, ndpi_search_zattoo, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index e5e3c3b70..cdded4f70 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -6,7 +6,7 @@ Confidence Unknown : 14 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 5061 (25.69 diss/flow) +Num dissector calls: 4718 (23.95 diss/flow) Unknown 24 6428 14 DNS 2 378 1 diff --git a/tests/result/443-curl.pcap.out b/tests/result/443-curl.pcap.out index a38f274f6..97bca3d27 100644 --- a/tests/result/443-curl.pcap.out +++ b/tests/result/443-curl.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) ntop 109 73982 1 diff --git a/tests/result/443-firefox.pcap.out b/tests/result/443-firefox.pcap.out index 8cc96a945..76a365461 100644 --- a/tests/result/443-firefox.pcap.out +++ b/tests/result/443-firefox.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) ntop 667 458067 1 diff --git a/tests/result/443-git.pcap.out b/tests/result/443-git.pcap.out index be0013599..add346cbd 100644 --- a/tests/result/443-git.pcap.out +++ b/tests/result/443-git.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) Github 70 37189 1 diff --git a/tests/result/443-opvn.pcap.out b/tests/result/443-opvn.pcap.out index 7cace9a61..9e2283972 100644 --- a/tests/result/443-opvn.pcap.out +++ b/tests/result/443-opvn.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 136 (136.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) OpenVPN 46 11573 1 diff --git a/tests/result/443-safari.pcap.out b/tests/result/443-safari.pcap.out index 86f296621..a3724c94e 100644 --- a/tests/result/443-safari.pcap.out +++ b/tests/result/443-safari.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) ntop 41 19929 1 diff --git a/tests/result/4in6tunnel.pcap.out b/tests/result/4in6tunnel.pcap.out index 08f1f609d..61c691c7a 100644 --- a/tests/result/4in6tunnel.pcap.out +++ b/tests/result/4in6tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 11 (11.00 diss/flow) +Num dissector calls: 3 (3.00 diss/flow) Microsoft 4 2188 1 diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 5c3f5c298..2139dbc12 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 27 (5.40 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) DPI Packets (other): 3 (1.00 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 58 (5.80 diss/flow) +Num dissector calls: 28 (2.80 diss/flow) HTTP 10 1792 1 IMAPS 4 516 2 diff --git a/tests/result/BGP_Cisco_hdlc_slarp.pcap.out b/tests/result/BGP_Cisco_hdlc_slarp.pcap.out index cdfc3f56a..b181c1495 100644 --- a/tests/result/BGP_Cisco_hdlc_slarp.pcap.out +++ b/tests/result/BGP_Cisco_hdlc_slarp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) BGP 14 969 1 diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index 9c79dfd58..86bbf97c2 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 116 (4.00 pkts/flow) Confidence DPI : 31 (flows) -Num dissector calls: 4044 (130.45 diss/flow) +Num dissector calls: 4022 (129.74 diss/flow) Google 23 11743 2 EAQ 174 10092 29 diff --git a/tests/result/IEC104.pcap.out b/tests/result/IEC104.pcap.out index 2c12494ad..20d7802ba 100644 --- a/tests/result/IEC104.pcap.out +++ b/tests/result/IEC104.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 14 (7.00 diss/flow) +Num dissector calls: 4 (2.00 diss/flow) IEC60870 15 1431 2 diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 2c9402465..677e10332 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 33 (flows) -Num dissector calls: 881 (23.18 diss/flow) +Num dissector calls: 671 (17.66 diss/flow) DNS 2 217 1 HTTP 1 56 1 diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index a0843f09b..ce63bc860 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 6 (1.20 pkts/flow) Confidence Match by port : 4 (flows) Confidence Match by IP : 5 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 1003 (50.15 diss/flow) +Num dissector calls: 877 (43.85 diss/flow) HTTP 5 280 1 QQ 15 1727 1 diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out index f64b48bb9..554696431 100644 --- a/tests/result/Oscar.pcap.out +++ b/tests/result/Oscar.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 353 (353.00 diss/flow) +Num dissector calls: 339 (339.00 diss/flow) TLS 71 9386 1 diff --git a/tests/result/WebattackSQLinj.pcap.out b/tests/result/WebattackSQLinj.pcap.out index 3414f7742..cabaa5b5e 100644 --- a/tests/result/WebattackSQLinj.pcap.out +++ b/tests/result/WebattackSQLinj.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 54 (6.00 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 261 (29.00 diss/flow) +Num dissector calls: 162 (18.00 diss/flow) HTTP 94 30008 9 diff --git a/tests/result/WebattackXSS.pcap.out b/tests/result/WebattackXSS.pcap.out index 4840014f8..cab0c951c 100644 --- a/tests/result/WebattackXSS.pcap.out +++ b/tests/result/WebattackXSS.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 639 DPI Packets (TCP): 3972 (6.01 pkts/flow) Confidence Match by port : 639 (flows) Confidence DPI : 22 (flows) -Num dissector calls: 17276 (26.14 diss/flow) +Num dissector calls: 4236 (6.41 diss/flow) HTTP 9374 4721148 661 diff --git a/tests/result/aimini-http.pcap.out b/tests/result/aimini-http.pcap.out index f4f6aed31..baf6d391f 100644 --- a/tests/result/aimini-http.pcap.out +++ b/tests/result/aimini-http.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 36 (9.00 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 148 (37.00 diss/flow) +Num dissector calls: 92 (23.00 diss/flow) Aimini 133 86722 4 diff --git a/tests/result/ajp.pcap.out b/tests/result/ajp.pcap.out index e8fa2ea1b..c86827bab 100644 --- a/tests/result/ajp.pcap.out +++ b/tests/result/ajp.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 8 (4.00 pkts/flow) DPI Packets (other): 6 (3.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 30 (7.50 diss/flow) +Num dissector calls: 8 (2.00 diss/flow) Unknown 6 2200 2 AJP 26 4446 2 diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out index c0b7c59a6..95a906aef 100644 --- a/tests/result/alexa-app.pcapng.out +++ b/tests/result/alexa-app.pcapng.out @@ -6,7 +6,7 @@ DPI Packets (other): 6 (1.00 pkts/flow) Confidence Match by port : 5 (flows) Confidence Match by IP : 9 (flows) Confidence DPI : 146 (flows) -Num dissector calls: 2330 (14.56 diss/flow) +Num dissector calls: 924 (5.78 diss/flow) DNS 4 400 2 DHCP 3 1056 2 diff --git a/tests/result/alicloud.pcap.out b/tests/result/alicloud.pcap.out index 8fa037a52..fe9c7b905 100644 --- a/tests/result/alicloud.pcap.out +++ b/tests/result/alicloud.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 60 (4.00 pkts/flow) Confidence DPI : 15 (flows) -Num dissector calls: 1995 (133.00 diss/flow) +Num dissector calls: 1860 (124.00 diss/flow) AliCloud 225 22986 15 diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out index 18dce600d..69b3696a2 100644 --- a/tests/result/amqp.pcap.out +++ b/tests/result/amqp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 9 (3.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 402 (134.00 diss/flow) +Num dissector calls: 399 (133.00 diss/flow) AMQP 160 23514 3 diff --git a/tests/result/android.pcap.out b/tests/result/android.pcap.out index beaf7ffe0..b04c6e549 100644 --- a/tests/result/android.pcap.out +++ b/tests/result/android.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 52 (1.68 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Match by IP : 3 (flows) Confidence DPI : 60 (flows) -Num dissector calls: 600 (9.52 diss/flow) +Num dissector calls: 348 (5.52 diss/flow) DNS 4 390 2 MDNS 2 174 2 diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 859a229bf..80b9a264f 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 2 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 61 (flows) -Num dissector calls: 1171 (16.97 diss/flow) +Num dissector calls: 971 (14.07 diss/flow) Unknown 19 1054 2 DNS 32 3655 16 diff --git a/tests/result/anydesk-2.pcap.out b/tests/result/anydesk-2.pcap.out index 4d9b88a10..9566b99e1 100644 --- a/tests/result/anydesk-2.pcap.out +++ b/tests/result/anydesk-2.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 13 (6.50 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 36 (9.00 diss/flow) +Num dissector calls: 14 (3.50 diss/flow) AnyDesk 2083 346113 4 diff --git a/tests/result/anydesk.pcap.out b/tests/result/anydesk.pcap.out index 5c167e2da..d131ccc0d 100644 --- a/tests/result/anydesk.pcap.out +++ b/tests/result/anydesk.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 21 (10.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 20 (10.00 diss/flow) +Num dissector calls: 9 (4.50 diss/flow) AnyDesk 6963 2795460 2 diff --git a/tests/result/avast.pcap.out b/tests/result/avast.pcap.out index 436839a3e..53f70c6ac 100644 --- a/tests/result/avast.pcap.out +++ b/tests/result/avast.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 40 (4.00 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 1340 (134.00 diss/flow) +Num dissector calls: 1250 (125.00 diss/flow) AVAST 142 9433 10 diff --git a/tests/result/bot.pcap.out b/tests/result/bot.pcap.out index 3479fe143..85526c4b6 100644 --- a/tests/result/bot.pcap.out +++ b/tests/result/bot.