diff options
| -rw-r--r-- | src/include/ndpi_api.h | 8 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 16 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 19 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 26 | ||||
| -rw-r--r-- | src/lib/protocols/dns.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 76 | ||||
| -rw-r--r-- | src/lib/protocols/ssl.c | 4 | ||||
| -rw-r--r-- | tests/pcap/waze.pcap | bin | 0 -> 368569 bytes | |||
| -rw-r--r-- | tests/result/KakaoTalk_chat.pcap.out | 48 | ||||
| -rw-r--r-- | tests/result/KakaoTalk_talk.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/Meu.pcap.out | 54 | ||||
| -rw-r--r-- | tests/result/google_ssl.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/skype.pcap.out | 68 | ||||
| -rw-r--r-- | tests/result/skype_no_unknown.pcap.out | 50 | ||||
| -rw-r--r-- | tests/result/snapchat.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/waze.pcap.out | 44 | ||||
| -rw-r--r-- | tests/result/whatsapp_login_call.pcap.out | 44 | ||||
| -rw-r--r-- | tests/result/whatsapp_login_chat.pcap.out | 4 |
18 files changed, 286 insertions, 192 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index d3fff5cfd..30948706b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -173,11 +173,13 @@ extern "C" { u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport); ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport); - int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len); + int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id); int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len); + char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id); int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, ndpi_automa *automa, char *bigram_to_match); char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len); diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 67b6189b7..bd31f50b6 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -220,7 +220,7 @@ #define NDPI_SERVICE_GOOGLE 126 #define NDPI_SERVICE_NETFLIX 133 #define NDPI_SERVICE_LASTFM 134 -#define NDPI_SERVICE_GROOVESHARK 135 +#define NDPI_SERVICE_WAZE 135 #define NDPI_SERVICE_APPLE 140 #define NDPI_SERVICE_WHATSAPP 142 #define NDPI_SERVICE_APPLE_ICLOUD 143 @@ -237,7 +237,7 @@ #define NDPI_SERVICE_YAHOO NDPI_PROTOCOL_YAHOO /* Tomasz Bujlow <tomasz@skatnet.dk> */ #define NDPI_SERVICE_PANDORA 187 #define NDPI_PROTOCOL_EAQ 190 -#define NDPI_SERVICE_MEU 191 +#define NDPI_SERVICE_TIMMEU 191 #define NDPI_SERVICE_TORCEDOR 192 #define NDPI_SERVICE_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ #define NDPI_SERVICE_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ @@ -246,9 +246,19 @@ #define NDPI_SERVICE_TIM 197 /* Traffic for tim.com.br and tim.it */ #define NDPI_PROTOCOL_MPEGTS 198 #define NDPI_SERVICE_SNAPCHAT 199 +#define NDPI_SERVICE_SIMET 200 +#define NDPI_SERVICE_OPENSIGNAL 201 +#define NDPI_SERVICE_99TAXI 202 +#define NDPI_SERVICE_EASYTAXI 203 +#define NDPI_SERVICE_GLOBOTV 204 +#define NDPI_SERVICE_TIMSOMDECHAMADA 205 +#define NDPI_SERVICE_TIMMENU 206 +#define NDPI_SERVICE_TIMPORTASABERTAS 207 +#define NDPI_SERVICE_TIMRECARGA 208 +#define NDPI_SERVICE_TIMBETA 209 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_SERVICE_SNAPCHAT +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_SERVICE_TIMBETA #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index af29a9e50..496797b7e 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7282,6 +7282,9 @@ static ndpi_network host_protocol_list[] = { { 0xC709F98C, 32, NDPI_SERVICE_TWITCH }, { 0xC709F9C5, 32, NDPI_SERVICE_TWITCH }, +/* Simet - 200.160.4.0/24 */ +{ 0xC8A00400, 24, NDPI_SERVICE_SIMET }, + { 0x0, 0, 0 } }; @@ -7330,7 +7333,6 @@ ndpi_protocol_match host_match[] = { { "maps.gstatic.com", "GoogleMaps", NDPI_SERVICE_GOOGLE_MAPS, NDPI_PROTOCOL_ACCEPTABLE }, { ".gmail.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_SAFE }, { "mail.google.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_SAFE }, - { ".grooveshark.com", "GrooveShark", NDPI_SERVICE_GROOVESHARK, NDPI_PROTOCOL_FUN }, { ".last.fm", "LastFM", NDPI_SERVICE_LASTFM, NDPI_PROTOCOL_FUN }, { "msn.com", "MSN", NDPI_SERVICE_MSN, NDPI_PROTOCOL_FUN }, { "netflix.com", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_FUN }, @@ -7363,7 +7365,7 @@ ndpi_protocol_match host_match[] = { { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_FUN }, { ".pandora.com", "Pandora", NDPI_SERVICE_PANDORA, NDPI_PROTOCOL_FUN }, { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { "appmeutim.tim.com.br", "Meu", NDPI_SERVICE_MEU, NDPI_PROTOCOL_ACCEPTABLE }, + { "appmeutim.tim.com.br", "TIM_Meu", NDPI_SERVICE_TIMMEU, NDPI_PROTOCOL_ACCEPTABLE }, { ".timtorcedor.com.br", "Torcedor", NDPI_SERVICE_TORCEDOR, NDPI_PROTOCOL_ACCEPTABLE }, { ".kakao.com", "KakaoTalk", NDPI_SERVICE_KAKAOTALK, NDPI_PROTOCOL_FUN }, { "ttvnw.net", "Twitch", NDPI_SERVICE_TWITCH, NDPI_PROTOCOL_FUN }, @@ -7378,6 +7380,19 @@ ndpi_protocol_match host_match[] = { { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_FUN }, { "feelinsonice.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_FUN }, + { ".waze.com", "Waze", NDPI_SERVICE_WAZE, NDPI_PROTOCOL_ACCEPTABLE }, + { "simet-", "Simet", NDPI_SERVICE_SIMET, NDPI_PROTOCOL_ACCEPTABLE }, + { "opensignal.com", "OpenSignal", NDPI_SERVICE_OPENSIGNAL, NDPI_PROTOCOL_ACCEPTABLE }, + { "99taxis.com", "99Taxi", NDPI_SERVICE_99TAXI, NDPI_PROTOCOL_ACCEPTABLE }, + { "easytaxis.com", "EasyTaxi", NDPI_SERVICE_EASYTAXI, NDPI_PROTOCOL_ACCEPTABLE }, + { ".globo.com", "GloboTV", NDPI_SERVICE_GLOBOTV, NDPI_PROTOCOL_ACCEPTABLE }, + { ".glbimg.com", "GloboTV", NDPI_SERVICE_GLOBOTV, NDPI_PROTOCOL_ACCEPTABLE }, + { "timsomdechamada.com.br", "SomDeChamada", NDPI_SERVICE_TIMSOMDECHAMADA, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tim.acotelbr.com.br", "TIM_Menu", NDPI_SERVICE_TIMMENU, NDPI_PROTOCOL_ACCEPTABLE }, + { ".timbeta.com.br", "TIM_Beta", NDPI_SERVICE_TIMBETA, NDPI_PROTOCOL_ACCEPTABLE }, + { "tim-geoportal.geoportal3d.com.br", "TIM_PortasAbertas", NDPI_SERVICE_TIMPORTASABERTAS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".m4u.com.br", "TIM_Recarga", NDPI_SERVICE_TIMRECARGA, NDPI_PROTOCOL_ACCEPTABLE }, + { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index cad78df5c..ec2e320e5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4156,7 +4156,8 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, proto, shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.protocol = rc; + ret.protocol = rc, + ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport); return(ret); } @@ -4306,7 +4307,8 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, ndpi_automa *automa, struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len) { + char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id) { int matching_protocol_id; struct ndpi_packet_struct *packet = &flow->packet; AC_TEXT_t ac_input_text; @@ -4333,14 +4335,14 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str