diff options
49 files changed, 943 insertions, 91 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 107ee7ee8..3a7d44aa8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,7 +67,7 @@ jobs: git diff-index --quiet HEAD -- || true test: - name: ${{ matrix.os }} ${{ matrix.arch }} ${{ matrix.gcrypt }} ${{ matrix.compiler }} ${{ matrix.pcre }} ${{ matrix.maxminddb }} ${{ matrix.msan }} ${{ matrix.nBPF }} ${{matrix.lto_gold_linker}} + name: ${{ matrix.os }} ${{ matrix.arch }} ${{ matrix.gcrypt }} ${{ matrix.compiler }} ${{ matrix.pcre }} ${{ matrix.maxminddb }} ${{ matrix.msan }} ${{ matrix.nBPF }} ${{matrix.lto_gold_linker}} ${{matrix.global_context}} runs-on: ${{ matrix.os }} env: CC: ${{ matrix.compiler }} @@ -88,6 +88,7 @@ jobs: msan: [""] nBPF: [""] lto_gold_linker: [""] + global_context: [""] #Enable by default include: - compiler: "gcc-4.9" # "Oldest" gcc easily available. To simulate RHEL7 os: ubuntu-20.04 @@ -141,6 +142,15 @@ jobs: maxminddb: "--with-maxminddb" msan: "--with-sanitizer" nBPF: "nBPF" + - compiler: "cc" + os: ubuntu-latest + arch: "x86_64" + gcrypt: "" + pcre: "--with-pcre2" + maxminddb: "--with-maxminddb" + msan: "--with-sanitizer" + nBPF: "" + global_context: "--disable-global-context-support" - compiler: "clang-17" os: ubuntu-22.04 arch: "x86_64" diff --git a/Makefile.am b/Makefile.am index eea950d78..d17cdcead 100644 --- a/Makefile.am +++ b/Makefile.am @@ -15,6 +15,7 @@ EXTRA_DIST = README.md README.fuzzer.md CHANGELOG.md CONTRIBUTING.md \ doc/requirements.txt doc/conf.py doc/flow_risks.rst doc/protocols.rst doc/guide/nDPI_QuickStartGuide.pages \ doc/guide/nDPI_QuickStartGuide.pdf doc/img/logo.png doc/index.rst \ doc/Makefile doc/what_is_ndpi.rst doc/FAQ.md doc/configuration_parameters.md \ + doc/library_initialization.md \ python/DEV_GUIDE.md python/dev_requirements.txt python/ndpi_example.py python/ndpi/__init__.py \ python/ndpi/ndpi_build.py python/ndpi/ndpi.py python/README.md \ python/requirements.txt python/setup.py python/tests.py \ diff --git a/configure.ac b/configure.ac index 2c80140cb..784698f94 100644 --- a/configure.ac +++ b/configure.ac @@ -29,6 +29,7 @@ AC_ARG_ENABLE(npcap, AS_HELP_STRING([--disable-npcap], [msys2 only: Disable link AC_ARG_WITH(nbpf-path, AS_HELP_STRING([--with-nbpf-path], [nBPF library custom path; default: ${PWD}/../PF_RING/userland/nbpf]),[NBPF_HOME=$withval],[NBPF_HOME=${PWD}/../PF_RING/userland/nbpf]) AC_ARG_WITH(lto-and-gold-linker, AS_HELP_STRING([--with-lto-and-gold-linker], [Build with LTO and Gold linker])) AC_ARG_ENABLE(debug-build, AS_HELP_STRING([--enable-debug-build], [Enable debug build (`-g` flag)]),[enable_debugbuild=$enableval],[enable_debugbuild=no]) +AC_ARG_ENABLE(global-context-support, AS_HELP_STRING([--disable-global-context-support], [Disable support for global context. No external dependency on libpthread])) NDPI_CFLAGS="${NDPI_CFLAGS} -D_DEFAULT_SOURCE=1 -D_GNU_SOURCE=1" @@ -209,6 +210,13 @@ if test "x$ac_cv_lib_rrd_rrd_fetch_r" = xyes; then : EXTRA_TARGETS="$EXTRA_TARGETS rrdtool" fi +GLOBAL_CONTEXT_ENABLED=0 +AS_IF([test "x$enable_global_context_support" != "xno"], [ + AC_CHECK_LIB([pthread], [pthread_mutex_init]) + AC_DEFINE_UNQUOTED(USE_GLOBAL_CONTEXT, 1, [Use gloabl context feature. Depend on libpthread]) + GLOBAL_CONTEXT_ENABLED=1 +]) + ADDITIONAL_INCS= ADDITIONAL_LIBS="$LIBM" PCAP_HOME=$HOME/PF_RING/userland @@ -428,6 +436,7 @@ AC_SUBST(GPROF_ENABLED) AC_SUBST(USE_HOST_LIBGCRYPT) AC_SUBST(PCRE2_ENABLED) AC_SUBST(NBPF_ENABLED) +AC_SUBST(GLOBAL_CONTEXT_ENABLED) AC_SUBST(HANDLE_TLS_SIGS) AC_SUBST(DISABLE_NPCAP) AC_SUBST(EXE_SUFFIX) diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index 7c8e78ac2..5b7ca257e 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -20,6 +20,7 @@ TODO | NULL | "log.level" | 0 | 0 | 3 | Configure the log/debug level. Possible values: 0 = error, 1 = trace, 2 = debug, 3 = extra debug | | NULL | "lru.