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) Azure 402 431124 1 diff --git a/tests/result/cachefly.pcapng.out b/tests/result/cachefly.pcapng.out index a1d8613d5..95f8dff37 100644 --- a/tests/result/cachefly.pcapng.out +++ b/tests/result/cachefly.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 7 (7.00 diss/flow) +Num dissector calls: 2 (2.00 diss/flow) Cachefly 6 6163 1 diff --git a/tests/result/cassandra.pcap.out b/tests/result/cassandra.pcap.out index c6a679059..8153a9a2a 100644 --- a/tests/result/cassandra.pcap.out +++ b/tests/result/cassandra.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 30 (15.00 diss/flow) +Num dissector calls: 8 (4.00 diss/flow) Cassandra 286 126016 2 diff --git a/tests/result/check_mk_new.pcap.out b/tests/result/check_mk_new.pcap.out index 12feec0f2..192583e2c 100644 --- a/tests/result/check_mk_new.pcap.out +++ b/tests/result/check_mk_new.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) CHECKMK 98 20242 1 diff --git a/tests/result/chrome.pcap.out b/tests/result/chrome.pcap.out index 5c6bd80ca..68322711e 100644 --- a/tests/result/chrome.pcap.out +++ b/tests/result/chrome.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 36 (6.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 90 (15.00 diss/flow) +Num dissector calls: 24 (4.00 diss/flow) TLS 5633 4985157 6 diff --git a/tests/result/citrix.pcap.out b/tests/result/citrix.pcap.out index 7f02a3e74..f769ea0b3 100644 --- a/tests/result/citrix.pcap.out +++ b/tests/result/citrix.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) Citrix 100 11332 1 diff --git a/tests/result/cloudflare-warp.pcap.out b/tests/result/cloudflare-warp.pcap.out index dbb87fc7c..d42f35ee5 100644 --- a/tests/result/cloudflare-warp.pcap.out +++ b/tests/result/cloudflare-warp.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (TCP): 41 (5.12 pkts/flow) Confidence Match by IP : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 287 (35.88 diss/flow) +Num dissector calls: 201 (25.12 diss/flow) Jabber 11 890 1 Google 8 476 3 diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index ace83cad9..4912d5c6b 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (1.75 pkts/flow) DPI Packets (UDP): 12 (1.00 pkts/flow) Confidence DPI : 16 (flows) -Num dissector calls: 361 (22.56 diss/flow) +Num dissector calls: 351 (21.94 diss/flow) COAP 19 1614 8 Dropbox 800 80676 4 diff --git a/tests/result/corba.pcap.out b/tests/result/corba.pcap.out index 73ea64b1c..75fe7c3a5 100644 --- a/tests/result/corba.pcap.out +++ b/tests/result/corba.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (4.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 264 (88.00 diss/flow) +Num dissector calls: 234 (78.00 diss/flow) Corba 22 3681 3 diff --git a/tests/result/dazn.pcapng.out b/tests/result/dazn.pcapng.out index ddf8fb043..f6a0d2f3c 100644 --- a/tests/result/dazn.pcapng.out +++ b/tests/result/dazn.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (4.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 33 (11.00 diss/flow) +Num dissector calls: 9 (3.00 diss/flow) Dazn 12 6675 3 diff --git a/tests/result/discord.pcap.out b/tests/result/discord.pcap.out index 3c01e6653..dad3dc256 100644 --- a/tests/result/discord.pcap.out +++ b/tests/result/discord.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 11 (11.00 diss/flow) +Num dissector calls: 3 (3.00 diss/flow) Discord 7 3708 1 diff --git a/tests/result/dnp3.pcap.out b/tests/result/dnp3.pcap.out index ece43267b..a5953c0d1 100644 --- a/tests/result/dnp3.pcap.out +++ b/tests/result/dnp3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 80 (10.00 pkts/flow) Confidence DPI : 8 (flows) -Num dissector calls: 248 (31.00 diss/flow) +Num dissector calls: 64 (8.00 diss/flow) DNP3 543 38754 8 diff --git a/tests/result/dns_doh.pcap.out b/tests/result/dns_doh.pcap.out index eb8a008e5..940c845ed 100644 --- a/tests/result/dns_doh.pcap.out +++ b/tests/result/dns_doh.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) DoH_DoT 142 20362 1 diff --git a/tests/result/dns_dot.pcap.out b/tests/result/dns_dot.pcap.out index 12f211a7e..5025fd76b 100644 --- a/tests/result/dns_dot.pcap.out +++ b/tests/result/dns_dot.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 17 (17.00 diss/flow) +Num dissector calls: 6 (6.00 diss/flow) DoH_DoT 24 5869 1 diff --git a/tests/result/dns_fragmented.pcap.out b/tests/result/dns_fragmented.pcap.out index 61790c607..b516632a1 100644 --- a/tests/result/dns_fragmented.pcap.out +++ b/tests/result/dns_fragmented.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 39 (2.05 pkts/flow) Confidence DPI : 21 (flows) -Num dissector calls: 45 (2.14 diss/flow) +Num dissector calls: 24 (1.14 diss/flow) DNS 53 16888 18 Google 6 4807 3 diff --git a/tests/result/drda_db2.pcap.out b/tests/result/drda_db2.pcap.out index c6660f3e1..59df805da 100644 --- a/tests/result/drda_db2.pcap.out +++ b/tests/result/drda_db2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 100 (100.00 diss/flow) +Num dissector calls: 91 (91.00 diss/flow) DRDA 38 6691 1 diff --git a/tests/result/emotet.pcap.out b/tests/result/emotet.pcap.out index 06a71411f..b977c39a4 100644 --- a/tests/result/emotet.pcap.out +++ b/tests/result/emotet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 48 (8.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 281 (46.83 diss/flow) +Num dissector calls: 216 (36.00 diss/flow) SMTP 626 438465 1 HTTP 1601 1581542 3 diff --git a/tests/result/ethereum.pcap.out b/tests/result/ethereum.pcap.out index 897de8459..97bfb4079 100644 --- a/tests/result/ethereum.pcap.out +++ b/tests/result/ethereum.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 18 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence Match by IP : 2 (flows) Confidence DPI : 71 (flows) -Num dissector calls: 1353 (18.28 diss/flow) +Num dissector calls: 755 (10.20 diss/flow) Mining 1997 215877 72 AmazonAWS 1 78 1 diff --git a/tests/result/exe_download.pcap.out b/tests/result/exe_download.pcap.out index 9fb6e10be..fb879a854 100644 --- a/tests/result/exe_download.pcap.out +++ b/tests/result/exe_download.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) HTTP 703 717463 1 diff --git a/tests/result/exe_download_as_png.pcap.out b/tests/result/exe_download_as_png.pcap.out index d175c0c1e..6f8b16833 100644 --- a/tests/result/exe_download_as_png.pcap.out +++ b/tests/result/exe_download_as_png.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) HTTP 534 529449 1 diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out index d2b670da2..a9dd8ffc6 100644 --- a/tests/result/facebook.pcap.out +++ b/tests/result/facebook.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 16 (8.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 30 (15.00 diss/flow) +Num dissector calls: 8 (4.00 diss/flow) Facebook 60 30511 2 diff --git a/tests/result/firefox.pcap.out b/tests/result/firefox.pcap.out index 72941a642..a0392b3e2 100644 --- a/tests/result/firefox.pcap.out +++ b/tests/result/firefox.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 36 (6.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 90 (15.00 diss/flow) +Num dissector calls: 24 (4.00 diss/flow) TLS 5441 4952732 6 diff --git a/tests/result/fix2.pcap.out b/tests/result/fix2.pcap.out index fd7102646..33107cd28 100644 --- a/tests/result/fix2.pcap.out +++ b/tests/result/fix2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 206 (103.00 diss/flow) +Num dissector calls: 188 (94.00 diss/flow) FIX 3046 246540 2 diff --git a/tests/result/forticlient.pcap.out b/tests/result/forticlient.pcap.out index 6b94d82a7..aad8f1377 100644 --- a/tests/result/forticlient.pcap.out +++ b/tests/result/forticlient.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 35 (7.00 pkts/flow) Confidence DPI (cache) : 4 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 85 (17.00 diss/flow) +Num dissector calls: 30 (6.00 diss/flow) FortiClient 2000 430931 5 diff --git a/tests/result/ftp-start-tls.pcap.out b/tests/result/ftp-start-tls.pcap.out index ef8df8bc4..c6defa83e 100644 --- a/tests/result/ftp-start-tls.pcap.out +++ b/tests/result/ftp-start-tls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 177 (177.00 diss/flow) +Num dissector calls: 155 (155.00 diss/flow) FTP_CONTROL 51 7510 1 diff --git a/tests/result/ftp.pcap.out b/tests/result/ftp.pcap.out index 46fb28a46..0bc84ee63 100644 --- a/tests/result/ftp.pcap.out +++ b/tests/result/ftp.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 49 (16.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 692 (230.67 diss/flow) +Num dissector calls: 645 (215.00 diss/flow) Unknown 1115 1122198 1 FTP_CONTROL 68 5571 1 diff --git a/tests/result/ftp_failed.pcap.out b/tests/result/ftp_failed.pcap.out index 3944a87a0..bc24fb766 100644 --- a/tests/result/ftp_failed.pcap.out +++ b/tests/result/ftp_failed.