strncpy(m, string_to_match, len); m[len] = '\0'; - printf("[NDPI] ndpi_match_string_subprotocol(%s): %s\n", m, ndpi_struct->proto_defaults[matching_protocol_id].protoName); + printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n", m, ndpi_struct->proto_defaults[matching_protocol_id].protoName); } #endif if(matching_protocol_id != NDPI_PROTOCOL_UNKNOWN) { /* Move the protocol on slot 0 down one position */ - packet->detected_protocol_stack[1] = packet->detected_protocol_stack[0]; - packet->detected_protocol_stack[0] = matching_protocol_id; + packet->detected_protocol_stack[1] = master_protocol_id, + packet->detected_protocol_stack[0] = matching_protocol_id; flow->detected_protocol_stack[0] = packet->detected_protocol_stack[0], flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1]; @@ -4358,20 +4360,24 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str /* ****************************************************** */ -int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len) { + char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id) { return(ndpi_automa_match_string_subprotocol(ndpi_struct, &ndpi_struct->host_automa, - flow, string_to_match, string_to_match_len)); + flow, string_to_match, string_to_match_len, + master_protocol_id)); } /* ****************************************************** */ int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len) { + char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id) { return(ndpi_automa_match_string_subprotocol(ndpi_struct, &ndpi_struct->content_automa, - flow, string_to_match, string_to_match_len)); + flow, string_to_match, string_to_match_len, + master_protocol_id)); } /* ****************************************************** */ diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 089ea913d..787f9f4d7 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -265,9 +265,10 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd #endif if(ndpi_struct->match_dns_host_names) - ndpi_match_string_subprotocol(ndpi_struct, flow, + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, - strlen((const char*)flow->host_server_name)); + strlen((const char*)flow->host_server_name), + NDPI_PROTOCOL_DNS); } i++; @@ -284,7 +285,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { /* - Do not set the protocol with DNS if ndpi_match_string_subprotocol() has + Do not set the protocol with DNS if ndpi_match_host_subprotocol() has matched a subprotocol */ NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "found DNS.\n"); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 92c3404b7..aea36a634 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -177,7 +177,8 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc */ if(((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC73B9400 /* 199.59.148.0 */) || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC73B9400 /* 199.59.148.0 */)) { - packet->detected_protocol_stack[0] = NDPI_SERVICE_TWITTER; + packet->detected_protocol_stack[0] = NDPI_SERVICE_TWITTER, + packet->detected_protocol_stack[1] = NDPI_PROTOCOL_HTTP; return; } @@ -188,7 +189,8 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc */ if(((ntohl(packet->iph->saddr) & 0xFFFFE000 /* 255.255.224.0 */) == 0x4535E000 /* 69.53.224.0 */) || ((ntohl(packet->iph->daddr) & 0xFFFFE000 /* 255.255.224.0 */) == 0x4535E000 /* 69.53.224.0 */)) { - packet->detected_protocol_stack[0] = NDPI_SERVICE_NETFLIX; + packet->detected_protocol_stack[0] = NDPI_SERVICE_NETFLIX, + packet->detected_protocol_stack[1] = NDPI_PROTOCOL_HTTP; return; } } @@ -196,7 +198,7 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc if((flow->l4.tcp.http_stage == 0) || (flow->http.url && flow->http_detected)) { /* Try matching subprotocols */ - // ndpi_match_string_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len); + // ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len); /* NOTE @@ -207,9 +209,13 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc if(!ndpi_struct->http_dont_dissect_response) { if(flow->http.url && flow->http_detected) - ndpi_match_string_subprotocol(ndpi_struct, flow, (char *)&flow->http.url[7], strlen((const char *)&flow->http.url[7])); + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)&flow->http.url[7], + strlen((const char *)&flow->http.url[7]), + NDPI_PROTOCOL_HTTP); } else - ndpi_match_string_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char *)flow->host_server_name)); + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, + strlen((const char *)flow->host_server_name), + NDPI_PROTOCOL_HTTP); } } @@ -344,10 +350,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); +#if 0 if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) ndpi_match_content_subprotocol(ndpi_struct, flow, (char*)packet->user_agent_line.ptr, - packet->user_agent_line.len); + packet->user_agent_line.len, + NDPI_PROTOCOL_HTTP); +#endif } /* check for host line */ @@ -358,10 +367,11 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ packet->host_line.len, packet->host_line.ptr); if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) - ndpi_match_content_subprotocol(ndpi_struct, flow, - (char*)packet->host_line.ptr, - packet->host_line.len); - + ndpi_match_host_subprotocol(ndpi_struct, flow, + (char*)packet->host_line.ptr, + packet->host_line.len, + NDPI_PROTOCOL_HTTP); + /* Copy result for nDPI apps */ len = ndpi_min(packet->host_line.len, sizeof(flow->host_server_name)-1); strncpy((char*)flow->host_server_name, (char*)packet->host_line.ptr, len); @@ -376,16 +386,18 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected)) - ndpi_match_string_subprotocol(ndpi_struct, flow, + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, - strlen((const char *)flow->host_server_name)); + strlen((const char *)flow->host_server_name), + NDPI_PROTOCOL_HTTP); if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected) && (packet->http_origin.len > 0)) - ndpi_match_string_subprotocol(ndpi_struct, flow, + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)packet->http_origin.ptr, - packet->http_origin.len); + packet->http_origin.len, + NDPI_PROTOCOL_HTTP); if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { @@ -427,7 +439,9 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ packet->content_line.len, packet->content_line.ptr); if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) - ndpi_match_content_subprotocol(ndpi_struct, flow, (char*)packet->content_line.ptr, packet->content_line.len); + ndpi_match_content_subprotocol(ndpi_struct, flow, + (char*)packet->content_line.ptr, packet->content_line.len, + NDPI_PROTOCOL_HTTP); } /* check user agent here too */ @@ -761,7 +775,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct u_int16_t filename_start; /* Check if we so far detected the protocol in the request or not. */ - if (flow->l4.tcp.http_stage == 0) { + if(flow->l4.tcp.http_stage == 0) { flow->http_detected = 0; NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %d: \n", @@ -770,10 +784,10 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct filename_start = http_request_url_offset(ndpi_struct, flow); - if (filename_start == 0) { + if(filename_start == 0) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Filename HTTP not found, we look for possible truncate flow...