$CACHE_NAME.size" | See description | 0 | 16777215 | Set the size (in number of elements) of the specified LRU cache (0 = the cache is disabled). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "32768" for the bittorrent cache, "512" for the zoom cache and "1024" for all the other caches | | NULL | "lru.$CACHE_NAME.ttl" | See description | 0 | 16777215 | Set the TTL (in seconds) for the elements of the specified LRU cache (0 = the elements never explicitly expire). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "120" for the ookla cache, "60" for the msteams and stun_zoom caches and "0" for all the other caches | +| NULL | "lru.$CACHE_NAME.scope" | 0 | 0 | 1 | Set the scope of the specified LRU cache (0 = the cache is local, 1 = the cache is global). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The global scope con be set only if a global context has been initialized | | "tls" | "certificate_expiration_threshold" | 30 | 0 | 365 | The threshold (in days) used to trigger the `NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE` flow risk | | "tls" | "application_blocks_tracking" | disable | NULL | NULL | Enable/disable processing of TLS Application Blocks (post handshake) to extract statistical information about the flow | | "tls" | "metadata.sha1_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of SHA1 fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_SHA1_CERTIFICATE` is not checked | diff --git a/doc/library_initialization.md b/doc/library_initialization.md new file mode 100644 index 000000000..f70051aa9 --- /dev/null +++ b/doc/library_initialization.md @@ -0,0 +1,84 @@ + + + +A simple, common example + +``` + +struct ndpi_detection_module_struct *ndpi_struct; +ndpi_cfg_error rc; +int ret; + +ndpi_struct = ndpi_init_detection_module(NULL); +if(!ndpi_struct) { + ERROR; +} + +/* Configuration */ + +rc = ndpi_set_config(ndpi_struct, "tls", "certificate_expiration_threshold", "10"); +if(rc != NDPI_CFG_OK) { + ERROR; +} + +/* Finalization */ +ret = ndpi_finalize_initialization(ndpi_struct); +if(ret != 0) { + ERROR; +} + + +/* Initialization done, now you can feed packets to the library */ + + + +/* Cleanup */ + +ndpi_exit_detection_module(ndpi_struct); + + +``` + +A more complex example, with global context and a shared Oookla LRU cache (all the others caches are local) + +``` + +struct ndpi_global_context *g_ctx; +struct ndpi_detection_module_struct *ndpi_structs[num_local_contexts]; +ndpi_cfg_error rc; +int i, ret; + +g_ctx = ndpi_global_init(); +if(!g_ctx) { + ERROR; +} + +for(i = 0; i < num_local_contexts; i++) { + ndpi_structs[i] = ndpi_init_detection_module(g_ctx); + if(!ndpi_struct[i]) { + ERROR; + } + + rc = ndpi_set_config(ndpi_structs[i], NULL, "lru.ookla.scope", "1"); + if(rc != NDPI_CFG_OK) { + ERROR; + } + + ret = ndpi_finalize_initialization(ndpi_structs[i]); + if(ret != 0) { + ERROR; + } +} + +/* Initialization done */ + +/* Cleanup */ + +for(i = 0; i < num_local_contexts; i++) { + ndpi_exit_detection_module(ndpi_structs[i]); +} + +ndpi_global_deinit(g_ctx); + + +``` diff --git a/example/ndpiReader.c b/example/ndpiReader.c index d4ff82b95..6cce7b48f 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -367,7 +367,7 @@ void ndpiCheckHostStringMatch(char *testChar) { if(!testChar) return; - ndpi_str = ndpi_init_detection_module(); + ndpi_str = ndpi_init_detection_module(NULL); ndpi_finalize_initialization(ndpi_str); testRes = ndpi_match_string_subprotocol(ndpi_str, @@ -412,7 +412,7 @@ static void ndpiCheckIPMatch(char *testChar) { if(!testChar) return; - ndpi_str = ndpi_init_detection_module(); + ndpi_str = ndpi_init_detection_module(NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); @@ -476,7 +476,8 @@ static double ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], /** * @brief Set main components necessary to the detection */ -static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle); +static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle, + struct ndpi_global_context *g_ctx); /** * @brief Get flow byte distribution mean and variance @@ -646,7 +647,7 @@ static void help(u_int long_help) { max_num_reported_top_payloads, max_num_tcp_dissected_pkts, max_num_udp_dissected_pkts); NDPI_PROTOCOL_BITMASK all; - struct ndpi_detection_module_struct *ndpi_info_mod = ndpi_init_detection_module(); + struct ndpi_detection_module_struct *ndpi_info_mod = ndpi_init_detection_module(NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_info_mod, &all); @@ -810,7 +811,7 @@ void extcap_config() { ndpi_proto_defaults_t *proto_defaults; #endif - struct ndpi_detection_module_struct *ndpi_info_mod = ndpi_init_detection_module(); + struct ndpi_detection_module_struct *ndpi_info_mod = ndpi_init_detection_module(NULL); #if 0 ndpi_num_supported_protocols = ndpi_get_ndpi_num_supported_protocols(ndpi_info_mod); proto_defaults = ndpi_get_proto_defaults(ndpi_info_mod); @@ -1339,7 +1340,7 @@ static void parseOptions(int argc, char **argv) { case '9': { - struct ndpi_detection_module_struct *ndpi_info_mod = ndpi_init_detection_module(); + struct ndpi_detection_module_struct *ndpi_info_mod = ndpi_init_detection_module(NULL); extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg); if(extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); ndpi_exit_detection_module(ndpi_info_mod); @@ -2798,7 +2799,8 @@ static void on_protocol_discovered(struct ndpi_workflow * workflow, /** * @brief Setup for detection begin */ -static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { +static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle, + struct ndpi_global_context *g_ctx) { NDPI_PROTOCOL_BITMASK enabled_bitmask; struct ndpi_workflow_prefs prefs; int i, ret; @@ -2813,7 +2815,8 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { memset(&ndpi_thread_info[thread_id], 0, sizeof(ndpi_thread_info[thread_id])); ndpi_thread_info[thread_id].workflow = ndpi_workflow_init(&prefs, pcap_handle, 1, - serialization_format); + serialization_format, + g_ctx); /* Protocols to enable/disable. Default: everything is enabled */ NDPI_BITMASK_SET_ALL(enabled_bitmask); @@ -2854,6 +2857,8 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { } } + ndpi_thread_info[thread_id].workflow->g_ctx = g_ctx; + ndpi_workflow_set_flow_callback(ndpi_thread_info[thread_id].workflow, on_protocol_discovered, NULL); @@ -2867,7 +2872,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { for(i = 0; i < num_cfgs; i++) { rc = ndpi_set_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, - cfgs[i].proto, cfgs[i].param, cfgs[i].value); + cfgs[i].proto, cfgs[i].param, cfgs[i].value); if (rc != NDPI_CFG_OK) fprintf(stderr, "Error setting config [%s][%s][%s]: %d\n", cfgs[i].proto, cfgs[i].param, cfgs[i].value, rc); @@ -3841,10 +3846,21 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us /* LRU caches */ for(i = 0; i < NDPI_LRUCACHE_MAX; i++) { struct ndpi_lru_cache_stats s; - ndpi_get_lru_cache_stats(ndpi_thread_info[thread_id].workflow->ndpi_struct, i, &s); - cumulative_stats.lru_stats[i].n_insert += s.n_insert; - cumulative_stats.lru_stats[i].n_search += s.n_search; - cumulative_stats.lru_stats[i].n_found += s.n_found; + int scope; + char param[64]; + + snprintf(param, sizeof(param), "lru.