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 161 (161.00 diss/flow) +Num dissector calls: 150 (150.00 diss/flow) FTP_CONTROL 18 1700 1 diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out index dd3ea0e5c..8a53c2ee7 100644 --- a/tests/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5279 (21.03 diss/flow) +Num dissector calls: 5226 (20.82 diss/flow) Unknown 30 3356 30 FTP_CONTROL 36 2569 12 diff --git a/tests/result/fuzz-2006-09-29-28586.pcap.out b/tests/result/fuzz-2006-09-29-28586.pcap.out index 6bb45d9af..0c85a5bfc 100644 --- a/tests/result/fuzz-2006-09-29-28586.pcap.out +++ b/tests/result/fuzz-2006-09-29-28586.pcap.out @@ -1,12 +1,12 @@ -Guessed flow protos: 35 +Guessed flow protos: 36 -DPI Packets (TCP): 109 (2.79 pkts/flow) +DPI Packets (TCP): 110 (2.82 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 3 (flows) -Confidence Match by port : 23 (flows) +Confidence Match by port : 24 (flows) Confidence Match by IP : 2 (flows) -Confidence DPI : 12 (flows) -Num dissector calls: 1238 (30.95 diss/flow) +Confidence DPI : 11 (flows) +Num dissector calls: 1048 (26.20 diss/flow) Unknown 3 655 3 HTTP 116 27378 35 @@ -16,7 +16,7 @@ AmazonAWS 1 477 1 1 TCP 172.20.3.5:2601 <-> 172.20.3.13:80 [proto: 7/HTTP][ClearText][Confidence: Match by port][cat: Web/5][9 pkts/6343 bytes <-> 4 pkts/409 bytes][Goodput ratio: 92/46][11.25 sec][bytes ratio: 0.879 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/104 67/128 469/152 164/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 705/102 1514/243 721/81][PLAIN TEXT (POST /servlets/mms HTTP/1.1)][Plen Bins: 16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0] 2 TCP 172.20.3.5:2606 <-> 172.20.3.13:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][8 pkts/2287 bytes <-> 5 pkts/2963 bytes][Goodput ratio: 80/91][11.18 sec][Hostname/SNI: 172.20.3.13][bytes ratio: -0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/58 177/172 83/81][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 286/593 1514/1514 478/662][URL: 172.20.3.13/servlets/mms?message-id=189301][StatusCode: 0][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 172.20.3.13][PLAIN TEXT (GET /servlets/mms)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,50,0,0] 3 TCP 172.20.3.5:2604 <-> 172.20.3.13:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][5 pkts/1754 bytes <-> 4 pkts/583 bytes][Goodput ratio: 83/62][11.17 sec][Hostname/SNI: 172.20.3.13][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 307/81 2793/3724 10864/10997 4662/5143][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 351/146 1514/417 582/157][URL: 172.20.3.13/servlets/mms?message-id=189001][StatusCode: 200][User-Agent: SonyEricssonT68/R201A][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 172.20.3.13][PLAIN TEXT (GET /servlets/mms)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 4 TCP 172.20.3.13:53132 <-> 172.20.3.5:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][9 pkts/1650 bytes <-> 4 pkts/240 bytes][Goodput ratio: 70/0][5.14 sec][Hostname/SNI: %s][bytes ratio: 0.746 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 734/1 4911/1 1706/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 183/60 894/60 270/0][URL: %s][StatusCode: 0][Req Content-Type: multipart/related][User-Agent: MMS-Relay-DeliveryInitiator][Risk: ** Clear-Text Credentials **** Text With Non-Printable Chars **** Possible Exploit **][Risk Score: 450][Risk Info: Invalid host %s / Found credentials in HTTP Auth Line][PLAIN TEXT (POST /ppgctrl/ppgcontrollogic.d)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 172.20.3.13:53132 <-> 172.20.3.5:80 [proto: 7/HTTP][ClearText][Confidence: Match by port][cat: Web/5][9 pkts/1650 bytes <-> 4 pkts/240 bytes][Goodput ratio: 70/0][5.14 sec][bytes ratio: 0.746 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 734/1 4911/1 1706/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 183/60 894/60 270/0][PLAIN TEXT (POST /ppgctrl/ppgcontrollogic.d)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 172.20.3.5:2602 <-> 172.20.3.13:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][4 pkts/942 bytes <-> 4 pkts/703 bytes][Goodput ratio: 75/69][11.10 sec][Hostname/SNI: 172.20.3.13][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/106 3699/5548 10844/10989 5054/5442][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 236/176 762/541 304/211][URL: 172.20.3.13.servlets/mms][StatusCode: 200][Req Content-Type: application/xml][Content-Type: application/xml][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 172.20.3.13][PLAIN TEXT (POST .servlets/mms HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 172.20.3.13:53136 <-> 172.20.3.5:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][5 pkts/586 bytes <-> 6 pkts/999 bytes][Goodput ratio: 54/66][5.21 sec][bytes ratio: -0.261 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/96 1737/1302 4910/5010 2247/2141][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 117/166 370/481 126/150][PLAIN TEXT (POST /ppgctrl/ppgcon)][Plen Bins: 0,0,25,0,25,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 172.20.3.5:9587 -> 172.20.3.13:80 [proto: 7/HTTP][ClearText][Confidence: DPI][cat: Web/5][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (POST /servlets/mms HTTP/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/result/genshin-impact.pcap.out b/tests/result/genshin-impact.pcap.out index 15f96aacf..a86e46fa0 100644 --- a/tests/result/genshin-impact.pcap.out +++ b/tests/result/genshin-impact.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (4.00 pkts/flow) DPI Packets (UDP): 3 (1.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 553 (92.17 diss/flow) +Num dissector calls: 526 (87.67 diss/flow) GenshinImpact 90 18405 6 diff --git a/tests/result/git.pcap.out b/tests/result/git.pcap.out index 479f556cb..6c9771189 100644 --- a/tests/result/git.pcap.out +++ b/tests/result/git.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) Git 90 74005 1 diff --git a/tests/result/gnutella.pcap.out b/tests/result/gnutella.pcap.out index 266f8f5d0..61b4bdf36 100644 --- a/tests/result/gnutella.pcap.out +++ b/tests/result/gnutella.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 595 (flows) Confidence Match by port : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 163 (flows) -Num dissector calls: 64111 (84.36 diss/flow) +Num dissector calls: 63001 (82.90 diss/flow) Unknown 1423 119577 595 MDNS 18 1632 2 diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index df94a07e1..e76d050a8 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 28 (28.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 254 (254.00 diss/flow) +Num dissector calls: 215 (215.00 diss/flow) Google 28 9108 1 diff --git a/tests/result/googledns_android10.pcap.out b/tests/result/googledns_android10.pcap.out index 80c091efc..fe917412c 100644 --- a/tests/result/googledns_android10.pcap.out +++ b/tests/result/googledns_android10.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 42 (6.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 122 (15.25 diss/flow) +Num dissector calls: 39 (4.88 diss/flow) ICMP 4 392 1 Google 8 504 2 diff --git a/tests/result/hpvirtgrp.pcap.out b/tests/result/hpvirtgrp.pcap.out index defd5f6c4..e47a5b725 100644 --- a/tests/result/hpvirtgrp.pcap.out +++ b/tests/result/hpvirtgrp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 37 (4.11 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 1107 (123.00 diss/flow) +Num dissector calls: 1026 (114.00 diss/flow) HP_VIRTGRP 135 12739 9 diff --git a/tests/result/http-crash-content-disposition.pcap.out b/tests/result/http-crash-content-disposition.pcap.out index afd31f6fe..93f86abb0 100644 --- a/tests/result/http-crash-content-disposition.pcap.out +++ b/tests/result/http-crash-content-disposition.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) AmazonAWS 9 3328 1 diff --git a/tests/result/http-lines-split.pcap.out b/tests/result/http-lines-split.pcap.out index 7554868b8..de72f0d16 100644 --- a/tests/result/http-lines-split.pcap.out +++ b/tests/result/http-lines-split.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) HTTP 14 2503 1 diff --git a/tests/result/http-manipulated.pcap.out b/tests/result/http-manipulated.pcap.out index 835b9ccf3..b254cc015 100644 --- a/tests/result/http-manipulated.pcap.out +++ b/tests/result/http-manipulated.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 58 (29.00 diss/flow) +Num dissector calls: 36 (18.00 diss/flow) HTTP 328 959347 2 diff --git a/tests/result/http-proxy.pcapng.out b/tests/result/http-proxy.pcapng.out index 1db4df408..77866625d 100644 --- a/tests/result/http-proxy.pcapng.out +++ b/tests/result/http-proxy.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) HTTP_Proxy 11 1652 1 diff --git a/tests/result/http_auth.pcap.out b/tests/result/http_auth.pcap.out index a19d2405a..b64c81f40 100644 --- a/tests/result/http_auth.pcap.out +++ b/tests/result/http_auth.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) HTTP 33 20574 1 diff --git a/tests/result/http_connect.pcap.out b/tests/result/http_connect.pcap.out index d02bfd5ed..0ed685e7f 100644 --- a/tests/result/http_connect.pcap.out +++ b/tests/result/http_connect.