\n"); - if (packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { + if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response found (truncated flow ?)\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); @@ -791,7 +805,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct ndpi_parse_packet_line_info(ndpi_struct, flow); - if (packet->parsed_lines <= 1) { + if(packet->parsed_lines <= 1) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found just one line, we will look further for the next packet...\n"); @@ -832,8 +846,6 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP START Found, we will look for sub-protocols (content and host)...\n"); - check_content_type_and_change_protocol(ndpi_struct, flow); - if(packet->host_line.ptr != NULL) { /* nDPI is pretty scrupoulous about HTTP so it waits until the @@ -852,21 +864,23 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 } + check_content_type_and_change_protocol(ndpi_struct, flow); + return; } } NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n"); http_bitmask_exclude(flow); - } else if ((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) { + } else if((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", flow->l4.tcp.http_stage); /* At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return, * otherwise check the second packet for the http request . */ - if ((flow->l4.tcp.http_stage - packet->packet_direction) == 1) { + if((flow->l4.tcp.http_stage - packet->packet_direction) == 1) { - if (flow->http_detected) + if(flow->http_detected) return; NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, @@ -874,9 +888,9 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct ndpi_parse_packet_line_info(ndpi_struct, flow); - if (packet->parsed_lines <= 1) { + if(packet->parsed_lines <= 1) { /* wait some packets in case request is split over more than 2 packets */ - if (flow->packet_counter < 5) { + if(flow->packet_counter < 5) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "line still not finished, search next packet\n"); return; @@ -889,7 +903,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } } // http://www.slideshare.net/DSPIP/rtsp-analysis-wireshark - if (packet->line[0].len >= 9 + if(packet->line[0].len >= 9 && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP.\n"); @@ -906,7 +920,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* This is a packet in another direction. Check if we find the proper response. */ /* We have received a response for a previously identified partial HTTP request */ - if ((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { + if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { /* In apache if you do "GET /\n\n" the response comes without any header so we can assume that this can be the case @@ -918,14 +932,14 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } /* If we already detected the http request, we can add the connection and then check for the sub-protocol*/ - if (flow->http_detected) + if(flow->http_detected) ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); /* Parse packet line and we look for the subprotocols */ ndpi_parse_packet_line_info(ndpi_struct, flow); check_content_type_and_change_protocol(ndpi_struct, flow); - if (packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) { + if(packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "empty line. check_http_payload.\n"); check_http_payload(ndpi_struct, flow); } @@ -941,7 +955,7 @@ void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_packet_struct *packet = &flow->packet; /* Break after 20 packets. */ - if (flow->packet_counter > 20) { + if(flow->packet_counter > 20) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP.\n"); http_bitmask_exclude(flow); return; diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 12a198498..b113bf197 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -307,7 +307,9 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s printf("***** [SSL] %s\n", certificate); #endif - if(ndpi_match_string_subprotocol(ndpi_struct, flow, certificate, strlen(certificate)) != NDPI_PROTOCOL_UNKNOWN) + if(ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, + strlen(certificate), + NDPI_PROTOCOL_SSL) != NDPI_PROTOCOL_UNKNOWN) return(rc); /* Fix courtesy of Gianluca Costa <g.costa@xplico.org> */ #ifdef NDPI_PROTOCOL_TOR diff --git a/tests/pcap/waze.pcap b/tests/pcap/waze.pcap Binary files differnew file mode 100644 index 000000000..d16d61a75 --- /dev/null +++ b/tests/pcap/waze.pcap diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 75fff57b2..b569250c6 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -8,42 +8,42 @@ Google 1 164 1 HTTP_Proxy 26 3926 1 KakaoTalk 55 9990 15 - 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] - 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 193/KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] - 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 193/KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] + 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] + 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] + 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] 4 TCP 10.24.82.188:34503 <-> 120.28.26.242:80 [proto: 7/HTTP][1 pkts/56 bytes] 5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes] - 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 119/Facebook][2 pkts/229 bytes][Host: developers.facebook.com] - 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] + 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] + 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] - 9 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 193/KakaoTalk][27 pkts/7126 bytes][SSL server: *.kakao.com] - 10 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 193/KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] - 11 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] - 12 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 193/KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] + 9 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][SSL server: *.kakao.com] + 10 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] + 11 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] + 12 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] 13 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] 14 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] - 15 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 193/KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] - 16 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 193/KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] - 17 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 193/KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 18 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 193/KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 15 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] + 16 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] + 17 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 18 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] 