diff options
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 7 | ||||
| -rw-r--r-- | tests/pcap/Viber_session.pcap | bin | 0 -> 498341 bytes | |||
| -rw-r--r-- | tests/result/Viber_session.pcap.out | 51 |
3 files changed, 57 insertions, 1 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index f2ea13a18..d0587eea9 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -148,12 +148,15 @@ static ndpi_network host_protocol_list[] = { 157.56.0.0/14, 157.60.0.0/16, 157.54.0.0/15 111.221.64.0 - 111.221.127.255 91.190.216.0/21 (AS198015 Skype Communications Sarl) + 40.126.129.109/32 */ { 0x9D380000 /* 157.56.0.0 */, 14, NDPI_PROTOCOL_SKYPE }, { 0x9D3C0000 /* 157.60.0.0 */, 16, NDPI_PROTOCOL_SKYPE }, { 0x9D360000 /* 157.54.0.0 */, 15, NDPI_PROTOCOL_SKYPE }, { 0x6FDD4000 /* 111.221.64.0 */, 18, NDPI_PROTOCOL_SKYPE }, { 0x5BBED800 /* 91.190.216.0 */, 21, NDPI_PROTOCOL_SKYPE }, + { 0x287F816D /* 40.126.129.109 */, 32, NDPI_PROTOCOL_SKYPE }, + /* route: 5.42.160.0/19 @@ -202,7 +205,7 @@ static ndpi_network host_protocol_list[] = { /* The Skype list below looks outdated and it is temporarely commented and probably harvested in future releases - */ + */ #if 0 /* Skype */ { 0x17600000, 14, NDPI_PROTOCOL_SKYPE }, @@ -7445,6 +7448,8 @@ ndpi_protocol_match host_match[] = { { ".skypeassets.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypedata.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeecs-", /* no final . */ "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeforbusiness.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".lync.com", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_ACCEPTABLE }, { ".tuenti.com", "Tuenti", NDPI_SERVICE_TUENTI, NDPI_PROTOCOL_ACCEPTABLE }, { ".twttr.com", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_ACCEPTABLE }, { "twitter.", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/tests/pcap/Viber_session.pcap b/tests/pcap/Viber_session.pcap Binary files differnew file mode 100644 index 000000000..f4bafa8e3 --- /dev/null +++ b/tests/pcap/Viber_session.pcap diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out new file mode 100644 index 000000000..89bdd3a92 --- /dev/null +++ b/tests/result/Viber_session.pcap.out @@ -0,0 +1,51 @@ +Unknown 163 9995 7 +HTTP 14 862 8 +SSL_No_Cert 34 4141 1 +ICMP 2 196 1 +SSL 109 11647 10 +DropBox 1 97 1 +GMail 21 1891 1 +Google 50 4084 5 +Viber 4163 392492 4 + + 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 126/Google][10 pkts/757 bytes] + 2 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][9 pkts/692 bytes] + 3 TCP 93.184.221.200:80 <-> 192.168.200.222:60828 [proto: 7/HTTP][1 pkts/60 bytes] + 4 TCP 158.85.58.23:443 <-> 192.168.200.222:44058 [proto: 91/SSL][5 pkts/412 bytes] + 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] + 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91/SSL][23 pkts/3345 bytes] + 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 8 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7/HTTP][1 pkts/66 bytes] + 9 TCP 54.169.63.186:443 <-> 192.168.200.222:39339 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 10 TCP 93.184.221.200:80 <-> 192.168.200.222:33161 [proto: 7/HTTP][1 pkts/60 bytes] + 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91/SSL][6 pkts/599 bytes] + 12 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][1 pkts/60 bytes] + 13 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] + 14 TCP 112.124.219.93:80 <-> 192.168.200.222:46761 [proto: 7/HTTP][7 pkts/436 bytes] + 15 TCP 93.184.221.200:80 <-> 192.168.200.222:52977 [proto: 7/HTTP][1 pkts/60 bytes] + 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] + 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] + 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 20 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][5 pkts/424 bytes] + 21 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] + 22 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][15 pkts/1484 bytes][SSL client: e.crashlytics.com] + 23 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][12 pkts/1161 bytes] + 24 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][SSL client: mail.google.com] + 25 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][1 pkts/60 bytes] + 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] + 27 UDP 54.169.63.186:7987 <-> 192.168.200.222:48564 [proto: 144/Viber][2 pkts/138 bytes] + 28 UDP 54.169.63.186:7985 <-> 192.168.200.222:48564 [proto: 144/Viber][4143 pkts/390781 bytes] + 29 TCP 93.184.221.200:80 <-> 192.168.200.222:50854 [proto: 7/HTTP][1 pkts/60 bytes] + 30 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.DropBox][1 pkts/97 bytes] + 31 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][16 pkts/1419 bytes][SSL client: settings.crashlytics.com] + + +Undetected flows: + 1 TCP 113.31.80.142:7003 <-> 192.168.200.222:55554 [proto: 0/Unknown][6 pkts/446 bytes] + 2 UDP 175.157.52.135:37299 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 175.157.52.135:37301 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 113.31.80.142:7003 <-> 192.168.200.222:55565 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 10.216.246.82:59027 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 175.157.52.135:37300 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 175.157.52.135:37302 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] |