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 31 (10.33 diss/flow) +Num dissector calls: 9 (3.00 diss/flow) DNS 2 178 1 TLS 58 36496 1 diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index d5970d850..97920d389 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 232 (15.47 diss/flow) +Num dissector calls: 130 (8.67 diss/flow) Unknown 3 502 1 ntop 80 36401 4 diff --git a/tests/result/iec60780-5-104.pcap.out b/tests/result/iec60780-5-104.pcap.out index f68628337..91c727979 100644 --- a/tests/result/iec60780-5-104.pcap.out +++ b/tests/result/iec60780-5-104.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 24 (4.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 90 (15.00 diss/flow) +Num dissector calls: 24 (4.00 diss/flow) IEC60870 147 9033 6 diff --git a/tests/result/imap-starttls.pcap.out b/tests/result/imap-starttls.pcap.out index 65dd10236..889375a91 100644 --- a/tests/result/imap-starttls.pcap.out +++ b/tests/result/imap-starttls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 193 (193.00 diss/flow) +Num dissector calls: 181 (181.00 diss/flow) IMAPS 32 7975 1 diff --git a/tests/result/imap.pcap.out b/tests/result/imap.pcap.out index 3fd6bc4f0..2bcd5d226 100644 --- a/tests/result/imap.pcap.out +++ b/tests/result/imap.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 216 (216.00 diss/flow) +Num dissector calls: 204 (204.00 diss/flow) IMAP 33 3774 1 diff --git a/tests/result/imaps.pcap.out b/tests/result/imaps.pcap.out index 003572281..102b117d8 100644 --- a/tests/result/imaps.pcap.out +++ b/tests/result/imaps.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 17 (17.00 diss/flow) +Num dissector calls: 6 (6.00 diss/flow) ntop 20 5196 1 diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index e4f7114b8..a8eb6d0a9 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 2046 (53.84 diss/flow) +Num dissector calls: 1863 (49.03 diss/flow) Unknown 1 66 1 HTTP 116 91784 6 diff --git a/tests/result/iphone.pcap.out b/tests/result/iphone.pcap.out index 133f184da..a75a2740c 100644 --- a/tests/result/iphone.pcap.out +++ b/tests/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 562 (11.02 diss/flow) +Num dissector calls: 397 (7.78 diss/flow) Unknown 2 120 1 MDNS 17 7012 5 diff --git a/tests/result/ipp.pcap.out b/tests/result/ipp.pcap.out index 85a64b9c5..f0d78751c 100644 --- a/tests/result/ipp.pcap.out +++ b/tests/result/ipp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 21 (7.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 99 (33.00 diss/flow) +Num dissector calls: 66 (22.00 diss/flow) IPP 277 248554 3 diff --git a/tests/result/irc.pcap.out b/tests/result/irc.pcap.out index 2a1e753c6..846f56458 100644 --- a/tests/result/irc.pcap.out +++ b/tests/result/irc.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 170 (170.00 diss/flow) +Num dissector calls: 159 (159.00 diss/flow) IRC 29 8945 1 diff --git a/tests/result/ja3_lots_of_cipher_suites.pcap.out b/tests/result/ja3_lots_of_cipher_suites.pcap.out index 69ed2a11a..18f12476e 100644 --- a/tests/result/ja3_lots_of_cipher_suites.pcap.out +++ b/tests/result/ja3_lots_of_cipher_suites.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) TLS 11 5132 1 diff --git a/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out b/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out index 484917416..58b54b781 100644 --- a/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) TLS 27 6966 1 diff --git a/tests/result/jabber.pcap.out b/tests/result/jabber.pcap.out index 70ac71270..f00b40543 100644 --- a/tests/result/jabber.pcap.out +++ b/tests/result/jabber.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 74 (6.17 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1532 (127.67 diss/flow) +Num dissector calls: 1424 (118.67 diss/flow) Jabber 358 61304 12 diff --git a/tests/result/kerberos-login.pcap.out b/tests/result/kerberos-login.pcap.out index fa15d673a..037c4dcc8 100644 --- a/tests/result/kerberos-login.pcap.out +++ b/tests/result/kerberos-login.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) DPI Packets (UDP): 12 (1.00 pkts/flow) Confidence DPI : 13 (flows) -Num dissector calls: 31 (2.38 diss/flow) +Num dissector calls: 17 (1.31 diss/flow) Kerberos 39 37272 13 diff --git a/tests/result/lisp_registration.pcap.out b/tests/result/lisp_registration.pcap.out index ce6d3d7f0..7530d6bf1 100644 --- a/tests/result/lisp_registration.pcap.out +++ b/tests/result/lisp_registration.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (4.00 pkts/flow) DPI Packets (UDP): 2 (1.00 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 224 (56.00 diss/flow) +Num dissector calls: 206 (51.50 diss/flow) LISP 30 5266 4 diff --git a/tests/result/log4j-webapp-exploit.pcap.out b/tests/result/log4j-webapp-exploit.pcap.out index a74ae0ed1..b57830dd4 100644 --- a/tests/result/log4j-webapp-exploit.pcap.out +++ b/tests/result/log4j-webapp-exploit.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 63 (9.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 547 (78.14 diss/flow) +Num dissector calls: 467 (66.71 diss/flow) Unknown 356 25081 2 HTTP 34 6741 3 diff --git a/tests/result/long_tls_certificate.pcap.out b/tests/result/long_tls_certificate.pcap.out index c5b18b67e..0ecc490e6 100644 --- a/tests/result/long_tls_certificate.pcap.out +++ b/tests/result/long_tls_certificate.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (12.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) Alibaba 47 14812 1 diff --git a/tests/result/malware.pcap.out b/tests/result/malware.pcap.out index 83539ecf0..61a7a98ba 100644 --- a/tests/result/malware.pcap.out +++ b/tests/result/malware.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 4 (flows) -Num dissector calls: 38 (7.60 diss/flow) +Num dissector calls: 22 (4.40 diss/flow) DNS 2 216 1 HTTP 1 66 1 diff --git a/tests/result/memcached.cap.out b/tests/result/memcached.cap.out index 8df8a3e6d..5643331a6 100644 --- a/tests/result/memcached.cap.out +++ b/tests/result/memcached.cap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 136 (136.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) Memcached 10 1711 1 diff --git a/tests/result/monero.pcap.out b/tests/result/monero.pcap.out index 37c9d46da..d86204fff 100644 --- a/tests/result/monero.pcap.out +++ b/tests/result/monero.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 88 (44.00 diss/flow) +Num dissector calls: 68 (34.00 diss/flow) Mining 319 166676 2 diff --git a/tests/result/mongo_false_positive.pcapng.out b/tests/result/mongo_false_positive.pcapng.out index 5f70a6302..e755d0775 100644 --- a/tests/result/mongo_false_positive.pcapng.out +++ b/tests/result/mongo_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (26.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 415 (415.00 diss/flow) +Num dissector calls: 409 (409.00 diss/flow) TLS 26 12163 1 diff --git a/tests/result/mongodb.pcap.out b/tests/result/mongodb.pcap.out index b0ead9009..99bc0cd43 100644 --- a/tests/result/mongodb.pcap.out +++ b/tests/result/mongodb.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 27 (3.38 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 216 (27.00 diss/flow) +Num dissector calls: 136 (17.00 diss/flow) Unknown 3 230 1 MongoDB 24 2510 7 diff --git a/tests/result/mpeg-dash.pcap.out b/tests/result/mpeg-dash.pcap.out index 4289fc287..1f8fb0852 100644 --- a/tests/result/mpeg-dash.pcap.out +++ b/tests/result/mpeg-dash.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (2.50 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 88 (22.00 diss/flow) +Num dissector calls: 69 (17.25 diss/flow) AmazonAWS 9 2693 3 MpegDash 4 1976 1 diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index dbac65857..bb5a60728 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) ntop 19 10643 1 diff --git a/tests/result/mqtt.pcap.out b/tests/result/mqtt.pcap.out index 8dfc471fc..36ec1958a 100644 --- a/tests/result/mqtt.pcap.out +++ b/tests/result/mqtt.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 3 (1.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 8 (4.00 diss/flow) +Num dissector calls: 3 (1.50 diss/flow) MQTT 9 1481 2 diff --git a/tests/result/mysql-8.pcap.out b/tests/result/mysql-8.pcap.out index b7f3f0beb..bb43987ec 100644 --- a/tests/result/mysql-8.pcap.out +++ b/tests/result/mysql-8.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) MySQL 4 367 1 diff --git a/tests/result/nats.pcap.out b/tests/result/nats.pcap.out index 2d5e55056..4974ba034 100644 --- a/tests/result/nats.pcap.out +++ b/tests/result/nats.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (5.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 56 (28.00 diss/flow) +Num dissector calls: 30 (15.00 diss/flow) Nats 27 2460 2 diff --git a/tests/result/ndpi_match_string_subprotocol__error.pcapng.out b/tests/result/ndpi_match_string_subprotocol__error.pcapng.out index 86a5158c2..19943c781 100644 --- a/tests/result/ndpi_match_string_subprotocol__error.pcapng.out +++ b/tests/result/ndpi_match_string_subprotocol__error.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 24 (24.00 diss/flow) +Num dissector calls: 19 (19.00 diss/flow) SOAP 13 2935 1 diff --git a/tests/result/nest_log_sink.pcap.out b/tests/result/nest_log_sink.pcap.out index a22d9b80f..b6c8be3b5 100644 --- a/tests/result/nest_log_sink.pcap.out +++ b/tests/result/nest_log_sink.pcap.out @@ -1,10 +1,10 @@ Guessed flow protos: 1 -DPI Packets (TCP): 128 (9.85 pkts/flow) +DPI Packets (TCP): 130 (10.