19 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][SSL server: *.push.samsungosp.com] - 20 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] - 21 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 119/Facebook][38 pkts/7591 bytes][SSL server: *.facebook.com] - 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 119/Facebook][36 pkts/7152 bytes][SSL server: *.facebook.com] + 20 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] + 21 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][SSL server: *.facebook.com] + 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][SSL server: *.facebook.com] 23 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] - 24 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] + 24 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] 25 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] 26 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] - 27 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 119/Facebook][2 pkts/218 bytes][Host: graph.facebook.com] + 27 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] 28 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][14 pkts/784 bytes] - 29 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 119/Facebook][2 pkts/196 bytes][Host: api.facebook.com] + 29 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] 30 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] 31 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91/SSL][1 pkts/83 bytes] - 32 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 193/KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] - 33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 119/Facebook][34 pkts/9655 bytes][SSL client: graph.facebook.com] - 34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 119/Facebook][19 pkts/7707 bytes][SSL client: api.facebook.com] - 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 119/Facebook][29 pkts/9077 bytes][SSL client: developers.facebook.com] - 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 119/Facebook][28 pkts/7561 bytes][SSL server: *.facebook.com] + 32 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] + 33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][SSL client: graph.facebook.com] + 34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][SSL client: api.facebook.com] + 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][SSL client: developers.facebook.com] + 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][SSL server: *.facebook.com] 37 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91/SSL][4 pkts/251 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 1ec2dbd61..3cf76becd 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -10,9 +10,9 @@ Tor 40 10538 1 KakaoTalk_Voice 44 6196 2 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] - 2 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 126/Google][1 pkts/56 bytes] + 2 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes] 3 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] - 4 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 119/Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] + 4 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] 5 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91/SSL][2 pkts/124 bytes] 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] 7 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] diff --git a/tests/result/Meu.pcap.out b/tests/result/Meu.pcap.out index 660c917e9..788681ba2 100644 --- a/tests/result/Meu.pcap.out +++ b/tests/result/Meu.pcap.out @@ -1,28 +1,28 @@ -Meu 814 658545 26 +TIM_Meu 814 658545 26 - 1 TCP 10.8.0.1:55226 <-> 189.40.216.95:443 [proto: 191/Meu][62 pkts/31584 bytes][SSL client: appmeutim.tim.com.br] - 2 TCP 10.8.0.1:55230 <-> 189.40.216.95:443 [proto: 191/Meu][27 pkts/11642 bytes][SSL client: appmeutim.tim.com.br] - 3 TCP 10.8.0.1:55232 <-> 189.40.216.95:443 [proto: 191/Meu][37 pkts/37269 bytes][SSL client: appmeutim.tim.com.br] - 4 TCP 10.8.0.1:55234 <-> 189.40.216.95:443 [proto: 191/Meu][21 pkts/9350 bytes][SSL client: appmeutim.tim.com.br] - 5 TCP 10.8.0.1:55236 <-> 189.40.216.95:443 [proto: 191/Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br] - 6 TCP 10.8.0.1:55238 <-> 189.40.216.95:443 [proto: 191/Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br] - 7 TCP 10.8.0.1:55250 <-> 189.40.216.95:443 [proto: 191/Meu][22 pkts/9903 bytes][SSL client: appmeutim.tim.com.br] - 8 TCP 10.8.0.1:55252 <-> 189.40.216.95:443 [proto: 191/Meu][34 pkts/20796 bytes][SSL client: appmeutim.tim.com.br] - 9 TCP 10.8.0.1:55254 <-> 189.40.216.95:443 [proto: 191/Meu][27 pkts/8864 bytes][SSL client: appmeutim.tim.com.br] - 10 TCP 10.8.0.1:55262 <-> 189.40.216.95:443 [proto: 191/Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br] - 11 TCP 10.8.0.1:55264 <-> 189.40.216.95:443 [proto: 191/Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br] - 12 TCP 10.8.0.1:55268 <-> 189.40.216.95:443 [proto: 191/Meu][26 pkts/6969 bytes][SSL client: appmeutim.tim.com.br] - 13 TCP 10.8.0.1:55270 <-> 189.40.216.95:443 [proto: 191/Meu][56 pkts/36838 bytes][SSL client: appmeutim.tim.com.br] - 14 TCP 10.8.0.1:55272 <-> 189.40.216.95:443 [proto: 191/Meu][53 pkts/142338 bytes][SSL client: appmeutim.tim.com.br] - 15 TCP 10.8.0.1:55276 <-> 189.40.216.95:443 [proto: 191/Meu][20 pkts/7059 bytes][SSL client: appmeutim.tim.com.br] - 16 TCP 10.8.0.1:55227 <-> 189.40.216.95:443 [proto: 191/Meu][41 pkts/19844 bytes][SSL client: appmeutim.tim.com.br] - 17 TCP 10.8.0.1:55231 <-> 189.40.216.95:443 [proto: 191/Meu][33 pkts/14083 bytes][SSL client: appmeutim.tim.com.br] - 18 TCP 10.8.0.1:55233 <-> 189.40.216.95:443 [proto: 191/Meu][96 pkts/137364 bytes][SSL client: appmeutim.tim.com.br] - 19 TCP 10.8.0.1:55235 <-> 189.40.216.95:443 [proto: 191/Meu][19 pkts/5178 bytes][SSL client: appmeutim.tim.com.br] - 20 TCP 10.8.0.1:55237 <-> 189.40.216.95:443 [proto: 191/Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br] - 21 TCP 10.8.0.1:55239 <-> 189.40.216.95:443 [proto: 191/Meu][85 pkts/122532 bytes][SSL client: appmeutim.tim.com.br] - 22 TCP 10.8.0.1:55251 <-> 189.40.216.95:443 [proto: 191/Meu][20 pkts/6243 bytes][SSL client: appmeutim.tim.com.br] - 23 TCP 10.8.0.1:55253 <-> 189.40.216.95:443 [proto: 191/Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br] - 24 TCP 10.8.0.1:55255 <-> 189.40.216.95:443 [proto: 191/Meu][17 pkts/4594 bytes][SSL client: appmeutim.tim.com.br] - 25 TCP 10.8.0.1:55263 <-> 189.40.216.95:443 [proto: 191/Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br] - 26 TCP 10.8.0.1:55273 <-> 189.40.216.95:443 [proto: 191/Meu][19 pkts/4608 bytes][SSL client: appmeutim.tim.com.br] + 1 TCP 10.8.0.1:55226 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][62 pkts/31584 bytes][SSL client: appmeutim.tim.com.br] + 2 TCP 10.8.0.1:55230 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][27 pkts/11642 bytes][SSL client: appmeutim.tim.com.br] + 3 TCP 10.8.0.1:55232 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][37 pkts/37269 bytes][SSL client: appmeutim.tim.com.br] + 4 TCP 10.8.0.1:55234 