diff options
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 33 | ||||
| -rw-r--r-- | tests/result/ethereum.pcap.out | 8 | ||||
| -rwxr-xr-x | utils/toripaddr2list.py | 20 |
3 files changed, 49 insertions, 12 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 9f960277b..aa5debe1d 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1155,8 +1155,39 @@ static ndpi_network host_protocol_list[] = { { 0xAE597B3E /* 174.89.123.62/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, /* + Ethereum + curl -s https://raw.githubusercontent.com/ethereum/go-ethereum/master/params/bootnodes.go | grep -v '^/' | grep ':' | cut -d '@' -f 2 | cut -d ':' -f 1 + */ + { 0x128A6C43 /* 18.138.108.67/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x03D12D4F /* 3.209.45.79/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x22FF1771 /* 34.255.23.113/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x239EF497 /* 35.158.244.151/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x34BBCF1B /* 52.187.207.27/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0xBFEAA2C6 /* 191.234.162.198/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x34E7A56C /* 52.231.165.108/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x682AD919 /* 104.42.217.25/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x050153E2 /* 5.1.83.226/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x34B0070A /* 52.176.7.10/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x34B0644D /* 52.176.100.77/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x34E8F398 /* 52.232.243.152/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0xC051D0DF /* 192.81.208.223/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x34A92A65 /* 52.169.42.101/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x34039EB8 /* 52.3.158.184/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x9F591CD3 /* 159.89.28.211/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x338D4E35 /* 51.141.78.53/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x0D5D3689 /* 13.93.54.137/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x5EED3672 /* 94.237.54.114/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x34409B93 /* 52.64.155.147/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0xD5BA1052 /* 213.186.16.82/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x343888C8 /* 52.56.136.200/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x23B1E2A8 /* 35.177.226.168/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x287603DF /* 40.118.3.223/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x287603DF /* 40.118.3.223/32 */, 32, NDPI_PROTOCOL_MINING }, + { 0x287603DF /* 40.118.3.223/32 */, 32, NDPI_PROTOCOL_MINING }, + + /* Tor - http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv + https://torstatus.rueckgr.at/ip_list_all.php/Tor_ip_list_ALL.csv From 09.09.2019 Use utils/toripaddr2list.py to convert them diff --git a/tests/result/ethereum.pcap.out b/tests/result/ethereum.pcap.out index 6006cc1b6..4ce2876d8 100644 --- a/tests/result/ethereum.pcap.out +++ b/tests/result/ethereum.pcap.out @@ -1,5 +1,5 @@ -Mining 1856 200635 68 -Amazon 144 15476 6 +Mining 1939 208480 70 +Amazon 61 7631 4 1 TCP 192.168.1.184:56626 <-> 178.128.195.220:30303 [proto: 42/Mining][cat: Mining/99][32 pkts/3294 bytes <-> 37 pkts/3156 bytes][Goodput ratio: 35.5/21.4][0.16 sec][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1.7/3.6 42/62 8.1/14.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102.9/85.3 612/470 104.7/69.4] 2 TCP 192.168.1.184:56638 <-> 209.250.240.205:30303 [proto: 42/Mining][cat: Mining/99][34 pkts/3347 bytes <-> 28 pkts/2774 bytes][Goodput ratio: 34.4/32.2][0.15 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.1/2.9 43/41 12.3/10.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98.4/99.1 481/560 78.6/94.8] @@ -19,11 +19,11 @@ Amazon 144 15476 6 16 TCP 192.168.1.184:56620 <-> 191.234.162.198:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2150 bytes <-> 21 pkts/1845 bytes][Goodput ratio: 35.0/28.3][0.70 sec][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26.9/36.8 263/221 76.2/82.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102.4/87.9 578/525 109.7/98.2] 17 TCP 192.168.1.184:56611 <-> 104.42.217.25:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2128 bytes <-> 21 pkts/1859 bytes][Goodput ratio: 34.3/28.5][0.57 sec][bytes ratio: 0.067 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.1/33.7 201/202 62.2/75.