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 13 (flows) -Num dissector calls: 2115 (151.07 diss/flow) +Num dissector calls: 1905 (136.07 diss/flow) DNS 15 1612 1 NestLogSink 676 112058 12 diff --git a/tests/result/netbios.pcap.out b/tests/result/netbios.pcap.out index 1d5a27846..5d31a930b 100644 --- a/tests/result/netbios.pcap.out +++ b/tests/result/netbios.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 14 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 14 (flows) -Num dissector calls: 137 (9.13 diss/flow) +Num dissector calls: 136 (9.07 diss/flow) NetBIOS 258 24196 13 SMBv1 2 486 2 diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index 341e1f477..a82ca5987 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (2.08 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 60 (flows) -Num dissector calls: 1110 (18.20 diss/flow) +Num dissector calls: 596 (9.77 diss/flow) DNS 4 386 2 SSDP 16 2648 1 diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 8819e4443..8c0a49c4a 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 35 (2.33 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 6 (flows) Confidence DPI : 15 (flows) -Num dissector calls: 1295 (61.67 diss/flow) +Num dissector calls: 1265 (60.24 diss/flow) ICMP 30 2100 2 Nintendo 890 320242 12 diff --git a/tests/result/nntp.pcap.out b/tests/result/nntp.pcap.out index 44c674eca..3997179d1 100644 --- a/tests/result/nntp.pcap.out +++ b/tests/result/nntp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 142 (142.00 diss/flow) +Num dissector calls: 132 (132.00 diss/flow) Usenet 32 7037 1 diff --git a/tests/result/no_sni.pcap.out b/tests/result/no_sni.pcap.out index a806185f7..619080c62 100644 --- a/tests/result/no_sni.pcap.out +++ b/tests/result/no_sni.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 51 (6.38 pkts/flow) Confidence DPI : 8 (flows) -Num dissector calls: 106 (13.25 diss/flow) +Num dissector calls: 29 (3.62 diss/flow) DoH_DoT 268 31882 1 Cloudflare 917 562254 7 diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index d5d25cb93..4f08d2887 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 92 (7.67 pkts/flow) DPI Packets (UDP): 8 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 18 (flows) -Num dissector calls: 200 (10.00 diss/flow) +Num dissector calls: 110 (5.50 diss/flow) Google 29 3320 5 OCS 863 57552 7 diff --git a/tests/result/ocsp.pcapng.out b/tests/result/ocsp.pcapng.out index 8db082c9e..9445e09c9 100644 --- a/tests/result/ocsp.pcapng.out +++ b/tests/result/ocsp.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 60 (6.00 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 290 (29.00 diss/flow) +Num dissector calls: 180 (18.00 diss/flow) HTTP 23 10871 1 OCSP 321 62776 9 diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out index 954712ba4..b8cfe61b6 100644 --- a/tests/result/ookla.pcap.out +++ b/tests/result/ookla.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 16 (8.00 pkts/flow) Confidence DPI (cache) : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 138 (69.00 diss/flow) +Num dissector calls: 118 (59.00 diss/flow) Ookla 5086 4689745 2 diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index d40fc61f1..8ee895a0c 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 393 (131.00 diss/flow) +Num dissector calls: 383 (127.67 diss/flow) OpenVPN 298 57111 3 diff --git a/tests/result/oracle12.pcapng.out b/tests/result/oracle12.pcapng.out index f53b9f2da..6511fb903 100644 --- a/tests/result/oracle12.pcapng.out +++ b/tests/result/oracle12.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 20 (20.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 306 (306.00 diss/flow) +Num dissector calls: 291 (291.00 diss/flow) Oracle 20 2518 1 diff --git a/tests/result/pgsql.pcap.out b/tests/result/pgsql.pcap.out index e3ffa7b82..dd1474315 100644 --- a/tests/result/pgsql.pcap.out +++ b/tests/result/pgsql.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 272 (136.00 diss/flow) +Num dissector calls: 252 (126.00 diss/flow) PostgreSQL 39 4709 2 diff --git a/tests/result/pinterest.pcap.out b/tests/result/pinterest.pcap.out index 650960951..1d76ae36c 100644 --- a/tests/result/pinterest.pcap.out +++ b/tests/result/pinterest.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 16 DPI Packets (TCP): 224 (6.05 pkts/flow) Confidence Match by port : 16 (flows) Confidence DPI : 21 (flows) -Num dissector calls: 333 (9.00 diss/flow) +Num dissector calls: 21 (0.57 diss/flow) TLS 979 1924858 20 Facebook 242 237988 2 diff --git a/tests/result/pluralsight.pcap.out b/tests/result/pluralsight.pcap.out index 2d4995bc0..b382769ee 100644 --- a/tests/result/pluralsight.pcap.out +++ b/tests/result/pluralsight.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 33 (5.50 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 66 (11.00 diss/flow) +Num dissector calls: 18 (3.00 diss/flow) Pluralsight 44 29652 6 diff --git a/tests/result/pop3.pcap.out b/tests/result/pop3.pcap.out index 8ee95c0b2..195705eb9 100644 --- a/tests/result/pop3.pcap.out +++ b/tests/result/pop3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 192 (192.00 diss/flow) +Num dissector calls: 180 (180.00 diss/flow) POP3 31 3915 1 diff --git a/tests/result/pops.pcapng.out b/tests/result/pops.pcapng.out index 0ec1ad423..aa3a7fe41 100644 --- a/tests/result/pops.pcapng.out +++ b/tests/result/pops.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 13 (13.00 diss/flow) +Num dissector calls: 5 (5.00 diss/flow) POPS 5 2998 1 diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 02886d02b..1d93b9e6d 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 201 (4.57 pkts/flow) Confidence Unknown : 34 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 71 (flows) -Num dissector calls: 6270 (58.60 diss/flow) +Num dissector calls: 6257 (58.48 diss/flow) Unknown 990 378832 34 HTTP 372 399367 45 diff --git a/tests/result/pptp.pcap.out b/tests/result/pptp.pcap.out index e321170f5..81383a32b 100644 --- a/tests/result/pptp.pcap.out +++ b/tests/result/pptp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 63 (63.00 diss/flow) +Num dissector calls: 53 (53.00 diss/flow) PPTP 24 2328 1 diff --git a/tests/result/psiphon3.pcap.out b/tests/result/psiphon3.pcap.out index cdad295eb..516e276fa 100644 --- a/tests/result/psiphon3.pcap.out +++ b/tests/result/psiphon3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (12.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 19 (19.00 diss/flow) +Num dissector calls: 5 (5.00 diss/flow) Psiphon 62 11818 1 diff --git a/tests/result/punycode-idn.pcap.out b/tests/result/punycode-idn.pcap.out index 2be36d0bd..b704e67bc 100644 --- a/tests/result/punycode-idn.pcap.out +++ b/tests/result/punycode-idn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 8 (8.00 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 31 (10.33 diss/flow) +Num dissector calls: 20 (6.67 diss/flow) DNS 2 162 1 Spotify 2 197 1 diff --git a/tests/result/rdp.pcap.out b/tests/result/rdp.pcap.out index f0bc275a0..8ac651d27 100644 --- a/tests/result/rdp.pcap.out +++ b/tests/result/rdp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) RDP 2010 622743 1 diff --git a/tests/result/reasm_crash_anon.pcapng.out b/tests/result/reasm_crash_anon.pcapng.out index 32c3ab998..d6a9b4aec 100644 --- a/tests/result/reasm_crash_anon.pcapng.out +++ b/tests/result/reasm_crash_anon.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 339 (339.00 diss/flow) +Num dissector calls: 321 (321.00 diss/flow) Unknown 200 20067 1 diff --git a/tests/result/reasm_segv_anon.pcapng.out b/tests/result/reasm_segv_anon.pcapng.out index b0970929e..46c73bb62 100644 --- a/tests/result/reasm_segv_anon.pcapng.out +++ b/tests/result/reasm_segv_anon.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 318 (318.00 diss/flow) +Num dissector calls: 260 (260.00 diss/flow) HTTP 82 77940 1 diff --git a/tests/result/reddit.pcap.out b/tests/result/reddit.pcap.out index b7816cb49..a569a8113 100644 --- a/tests/result/reddit.pcap.out +++ b/tests/result/reddit.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 445 (7.42 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 59 (flows) -Num dissector calls: 659 (10.98 diss/flow) +Num dissector calls: 59 (0.98 diss/flow) TLS 508 331149 13 Twitter 863 686585 3 diff --git a/tests/result/rsh.pcap.out b/tests/result/rsh.pcap.out index f319d3470..960a72868 100644 --- a/tests/result/rsh.pcap.out +++ b/tests/result/rsh.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 324 (162.00 diss/flow) +Num dissector calls: 304 (152.00 diss/flow) RSH 24 1721 2 diff --git a/tests/result/rsync.pcap.out b/tests/result/rsync.pcap.out index bfbcfffa0..e94871ac2 100644 --- a/tests/result/rsync.pcap.out +++ b/tests/result/rsync.