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][21 pkts/9350 bytes][SSL client: appmeutim.tim.com.br] + 5 TCP 10.8.0.1:55236 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br] + 6 TCP 10.8.0.1:55238 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br] + 7 TCP 10.8.0.1:55250 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][22 pkts/9903 bytes][SSL client: appmeutim.tim.com.br] + 8 TCP 10.8.0.1:55252 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][34 pkts/20796 bytes][SSL client: appmeutim.tim.com.br] + 9 TCP 10.8.0.1:55254 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][27 pkts/8864 bytes][SSL client: appmeutim.tim.com.br] + 10 TCP 10.8.0.1:55262 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br] + 11 TCP 10.8.0.1:55264 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br] + 12 TCP 10.8.0.1:55268 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][26 pkts/6969 bytes][SSL client: appmeutim.tim.com.br] + 13 TCP 10.8.0.1:55270 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][56 pkts/36838 bytes][SSL client: appmeutim.tim.com.br] + 14 TCP 10.8.0.1:55272 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][53 pkts/142338 bytes][SSL client: appmeutim.tim.com.br] + 15 TCP 10.8.0.1:55276 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][20 pkts/7059 bytes][SSL client: appmeutim.tim.com.br] + 16 TCP 10.8.0.1:55227 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][41 pkts/19844 bytes][SSL client: appmeutim.tim.com.br] + 17 TCP 10.8.0.1:55231 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][33 pkts/14083 bytes][SSL client: appmeutim.tim.com.br] + 18 TCP 10.8.0.1:55233 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][96 pkts/137364 bytes][SSL client: appmeutim.tim.com.br] + 19 TCP 10.8.0.1:55235 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][19 pkts/5178 bytes][SSL client: appmeutim.tim.com.br] + 20 TCP 10.8.0.1:55237 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br] + 21 TCP 10.8.0.1:55239 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][85 pkts/122532 bytes][SSL client: appmeutim.tim.com.br] + 22 TCP 10.8.0.1:55251 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][20 pkts/6243 bytes][SSL client: appmeutim.tim.com.br] + 23 TCP 10.8.0.1:55253 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br] + 24 TCP 10.8.0.1:55255 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][17 pkts/4594 bytes][SSL client: appmeutim.tim.com.br] + 25 TCP 10.8.0.1:55263 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br] + 26 TCP 10.8.0.1:55273 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][19 pkts/4608 bytes][SSL client: appmeutim.tim.com.br] diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index 76b05e607..111be80e6 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -1,3 +1,3 @@ Google 28 9108 1 - 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 126/Google][28 pkts/9108 bytes][SSL server: www.google.com] + 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][SSL server: www.google.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 6ccc2e8e0..84954bdea 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -74,16 +74,16 @@ Spotify 5 430 1 61 UDP 192.168.1.34:13021 <-> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes] 62 UDP 192.168.1.34:13021 <-> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes] 63 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][14 pkts/1132 bytes] - 64 UDP 192.168.1.1:53 <-> 192.168.1.34:49163 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 65 UDP 192.168.1.1:53 <-> 192.168.1.34:49793 [proto: 125/Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 66 UDP 192.168.1.1:53 <-> 192.168.1.34:49903 [proto: 125/Skype][9 pkts/648 bytes][Host: ui.skype.com] + 64 UDP 192.168.1.1:53 <-> 192.168.1.34:49163 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 65 UDP 192.168.1.1:53 <-> 192.168.1.34:49793 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] + 66 UDP 192.168.1.1:53 <-> 192.168.1.34:49903 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][15 pkts/1920 bytes] 68 UDP 192.168.1.1:53 <-> 192.168.1.34:51879 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 69 UDP 192.168.1.1:53 <-> 192.168.1.34:54343 [proto: 125/Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 70 UDP 192.168.1.1:53 <-> 192.168.1.34:55159 [proto: 125/Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 71 UDP 192.168.1.1:53 <-> 192.168.1.34:55711 [proto: 125/Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 72 UDP 192.168.1.1:53 <-> 192.168.1.34:55893 [proto: 125/Skype][5 pkts/360 bytes][Host: ui.skype.com] - 73 UDP 192.168.1.1:53 <-> 192.168.1.34:56387 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 69 UDP 192.168.1.1:53 <-> 192.168.1.34:54343 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 70 UDP 192.168.1.1:53 <-> 192.168.1.34:55159 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 71 UDP 192.168.1.1:53 <-> 192.168.1.34:55711 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 72 UDP 192.168.1.1:53 <-> 192.168.1.34:55893 [proto: 5.125/DNS.Skype][5 pkts/360 bytes][Host: ui.skype.com] + 73 UDP 192.168.1.1:53 <-> 192.168.1.34:56387 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 74 UDP 192.168.1.34:13021 <-> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes] 75 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes] 76 UDP 192.168.1.34:13021 <-> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes] @@ -94,18 +94,18 @@ Spotify 5 430 1 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][20 pkts/1624 bytes] 82 UDP 192.168.1.1:53 <-> 192.168.1.34:63321 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 83 UDP 192.168.1.34:49485 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 84 UDP 192.168.1.1:53 <-> 192.168.1.34:63421 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 84 UDP 192.168.1.1:53 <-> 192.168.1.34:63421 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 85 UDP 192.168.1.1:53 <-> 192.168.1.34:64085 [proto: 5/DNS][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] - 86 UDP 192.168.1.1:53 <-> 192.168.1.34:65045 [proto: 125/Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 87 UDP 192.168.1.1:53 <-> 192.168.1.34:65037 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 86 UDP 192.168.1.1:53 <-> 192.168.1.34:65045 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] + 87 UDP 192.168.1.1:53 <-> 192.168.1.34:65037 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 88 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 125/Skype][19 pkts/5111 bytes] 89 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes] 90 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes] 91 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes] - 92 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 140/Apple][3 pkts/168 bytes] - 93 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 143/AppleiCloud][86 pkts/20286 bytes][SSL client: p05-keyvalueservice.icloud.com] - 94 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 125/Skype][18 pkts/3679 bytes][SSL client: apps.skypeassets.com] - 95 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 