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101.3/88.5 556/533 105.1/99.8] 18 TCP 192.168.1.184:56623 <-> 18.138.81.28:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2109 bytes <-> 22 pkts/1874 bytes][Goodput ratio: 33.7/25.9][0.83 sec][bytes ratio: 0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 31.7/43.5 308/260 89.4/96.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 100.4/85.2 537/488 101.2/88.4] - 19 TCP 192.168.1.184:56615 <-> 35.158.244.151:30303 [proto: 42.178/Mining.Amazon][cat: Mining/99][21 pkts/2133 bytes <-> 21 pkts/1834 bytes][Goodput ratio: 34.4/27.9][0.14 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.9/10.5 62/63 16.6/23.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101.6/87.3 561/514 106.2/95.9] + 19 TCP 192.168.1.184:56615 <-> 35.158.244.151:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2133 bytes <-> 21 pkts/1834 bytes][Goodput ratio: 34.4/27.9][0.14 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.9/10.5 62/63 16.6/23.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 101.6/87.3 561/514 106.2/95.9] 20 TCP 192.168.1.184:56618 <-> 52.231.165.108:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2088 bytes <-> 21 pkts/1845 bytes][Goodput ratio: 33.0/28.0][0.70 sec][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26.8/37.0 261/222 76.0/82.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 99.4/87.9 516/519 96.9/96.9][PLAIN TEXT (XMOZOS)] 21 TCP 192.168.1.184:56628 <-> 3.209.45.79:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2033 bytes <-> 21 pkts/1862 bytes][Goodput ratio: 31.2/28.7][0.41 sec][bytes ratio: 0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 16.6/27.3 163/164 46.9/61.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 96.8/88.7 461/536 85.7/100.5] 22 TCP 192.168.1.184:56632 <-> 51.38.81.180:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2117 bytes <-> 20 pkts/1765 bytes][Goodput ratio: 33.9/28.5][0.22 sec][bytes ratio: 0.091 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8.2/13.2 78/78 23.0/29.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 100.8/88.2 545/505 102.9/96.1] - 23 TCP 192.168.1.184:56627 <-> 34.255.23.113:30303 [proto: 42.178/Mining.Amazon][cat: Mining/99][21 pkts/2150 bytes <-> 20 pkts/1728 bytes][Goodput ratio: 35.0/27.0][0.20 sec][bytes ratio: 0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3.9/10.7 70/62 16.0/23.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102.4/86.4 578/468 109.7/88.1] + 23 TCP 192.168.1.184:56627 <-> 34.255.23.113:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2150 bytes <-> 20 pkts/1728 bytes][Goodput ratio: 35.0/27.0][0.20 sec][bytes ratio: 0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3.9/10.7 70/62 16.0/23.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 102.4/86.4 578/468 109.7/88.1] 24 TCP 192.168.1.184:56622 <-> 18.138.108.67:30303 [proto: 42/Mining][cat: Mining/99][21 pkts/2169 bytes <-> 21 pkts/1704 bytes][Goodput ratio: 35.5/22.4][0.81 sec][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.7/42.2 300/253 87.1/94.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 103.3/81.1 597/384 113.6/68.4] 25 TCP 192.168.1.184:56639 <-> 18.219.167.159:30303 [proto: 42/Mining][cat: Mining/99][20 pkts/2093 bytes <-> 19 pkts/1750 bytes][Goodput ratio: 36.3/31.6][0.38 sec][bytes ratio: 0.089 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 14.9/24.6 130/122 40.6/48.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 104.7/92.1 587/556 114.0/109.8] 26 UDP 192.168.1.184:30303 <-> 52.231.165.108:30303 [proto: 42/Mining][cat: Mining/99][2 pkts/426 bytes <-> 4 pkts/3132 bytes][Goodput ratio: 80.1/94.6][0.27 sec][bytes ratio: -0.761 (Download)][IAT c2s/s2c min/avg/max/stddev: 40/0 40.0/6.3 40/19 0.0/9.0][Pkt Len c2s/s2c min/avg/max/stddev: 213/467 213.0/783.0 213/1099 0.0/316.0] diff --git a/utils/toripaddr2list.py b/utils/toripaddr2list.py index 47c5412e5..0257e4098 100755 --- a/utils/toripaddr2list.py +++ b/utils/toripaddr2list.py @@ -9,12 +9,18 @@ if len (sys.argv) != 2 : with open(sys.argv[1]) as fp: for cnt, line in enumerate(fp): - x = line.rstrip().split("/") - ipaddr = x[0] - cidr = x[1] - - if(cidr == None): - cidr = "32" + line = line.rstrip() - print(" { 0x"+socket.inet_aton(ipaddr).hex().upper()+" /* "+ipaddr+"/"+cidr+" */, "+cidr+", NDPI_PROTOCOL_XYX },") + if(line != ""): + x = line.split("/") + + if(len(x) == 2): + ipaddr = x[0] + cidr = x[1] + else: + ipaddr = line + cidr = "32" + + if(ipaddr != ""): + print(" { 0x"+socket.inet_aton(ipaddr).hex().upper()+" /* "+ipaddr+"/"+cidr+" */, "+cidr+", NDPI_PROTOCOL_XYX },") |