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 184 (184.00 diss/flow) +Num dissector calls: 173 (173.00 diss/flow) RSYNC 30 2493 1 diff --git a/tests/result/rtmp.pcap.out b/tests/result/rtmp.pcap.out index 65c8a08f9..20ef43cd0 100644 --- a/tests/result/rtmp.pcap.out +++ b/tests/result/rtmp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 166 (166.00 diss/flow) +Num dissector calls: 155 (155.00 diss/flow) RTMP 26 8368 1 diff --git a/tests/result/rtsp.pcap.out b/tests/result/rtsp.pcap.out index d9feb9fd7..448fed501 100644 --- a/tests/result/rtsp.pcap.out +++ b/tests/result/rtsp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 87 (12.43 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 256 (36.57 diss/flow) +Num dissector calls: 82 (11.71 diss/flow) RTSP 568 100872 7 diff --git a/tests/result/safari.pcap.out b/tests/result/safari.pcap.out index 18654eebb..00c3e209f 100644 --- a/tests/result/safari.pcap.out +++ b/tests/result/safari.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 46 (6.57 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 105 (15.00 diss/flow) +Num dissector calls: 28 (4.00 diss/flow) TLS 6019 5570309 7 diff --git a/tests/result/salesforce.pcap.out b/tests/result/salesforce.pcap.out index 12f0b9c86..9caa5fbc2 100644 --- a/tests/result/salesforce.pcap.out +++ b/tests/result/salesforce.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) Salesforce 15 5205 1 diff --git a/tests/result/sccp_hw_conf_register.pcapng.out b/tests/result/sccp_hw_conf_register.pcapng.out index d2f013bee..d77104843 100644 --- a/tests/result/sccp_hw_conf_register.pcapng.out +++ b/tests/result/sccp_hw_conf_register.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) CiscoSkinny 17 1522 1 diff --git a/tests/result/selfsigned.pcap.out b/tests/result/selfsigned.pcap.out index 3d433501a..38c8a95a4 100644 --- a/tests/result/selfsigned.pcap.out +++ b/tests/result/selfsigned.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 21 (21.00 diss/flow) +Num dissector calls: 7 (7.00 diss/flow) ntop 20 3766 1 diff --git a/tests/result/signal.pcap.out b/tests/result/signal.pcap.out index 6feaef838..86ca0de2b 100644 --- a/tests/result/signal.pcap.out +++ b/tests/result/signal.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 97 (6.47 pkts/flow) DPI Packets (UDP): 5 (1.67 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 19 (flows) -Num dissector calls: 187 (9.84 diss/flow) +Num dissector calls: 55 (2.89 diss/flow) DNS 2 186 1 DHCP 4 1368 1 diff --git a/tests/result/simple-dnscrypt.pcap.out b/tests/result/simple-dnscrypt.pcap.out index 4b804b84a..e46141f8b 100644 --- a/tests/result/simple-dnscrypt.pcap.out +++ b/tests/result/simple-dnscrypt.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 47 (11.75 pkts/flow) Confidence DPI (cache) : 3 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 60 (15.00 diss/flow) +Num dissector calls: 16 (4.00 diss/flow) DNScrypt 111 44676 4 diff --git a/tests/result/sites.pcapng.out b/tests/result/sites.pcapng.out index 90f173ca6..11b6593f4 100644 --- a/tests/result/sites.pcapng.out +++ b/tests/result/sites.pcapng.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 3 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence Match by IP : 3 (flows) Confidence DPI : 43 (flows) -Num dissector calls: 533 (11.34 diss/flow) +Num dissector calls: 154 (3.28 diss/flow) HTTP 2 148 1 Xbox 4 2245 1 diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 7684bc692..8171e1af7 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 61 (flows) Confidence Match by port : 27 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 204 (flows) -Num dissector calls: 32058 (109.41 diss/flow) +Num dissector calls: 28965 (98.86 diss/flow) Unknown 1575 272476 61 DNS 2 267 1 diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index e405b780b..673b3766c 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 45 (flows) Confidence Match by port : 22 (flows) Confidence DPI : 200 (flows) -Num dissector calls: 26230 (98.24 diss/flow) +Num dissector calls: 24039 (90.03 diss/flow) Unknown 850 152468 45 DNS 2 267 1 diff --git a/tests/result/smb_frags.pcap.out b/tests/result/smb_frags.pcap.out index 388fddadb..58476acd8 100644 --- a/tests/result/smb_frags.pcap.out +++ b/tests/result/smb_frags.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 160 (160.00 diss/flow) +Num dissector calls: 154 (154.00 diss/flow) SMBv1 8 2763 1 diff --git a/tests/result/smpp_in_general.pcap.out b/tests/result/smpp_in_general.pcap.out index 334d974c6..e39d00df6 100644 --- a/tests/result/smpp_in_general.pcap.out +++ b/tests/result/smpp_in_general.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 101 (101.00 diss/flow) +Num dissector calls: 92 (92.00 diss/flow) SMPP 17 1144 1 diff --git a/tests/result/smtp-starttls.pcap.out b/tests/result/smtp-starttls.pcap.out index bb240e768..7b7a1235b 100644 --- a/tests/result/smtp-starttls.pcap.out +++ b/tests/result/smtp-starttls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) Google 36 8403 1 diff --git a/tests/result/smtp.pcap.out b/tests/result/smtp.pcap.out index fffce7c9c..ab2a11694 100644 --- a/tests/result/smtp.pcap.out +++ b/tests/result/smtp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 209 (209.00 diss/flow) +Num dissector calls: 198 (198.00 diss/flow) SMTP 95 23157 1 diff --git a/tests/result/smtps.pcapng.out b/tests/result/smtps.pcapng.out index 670ed2419..9aaee6f3e 100644 --- a/tests/result/smtps.pcapng.out +++ b/tests/result/smtps.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 13 (13.00 diss/flow) +Num dissector calls: 5 (5.00 diss/flow) SMTPS 4 936 1 diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out index 6ff4f180b..b27416c49 100644 --- a/tests/result/snapchat.pcap.out +++ b/tests/result/snapchat.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 18 (6.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 45 (15.00 diss/flow) +Num dissector calls: 12 (4.00 diss/flow) Google 22 2879 1 Snapchat 34 7320 2 diff --git a/tests/result/soap.pcap.out b/tests/result/soap.pcap.out index b3b914695..26d8b919f 100644 --- a/tests/result/soap.pcap.out +++ b/tests/result/soap.pcap.out @@ -1,12 +1,14 @@ -Guessed flow protos: 0 +Guessed flow protos: 1 -DPI Packets (TCP): 11 (3.67 pkts/flow) -Confidence DPI : 3 (flows) -Num dissector calls: 366 (122.00 diss/flow) +DPI Packets (TCP): 20 (6.67 pkts/flow) +Confidence Match by port : 1 (flows) +Confidence DPI : 2 (flows) +Num dissector calls: 378 (126.00 diss/flow) +HTTP 14 5498 1 Microsoft 1 1506 1 -SOAP 19 9442 2 +SOAP 5 3944 1 - 1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 253/SOAP][ClearText][Confidence: DPI][cat: RPC/16][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] + 1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][ClearText][Confidence: Match by port][cat: Web/5][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] 2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 253/SOAP][ClearText][Confidence: DPI][cat: RPC/16][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 253.212/SOAP.Microsoft][ClearText][Confidence: DPI][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/result/socks-http-example.pcap.out b/tests/result/socks-http-example.pcap.out index 1da44c57f..ed3985cf3 100644 --- a/tests/result/socks-http-example.pcap.out +++ b/tests/result/socks-http-example.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 29 (9.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 518 (172.67 diss/flow) +Num dissector calls: 482 (160.67 diss/flow) SOCKS 46 8383 3 diff --git a/tests/result/softether-http.pcap.out b/tests/result/softether-http.pcap.out index 95d83222d..646e9ccaf 100644 --- a/tests/result/softether-http.pcap.out +++ b/tests/result/softether-http.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) Softether 4 1392 1 diff --git a/tests/result/ssh.pcap.out b/tests/result/ssh.pcap.out index 7e85e85c4..bc286d389 100644 --- a/tests/result/ssh.pcap.out +++ b/tests/result/ssh.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) SSH 258 35546 1 diff --git a/tests/result/ssl-cert-name-mismatch.pcap.out b/tests/result/ssl-cert-name-mismatch.pcap.out index 80ba311e2..18b89f308 100644 --- a/tests/result/ssl-cert-name-mismatch.pcap.out +++ b/tests/result/ssl-cert-name-mismatch.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) GoogleCloud 21 5412 1 diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 3ccd735df..db5d59f4d 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 8 (flows) Confidence Match by IP : 5 (flows) Confidence DPI : 39 (flows) -Num dissector calls: 1866 (35.88 diss/flow) +Num dissector calls: 1545 (29.71 diss/flow) DNS 26 2848 7 HTTP 450 294880 19 diff --git a/tests/result/synscan.pcap.out b/tests/result/synscan.pcap.out index 4819f90c8..db727f571 100644 --- a/tests/result/synscan.pcap.out +++ b/tests/result/synscan.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1992 DPI Packets (TCP): 2011 (1.01 pkts/flow) Confidence Unknown : 1868 (flows) Confidence Match by port : 126 (flows) -Num dissector calls: 11984 (6.01 diss/flow) +Num dissector calls: 2003 (1.00 diss/flow) Unknown 1872 108584 1868 FTP_CONTROL 2 116 2 diff --git a/tests/result/syslog.pcap.out b/tests/result/syslog.pcap.out index 546e7982e..51ed96c6a 100644 --- a/tests/result/syslog.pcap.out +++ b/tests/result/syslog.