125/Skype][15 pkts/2340 bytes][SSL client: apps.skype.com] + 92 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][3 pkts/168 bytes] + 93 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][SSL client: p05-keyvalueservice.icloud.com] + 94 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][SSL client: apps.skypeassets.com] + 95 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][SSL client: apps.skype.com] 96 UDP 192.168.1.34:13021 <-> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes] 97 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] 98 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] @@ -179,7 +179,7 @@ Spotify 5 430 1 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 125/Skype][15 pkts/1513 bytes] 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 125/Skype][16 pkts/1754 bytes] 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 125/Skype][15 pkts/1590 bytes] - 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 125/Skype][8 pkts/608 bytes] + 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] @@ -205,46 +205,46 @@ Spotify 5 430 1 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 195 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 196 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 198 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 198 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] 199 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 125/Skype][8 pkts/608 bytes] 200 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][6 pkts/3264 bytes] 201 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][5 pkts/2720 bytes] 202 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 125/Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 206 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 203 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 206 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 125/Skype][16 pkts/1592 bytes] 208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 125/Skype][16 pkts/1376 bytes] - 209 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 125/Skype][7 pkts/511 bytes][Host: api.skype.com] + 209 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] 210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] 211 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] 212 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] 213 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] - 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 216 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 216 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 217 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] 218 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] 219 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] 220 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] 221 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] 222 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 125/Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 225 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 225 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 226 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 227 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 143/AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 228 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 125/Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 227 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 228 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] 229 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] 230 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 231 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 125/Skype][7 pkts/511 bytes][Host: api.skype.com] + 231 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] 232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] 233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 125/Skype][17 pkts/3535 bytes][SSL client: apps.skype.com] + 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com] 235 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] 236 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] 237 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] @@ -284,7 +284,7 @@ Spotify 5 430 1 271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 125/Skype][20 pkts/1516 bytes] 272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] 273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 274 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 121/DropBox][16 pkts/5980 bytes] + 274 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.DropBox][16 pkts/5980 bytes] 275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 125/Skype][14 pkts/1208 bytes] 276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 125/Skype][13 pkts/1109 bytes] 277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index d7feddaaa..bd0a5d9b4 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -66,10 +66,10 @@ Apple 84 20699 2 54 UDP 192.168.1.34:13021 <-> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes] 55 UDP 192.168.1.34:13021 <-> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes] 56 UDP 133.236.67.25:49195 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/60 bytes] - 57 UDP 192.168.1.1:53 <-> 192.168.1.34:50055 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 57 UDP 192.168.1.1:53 <-> 192.168.1.34:50055 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 58 TCP 149.13.32.15:13392 <-> 192.168.1.34:51305 [proto: 125/Skype][18 pkts/1426 bytes] 59 TCP 149.13.32.15:13392 <-> 192.168.1.34:51309 [proto: 125/Skype][15 pkts/1197 bytes] - 60 UDP 192.168.1.1:53 <-> 192.168.1.34:51753 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 60 UDP 192.168.1.1:53 <-> 192.168.1.34:51753 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 125/Skype][16 pkts/1637 bytes] 62 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][16 pkts/1297 bytes] 63 UDP 111.221.74.14:443 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/60 bytes] @@ -79,13 +79,13 @@ Apple 84 20699 2 67 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes] 68 UDP 192.168.1.34:13021 <-> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes] 69 UDP 192.168.1.34:13021 <-> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes] - 70 UDP 192.168.1.1:53 <-> 192.168.1.34:58631 [proto: 125/Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 71 UDP 192.168.1.1:53 <-> 192.168.1.34:59113 [proto: 125/Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 72 UDP 192.168.1.1:53 <-> 192.168.1.34:60413 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 73 UDP 192.168.1.1:53 <-> 192.168.1.34:61095 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 74 UDP 192.168.1.1:53 <-> 192.168.1.34:62875 [proto: 125/Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] + 70 UDP 192.168.1.1:53 <-> 192.168.1.34:58631 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 71 UDP 192.168.1.1:53 <-> 192.168.1.34:59113 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] + 72 UDP 192.168.1.1:53 <-> 