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 10 (5.00 pkts/flow) DPI Packets (UDP): 20 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 21 (flows) -Num dissector calls: 73 (3.32 diss/flow) +Num dissector calls: 64 (2.91 diss/flow) Unknown 1 78 1 Syslog 93 20321 21 diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index 6c5818be4..41e5c8f37 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 1143 (13.77 diss/flow) +Num dissector calls: 712 (8.58 diss/flow) Unknown 4 456 1 DNS 10 1357 5 diff --git a/tests/result/teamviewer.pcap.out b/tests/result/teamviewer.pcap.out index 39e8fc820..abb0968fa 100644 --- a/tests/result/teamviewer.pcap.out +++ b/tests/result/teamviewer.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 156 (78.00 diss/flow) +Num dissector calls: 145 (72.50 diss/flow) TeamViewer 1298 704218 2 diff --git a/tests/result/telnet.pcap.out b/tests/result/telnet.pcap.out index b761eb08d..4cd9c7a90 100644 --- a/tests/result/telnet.pcap.out +++ b/tests/result/telnet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 164 (164.00 diss/flow) +Num dissector calls: 154 (154.00 diss/flow) Telnet 87 7418 1 diff --git a/tests/result/threema.pcap.out b/tests/result/threema.pcap.out index 8d1b32d8b..d6525d018 100644 --- a/tests/result/threema.pcap.out +++ b/tests/result/threema.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 66 (11.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 4 (flows) -Num dissector calls: 1336 (222.67 diss/flow) +Num dissector calls: 1262 (210.33 diss/flow) Threema 83 11578 6 diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out index d6efe7059..8e9955c6a 100644 --- a/tests/result/tinc.pcap.out +++ b/tests/result/tinc.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 19 (9.50 pkts/flow) DPI Packets (UDP): 2 (1.00 pkts/flow) Confidence DPI (cache) : 2 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 558 (139.50 diss/flow) +Num dissector calls: 535 (133.75 diss/flow) TINC 317 352291 4 diff --git a/tests/result/tls_2_reasms.pcapng.out b/tests/result/tls_2_reasms.pcapng.out index ef5621be8..7403dc0db 100644 --- a/tests/result/tls_2_reasms.pcapng.out +++ b/tests/result/tls_2_reasms.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 7 (7.00 diss/flow) +Num dissector calls: 2 (2.00 diss/flow) Instagram 14 6907 1 diff --git a/tests/result/tls_2_reasms_b.pcapng.out b/tests/result/tls_2_reasms_b.pcapng.out index 5e96556c8..f3f8f61fb 100644 --- a/tests/result/tls_2_reasms_b.pcapng.out +++ b/tests/result/tls_2_reasms_b.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 11 (11.00 diss/flow) +Num dissector calls: 3 (3.00 diss/flow) Facebook 15 13455 1 diff --git a/tests/result/tls_alert.pcap.out b/tests/result/tls_alert.pcap.out index 830dcdde0..54a10eaec 100644 --- a/tests/result/tls_alert.pcap.out +++ b/tests/result/tls_alert.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 16 (8.00 diss/flow) +Num dissector calls: 5 (2.50 diss/flow) TLS 7 533 1 Google 11 952 1 diff --git a/tests/result/tls_certificate_too_long.pcap.out b/tests/result/tls_certificate_too_long.pcap.out index 014d50152..3295972cb 100644 --- a/tests/result/tls_certificate_too_long.pcap.out +++ b/tests/result/tls_certificate_too_long.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 33 (flows) -Num dissector calls: 755 (21.57 diss/flow) +Num dissector calls: 626 (17.89 diss/flow) Unknown 13 5582 1 MDNS 5 983 3 diff --git a/tests/result/tls_esni_sni_both.pcap.out b/tests/result/tls_esni_sni_both.pcap.out index 55447114f..37a60109e 100644 --- a/tests/result/tls_esni_sni_both.pcap.out +++ b/tests/result/tls_esni_sni_both.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 30 (15.00 diss/flow) +Num dissector calls: 8 (4.00 diss/flow) Cloudflare 38 15899 2 diff --git a/tests/result/tls_false_positives.pcapng.out b/tests/result/tls_false_positives.pcapng.out index 1c461866b..fd047dade 100644 --- a/tests/result/tls_false_positives.pcapng.out +++ b/tests/result/tls_false_positives.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 30 (30.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 411 (411.00 diss/flow) +Num dissector calls: 408 (408.00 diss/flow) Unknown 30 37313 1 diff --git a/tests/result/tls_invalid_reads.pcap.out b/tests/result/tls_invalid_reads.pcap.out index 20c96b8e7..ec97f0314 100644 --- a/tests/result/tls_invalid_reads.pcap.out +++ b/tests/result/tls_invalid_reads.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 10 (3.33 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 144 (48.00 diss/flow) +Num dissector calls: 128 (42.67 diss/flow) TLS 7 1827 1 Crashlytics 3 560 1 diff --git a/tests/result/tls_long_cert.pcap.out b/tests/result/tls_long_cert.pcap.out index 4251e3d83..aa4b87075 100644 --- a/tests/result/tls_long_cert.pcap.out +++ b/tests/result/tls_long_cert.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) TLS 182 117601 1 diff --git a/tests/result/tls_missing_ch_frag.pcap.out b/tests/result/tls_missing_ch_frag.pcap.out index cd8934d6d..e97068da2 100644 --- a/tests/result/tls_missing_ch_frag.pcap.out +++ b/tests/result/tls_missing_ch_frag.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 127 (127.00 diss/flow) +Num dissector calls: 124 (124.00 diss/flow) TLS 14 10082 1 diff --git a/tests/result/tls_port_80.pcapng.out b/tests/result/tls_port_80.pcapng.out index 586a6e683..d0d233440 100644 --- a/tests/result/tls_port_80.pcapng.out +++ b/tests/result/tls_port_80.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 13 (13.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 17 (17.00 diss/flow) +Num dissector calls: 6 (6.00 diss/flow) TLS 13 2439 1 diff --git a/tests/result/tls_torrent.pcapng.out b/tests/result/tls_torrent.pcapng.out index f4852eb48..99375348e 100644 --- a/tests/result/tls_torrent.pcapng.out +++ b/tests/result/tls_torrent.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 11 (11.00 diss/flow) +Num dissector calls: 3 (3.00 diss/flow) BitTorrent 7 6308 1 diff --git a/tests/result/tls_verylong_certificate.pcap.out b/tests/result/tls_verylong_certificate.pcap.out index f0d348799..c133616ed 100644 --- a/tests/result/tls_verylong_certificate.pcap.out +++ b/tests/result/tls_verylong_certificate.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) TLS 48 22229 1 diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 549b17689..d1ef53bd5 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 43 (5.38 pkts/flow) DPI Packets (UDP): 3 (1.00 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 10 (flows) -Num dissector calls: 155 (14.09 diss/flow) +Num dissector calls: 73 (6.64 diss/flow) SMBv1 1 252 1 TLS 2028 1601908 4 diff --git a/tests/result/trickbot.pcap.out b/tests/result/trickbot.pcap.out index d4b7f3595..a8cbd53aa 100644 --- a/tests/result/trickbot.pcap.out +++ b/tests/result/trickbot.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) HTTP 74 62002 1 diff --git a/tests/result/tumblr.pcap.out b/tests/result/tumblr.pcap.out index d9ffdd088..44a2b27dc 100644 --- a/tests/result/tumblr.pcap.out +++ b/tests/result/tumblr.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 32 DPI Packets (TCP): 237 (5.04 pkts/flow) Confidence Match by port : 28 (flows) Confidence DPI : 19 (flows) -Num dissector calls: 323 (6.87 diss/flow) +Num dissector calls: 19 (0.40 diss/flow) Yahoo 31 9933 1 Tumblr 1733 1208864 2 diff --git a/tests/result/tunnelbear.pcap.out b/tests/result/tunnelbear.pcap.out index bf168ff0d..5f55a5aa4 100644 --- a/tests/result/tunnelbear.pcap.out +++ b/tests/result/tunnelbear.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (TCP): 125 (5.95 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 20 (flows) -Num dissector calls: 316 (15.05 diss/flow) +Num dissector calls: 85 (4.05 diss/flow) TLS 34 13737 2 Google 5 306 1 diff --git a/tests/result/ultrasurf.pcap.out b/tests/result/ultrasurf.pcap.out index 03c16fc59..3d228250b 100644 --- a/tests/result/ultrasurf.pcap.out +++ b/tests/result/ultrasurf.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 13 (4.33 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 153 (51.00 diss/flow) +Num dissector calls: 131 (43.67 diss/flow) TLS 5171 5127023 2 UltraSurf 2971 2991918 1 diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index ab7e1275a..07c32e85a 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 704 (24.28 diss/flow) +Num dissector calls: 557 (19.21 diss/flow) DNS 8 1267 4 MDNS 4 412 1 diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out index 302a2846f..3946b3165 100644 --- a/tests/result/vnc.pcap.out +++ b/tests/result/vnc.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (5.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 282 (141.00 diss/flow) +Num dissector calls: 264 (132.00 diss/flow) VNC 4551 329158 2 diff --git a/tests/result/wa_video.pcap.out b/tests/result/wa_video.pcap.out index 535df00f9..06474e374 100644 --- a/tests/result/wa_video.pcap.out +++ b/tests/result/wa_video.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 33 (33.00 pkts/flow) DPI Packets (UDP): 13 (1.00 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 13 (flows) -Num dissector calls: 531 (37.93 diss/flow) +Num dissector calls: 515 (36.79 diss/flow) SSDP 8 1377 3 DHCP 2 684 1 diff --git a/tests/result/wa_voice.pcap.out b/tests/result/wa_voice.pcap.out index 3ab896e1b..caf3b87b2 100644 --- a/tests/result/wa_voice.pcap.out +++ b/tests/result/wa_voice.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 33 (1.57 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 27 (flows) -Num dissector calls: 496 (17.71 diss/flow) +Num dissector calls: 457 (16.32 diss/flow) Unknown 2 120 1 MDNS 10 1188 2 diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index c7f327ac7..d021d6bc9 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 9 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 891 (27.00 diss/flow) +Num dissector calls: 482 (14.61 diss/flow) Unknown 10 786 1 HTTP 65 64777 8 diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 206bd1007..872617b66 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 17 (8.50 pkts/flow) Confidence Match by port : 1 (flows) Confidence Match by IP : 3 (flows) Confidence DPI : 53 (flows) -Num dissector calls: 1072 (18.81 diss/flow) +Num dissector calls: 478 (8.39 diss/flow) HTTP 22 3182 2 TLS 106 11841 8 diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 638295fc2..e7744a1b8 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Match by port : 17 (flows) Confidence Match by IP : 8 (flows) Confidence DPI : 78 (flows) -Num dissector calls: 1532 (14.87 diss/flow) +Num dissector calls: 590 (5.73 diss/flow) DNS 13 1075 8 HTTP 70 4620 8 diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 2c5eb56ef..56d740da2 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 44 (3.14 pkts/flow) Confidence Match by port : 13 (flows) Confidence Match by IP : 8 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 904 (20.55 diss/flow) +Num dissector calls: 646 (14.68 diss/flow) DNS 6 630 3 HTTP 19 2275 5 diff --git a/tests/result/whatsapp.pcap.out b/tests/result/whatsapp.pcap.out index adef2b112..4966989d5 100644 --- a/tests/result/whatsapp.pcap.out +++ b/tests/result/whatsapp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 344 (4.00 pkts/flow) Confidence DPI : 86 (flows) -Num dissector calls: 13158 (153.00 diss/flow) +Num dissector calls: 12642 (147.00 diss/flow) WhatsApp 679 96293 86 diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index c2535abd5..fe92d164d 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence Match by IP : 16 (flows) Confidence DPI : 37 (flows) -Num dissector calls: 689 (12.09 diss/flow) +Num dissector calls: 408 (7.16 diss/flow) HTTP 11 726 3 MDNS 8 952 4 diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index ad80872b4..06e3d43f2 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 25 (8.33 pkts/flow) DPI Packets (UDP): 7 (1.17 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 316 (35.11 diss/flow) +Num dissector calls: 304 (33.78 diss/flow) MDNS 2 202 2 DHCP 6 2052 1 diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index edba4522f..a68b3b3d4 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 20 (4.00 pkts/flow) DPI Packets (UDP): 8 (1.00 pkts/flow) Confidence DPI : 13 (flows) -Num dissector calls: 548 (42.15 diss/flow) +Num dissector calls: 503 (38.69 diss/flow) WhatsAppCall 44 5916 8 WhatsApp 217 22139 5 diff --git a/tests/result/whatsappfiles.pcap.out b/tests/result/whatsappfiles.pcap.out index 927310911..3fb41fd86 100644 --- a/tests/result/whatsappfiles.pcap.out +++ b/tests/result/whatsappfiles.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 14 (7.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 30 (15.00 diss/flow) +Num dissector calls: 8 (4.00 diss/flow) WhatsAppFiles 620 452233 2 diff --git a/tests/result/whois.pcapng.out b/tests/result/whois.pcapng.out index 7ab41402e..f2d11ef71 100644 --- a/tests/result/whois.pcapng.out +++ b/tests/result/whois.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 16 (5.33 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 216 (72.00 diss/flow) +Num dissector calls: 190 (63.33 diss/flow) TLS 7 2046 1 Whois-DAS 16 4294 2 diff --git a/tests/result/windowsupdate_over_http.pcap.out b/tests/result/windowsupdate_over_http.pcap.out index c55aba02f..556d9b66b 100644 --- a/tests/result/windowsupdate_over_http.pcap.out +++ b/tests/result/windowsupdate_over_http.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 29 (29.00 diss/flow) +Num dissector calls: 18 (18.00 diss/flow) WindowsUpdate 20 15975 1 diff --git a/tests/result/wow.pcap.out b/tests/result/wow.pcap.out index 972e454fa..bad7a3c6c 100644 --- a/tests/result/wow.pcap.out +++ b/tests/result/wow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 36 (7.20 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 217 (43.40 diss/flow) +Num dissector calls: 150 (30.00 diss/flow) WorldOfWarcraft 95 10688 5 diff --git a/tests/result/xiaomi.pcap.out b/tests/result/xiaomi.pcap.out index 64015011c..96f201700 100644 --- a/tests/result/xiaomi.pcap.out +++ b/tests/result/xiaomi.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 19 (2.71 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 761 (108.71 diss/flow) +Num dissector calls: 723 (103.29 diss/flow) Xiaomi 52 11467 7 diff --git a/tests/result/xss.pcap.out b/tests/result/xss.pcap.out index ca3f0c265..35a7dc7e8 100644 --- a/tests/result/xss.pcap.out +++ b/tests/result/xss.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 9 (4.50 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 43 (21.50 diss/flow) +Num dissector calls: 21 (10.50 diss/flow) HTTP 11 3209 2 diff --git a/tests/result/youtubeupload.pcap.out b/tests/result/youtubeupload.pcap.out index 00f6cfb00..931332a94 100644 --- a/tests/result/youtubeupload.pcap.out +++ b/tests/result/youtubeupload.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (8.00 pkts/flow) DPI Packets (UDP): 2 (1.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 17 (5.67 diss/flow) +Num dissector calls: 6 (2.00 diss/flow) YouTubeUpload 137 127038 3 diff --git a/tests/result/z3950.pcapng.out b/tests/result/z3950.pcapng.out index af811f34e..d81427210 100644 --- a/tests/result/z3950.pcapng.out +++ b/tests/result/z3950.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 496 (248.00 diss/flow) +Num dissector calls: 471 (235.50 diss/flow) Z3950 31 6308 2 diff --git a/tests/result/zabbix.pcap.out b/tests/result/zabbix.pcap.out index c907c5830..a68d4f724 100644 --- a/tests/result/zabbix.pcap.out +++ b/tests/result/zabbix.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) +Num dissector calls: 4 (4.00 diss/flow) Zabbix 10 715 1 diff --git a/tests/result/zattoo.pcap.out b/tests/result/zattoo.pcap.out index 77e208862..ddbacf7e5 100644 --- a/tests/result/zattoo.pcap.out +++ b/tests/result/zattoo.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 10 (5.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 43 (21.50 diss/flow) +Num dissector calls: 21 (10.50 diss/flow) Zattoo 32 13467 2 diff --git a/tests/result/zcash.pcap.out b/tests/result/zcash.pcap.out index 2167c29c1..544285c89 100644 --- a/tests/result/zcash.pcap.out +++ b/tests/result/zcash.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 44 (44.00 diss/flow) +Num dissector calls: 34 (34.00 diss/flow) Mining 145 20644 1 diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index 0768a705a..8a1b60a13 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 25 (1.47 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 31 (flows) -Num dissector calls: 943 (28.58 diss/flow) +Num dissector calls: 834 (25.27 diss/flow) DNS 2 205 1 MDNS 1 87 1 diff --git a/tests/result/zoom2.pcap.out b/tests/result/zoom2.pcap.out index 58d153135..157f45278 100644 --- a/tests/result/zoom2.pcap.out +++ b/tests/result/zoom2.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 75 (25.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by IP : 3 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 871 (174.20 diss/flow) +Num dissector calls: 860 (172.00 diss/flow) ICMP 27 1890 1 Zoom 11950 9004950 4 diff --git a/utils/whatsapp_ip_addresses_download.sh b/utils/whatsapp_ip_addresses_download.sh index 7234906d6..f36f4fed3 100755 --- a/utils/whatsapp_ip_addresses_download.sh +++ b/utils/whatsapp_ip_addresses_download.sh @@ -11,7 +11,7 @@ IP_LINK_URL='https://developers.facebook.com/docs/whatsapp/guides/network-requir echo "(1) Scraping Facebook WhatsApp IP Adresses and Ranges..." -ORIGIN="$(curl -s "${IP_LINK_URL}" | sed -ne 's/.*<a href="\([^"]*\)" target="_blank">List of the WhatsApp server IP addresses and ranges (.zip file)<\/a>.*/\1/gp' | sed -e 's/\&/\&/g')" +ORIGIN="$(curl -s "${IP_LINK_URL}" | sed -ne 's/.*<a href="\([^"]*\)" target="_blank">WhatsApp server IP addresses and ranges (.zip file)<\/a>.*/\1/gp' | sed -e 's/\&/\&/g')" echo "(2) Downloading file... ${ORIGIN}" http_response=$(curl -s -o $TMP -w "%{http_code}" ${ORIGIN}) @@ -21,7 +21,7 @@ if [ "$http_response" != "200" ]; then fi echo "(3) Processing IP addresses..." -zcat $TMP > $LIST +unzip -p /tmp/wa.zip "WhatsApp IPs (IPv4 Only) 2022-07-26 - 2022-07-30.txt" > $LIST ./ipaddr2list.py $LIST NDPI_PROTOCOL_WHATSAPP > $DEST rm -f $TMP $LIST |