192.168.1.34:60413 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 73 UDP 192.168.1.1:53 <-> 192.168.1.34:61095 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 74 UDP 192.168.1.1:53 <-> 192.168.1.34:62875 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] 75 UDP 192.168.1.1:53 <-> 192.168.1.34:63661 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 76 UDP 192.168.1.1:53 <-> 192.168.1.34:64971 [proto: 125/Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 76 UDP 192.168.1.1:53 <-> 192.168.1.34:64971 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] 77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][14 pkts/1142 bytes] 78 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 125/Skype][23 pkts/12290 bytes] 79 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 125/Skype][1 pkts/78 bytes] @@ -125,9 +125,9 @@ Apple 84 20699 2 113 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 125/Skype][10 pkts/599 bytes] 114 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes] 115 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 116 TCP 192.168.1.34:51222 <-> 108.160.163.108:443 [proto: 121/DropBox][8 pkts/2990 bytes] + 116 TCP 192.168.1.34:51222 <-> 108.160.163.108:443 [proto: 91.121/SSL.DropBox][8 pkts/2990 bytes] 117 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 125/Skype][14 pkts/1253 bytes] - 118 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 125/Skype][3 pkts/206 bytes] + 118 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 119 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] 120 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] 121 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] @@ -188,19 +188,19 @@ Apple 84 20699 2 176 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] 177 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] 178 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 179 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 125/Skype][7 pkts/511 bytes][Host: api.skype.com] + 179 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] 180 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes] 181 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes] 182 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes] 183 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 184 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 125/Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 184 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] 185 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] 186 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 125/Skype][15 pkts/1415 bytes] - 187 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 125/Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 187 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] 188 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] 189 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 190 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 191 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 125/Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 190 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 191 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] 192 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 193 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] 194 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] @@ -212,14 +212,14 @@ Apple 84 20699 2 200 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] 201 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] 202 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 125/Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 125/Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 203 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 204 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] 205 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 206 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 207 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 125/Skype][8 pkts/576 bytes][Host: ui.skype.com] - 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 125/Skype][7 pkts/511 bytes][Host: api.skype.com] - 209 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 210 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 206 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 207 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 209 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 210 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] 211 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] 212 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] 213 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] @@ -230,12 +230,12 @@ Apple 84 20699 2 218 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] 219 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes] 220 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 221 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 140/Apple][76 pkts/19581 bytes] + 221 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] 222 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] 223 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] 224 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 225 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 125/Skype][17 pkts/3535 bytes][SSL client: apps.skype.com] - 226 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 125/Skype][12 pkts/2148 bytes][SSL client: apps.skype.com] + 225 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com] + 226 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][SSL client: apps.skype.com] 227 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] 228 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] 229 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out index cb75d1a87..132460e25 100644 --- a/tests/result/snapchat.pcap.out +++ b/tests/result/snapchat.pcap.out @@ -1,6 +1,6 @@ SSL_No_Cert 22 2879 1 Snapchat 34 7320 2 - 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 199/Snapchat][17 pkts/3943 bytes][SSL client: feelinsonice-hrd.appspot.com] - 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 199/Snapchat][17 pkts/3377 bytes][SSL client: feelinsonice-hrd.appspot.com] + 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3943 bytes][SSL client: feelinsonice-hrd.appspot.com] + 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3377 bytes][SSL client: feelinsonice-hrd.appspot.com] 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64/SSL_No_Cert][22 pkts/2879 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out new file mode 100644 index 000000000..49a6b96e0 --- /dev/null +++ b/tests/result/waze.pcap.out @@ -0,0 +1,44 @@ +Unknown 10 786 1 +HTTP 37 63205 1 +NTP 2 180 1 +SSL_No_Cert 13 2142 1 +Waze 484 289335 19 +WhatsApp 15 1341 1 +Simet 36 2004 9 + + 1 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][15 pkts/1341 bytes] + 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][32 pkts/44619 bytes][SSL server: *.world.waze.com] + 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][20 pkts/5673 bytes][SSL server: *.world.waze.com] + 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][28 pkts/27886 bytes][SSL server: *.world.waze.com] + 5 TCP 200.160.4.49:80 <-> 10.16.37.157:41823 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes] + 6 TCP 200.160.4.31:80 <-> 10.16.37.157:43991 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes] + 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][18 pkts/5553 bytes][SSL server: *.waze.com] + 8 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7.200/HTTP.Simet][4 pkts/216 bytes] + 9 TCP 200.160.4.49:80 <-> 10.16.37.157:46473 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes] + 10 TCP 200.160.4.49:80 <-> 10.16.37.157:52953 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes] + 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][107 pkts/85712 bytes][SSL server: *.world.waze.com] + 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][37 pkts/11984 bytes][SSL server: *.world.waze.com] + 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][24 pkts/6585 bytes][SSL server: *.world.waze.com] + 14 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][16 pkts/9185 bytes][SSL server: *.world.waze.com] + 15 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][15 pkts/1365 bytes][Host: cres.waze.com] + 16 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1326 bytes][Host: cres.waze.com] + 17 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1286 bytes][Host: roadshields.waze.com] + 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1328 bytes][Host: cres.waze.com] + 19 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1323 bytes][Host: cres.waze.com] + 20 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1319 bytes][Host: cres.waze.com] + 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] + 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][13 pkts/2142 bytes] + 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91.200/SSL.Simet][4 pkts/216 bytes] + 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][SSL server: *.waze.com] + 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][21 pkts/7715 bytes][SSL server: *.waze.com] + 26 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][2 pkts/180 bytes] + 27 TCP 200.160.4.49:80 <-> 10.16.37.157:52746 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes] + 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7.200/HTTP.Simet][4 pkts/216 bytes] + 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91.200/SSL.Simet][4 pkts/216 bytes] + 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][23 pkts/5742 bytes][SSL server: *.world.waze.com] + 31 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][33 pkts/58896 bytes][SSL server: *.world.waze.com] + 32 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][17 pkts/4015 bytes][Host: roadshields.waze.com] + + +Undetected flows: + 1 TCP 174.37.231.81:5222 <-> 10.16.37.157:42256 [proto: 0/Unknown][10 pkts/786 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 88cedf98d..81b5d2fa6 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -17,16 +17,16 @@ WhatsAppVoice 662 83338 2 3 ICMP 192.168.2.4:0 <-> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes] 4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][198 pkts/30418 bytes] 5 UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78/STUN][5 pkts/676 bytes] - 6 UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 140/Apple][2 pkts/330 bytes][Host: query.ess.apple.com] + 6 UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78/STUN][5 pkts/676 bytes] 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] - 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 140/Apple][3 pkts/162 bytes] - 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 140/Apple][3 pkts/162 bytes] - 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 140/Apple][3 pkts/162 bytes] - 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 140/Apple][3 pkts/162 bytes] - 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 140/Apple][3 pkts/162 bytes] - 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 140/Apple][3 pkts/162 bytes] - 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 145/AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com] + 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com] 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78/STUN][5 pkts/676 bytes] 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78/STUN][5 pkts/676 bytes] @@ -48,22 +48,22 @@ WhatsAppVoice 662 83338 2 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] - 37 UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 142/WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] + 37 UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 128/NetFlow][12 pkts/1032 bytes] 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] - 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 140/Apple][3 pkts/162 bytes] - 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 140/Apple][3 pkts/162 bytes] - 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 140/Apple][3 pkts/162 bytes] - 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 140/Apple][3 pkts/162 bytes] - 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 140/Apple][3 pkts/162 bytes] - 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 140/Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com] - 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 140/Apple][3 pkts/162 bytes] - 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 140/Apple][3 pkts/162 bytes] - 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 140/Apple][3 pkts/162 bytes] - 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 140/Apple][3 pkts/162 bytes] - 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 140/Apple][3 pkts/198 bytes] - 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 145/AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com] - 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 140/Apple][17 pkts/1998 bytes] + 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com] + 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] + 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com] + 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] 55 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 2cb7d8ff2..d109353a3 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -7,8 +7,8 @@ Spotify 1 86 1 1 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes] 2 UDP fe80::189c:c31b:1298:224:5353 <-> ff02::fb:5353 [proto: 8/MDNS][1 pkts/111 bytes] - 3 UDP 192.168.2.1:53 <-> 192.168.2.4:61697 [proto: 142/WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net] - 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 140/Apple][44 pkts/21371 bytes] + 3 UDP 192.168.2.1:53 <-> 192.168.2.4:61697 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net] + 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][44 pkts/21371 bytes] 5 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes] 6 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][30 pkts/2963 bytes] 7 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes] |