%s.scope", ndpi_lru_cache_idx_to_name(i)); + if(ndpi_get_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, NULL, param, buf, sizeof(buf)) != NULL) { + scope = atoi(buf); + if(scope == NDPI_LRUCACHE_SCOPE_LOCAL || + (scope == NDPI_LRUCACHE_SCOPE_GLOBAL && thread_id == 0)) { + ndpi_get_lru_cache_stats(ndpi_thread_info[thread_id].workflow->g_ctx, + ndpi_thread_info[thread_id].workflow->ndpi_struct, i, &s); + cumulative_stats.lru_stats[i].n_insert += s.n_insert; + cumulative_stats.lru_stats[i].n_search += s.n_search; + cumulative_stats.lru_stats[i].n_found += s.n_found; + } + } } /* Automas */ @@ -4152,7 +4168,7 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us (long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_PROTOCOLS6].n_found); if(enable_malloc_bins) - fprintf(results_file, "Data-path malloc histogram: %s\n", ndpi_print_bin(&malloc_bins, 0, buf, sizeof(buf))); + fprintf(results_file, "Data-path malloc histogram: %s\n", ndpi_print_bin(&malloc_bins, 0, buf, sizeof(buf))); } fprintf(results_file, "\n"); @@ -4649,6 +4665,7 @@ void * processing_thread(void *_thread_id) { return NULL; } +/* ***************************************************** */ /** * @brief Begin, process, end detection process @@ -4660,10 +4677,23 @@ void test_lib() { #else long thread_id; #endif + struct ndpi_global_context *g_ctx; set_ndpi_malloc(ndpi_malloc_wrapper), set_ndpi_free(free_wrapper); set_ndpi_flow_malloc(NULL), set_ndpi_flow_free(NULL); +#ifndef USE_GLOBAL_CONTEXT + /* ndpiReader works even if libnDPI has been compiled without global context support, + but you can't configure any cache with global scope */ + g_ctx = NULL; +#else + g_ctx = ndpi_global_init(); + if(!g_ctx) { + fprintf(stderr, "Error ndpi_global_init\n"); + exit(-1); + } +#endif + #ifdef DEBUG_TRACE if(trace) fprintf(trace, "Num threads: %d\n", num_threads); #endif @@ -4676,7 +4706,7 @@ void test_lib() { #endif cap = openPcapFileOrDevice(thread_id, (const u_char*)_pcap_file[thread_id]); - setupDetection(thread_id, cap); + setupDetection(thread_id, cap, g_ctx); } gettimeofday(&begin, NULL); @@ -4736,6 +4766,8 @@ void test_lib() { terminateDetection(thread_id); } + + ndpi_global_deinit(g_ctx); } /* *********************************************** */ @@ -4853,7 +4885,7 @@ static void dgaUnitTest() { }; int debug = 0, i; NDPI_PROTOCOL_BITMASK all; - struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(); + struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(NULL); assert(ndpi_str != NULL); @@ -5696,7 +5728,7 @@ void outlierUnitTest() { void domainsUnitTest() { NDPI_PROTOCOL_BITMASK all; - struct ndpi_detection_module_struct *ndpi_info_mod = ndpi_init_detection_module(); + struct ndpi_detection_module_struct *ndpi_info_mod = ndpi_init_detection_module(NULL); const char *lists_path = "../lists/public_suffix_list.dat"; struct stat st; diff --git a/example/ndpiSimpleIntegration.c b/example/ndpiSimpleIntegration.c index edc37090c..4517edbdf 100644 --- a/example/ndpiSimpleIntegration.c +++ b/example/ndpiSimpleIntegration.c @@ -188,7 +188,7 @@ static struct nDPI_workflow * init_workflow(char const * const file_or_device) printf("pcap_setfilter error: '%s'\n", pcap_geterr(workflow->pcap_handle)); } - workflow->ndpi_struct = ndpi_init_detection_module(); + workflow->ndpi_struct = ndpi_init_detection_module(NULL); if (workflow->ndpi_struct == NULL) { free_workflow(&workflow); return NULL; diff --git a/example/reader_util.c b/example/reader_util.c index e666e4690..bdf723e61 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -367,7 +367,7 @@ int parse_proto_name_list(char *str, NDPI_PROTOCOL_BITMASK *bitmask, int inverte else op = 0; /* Default action: remove from the bitmask */ /* Use a temporary module with all protocols enabled */ - module = ndpi_init_detection_module(); + module = ndpi_init_detection_module(NULL); if(!module) return 1; NDPI_BITMASK_SET_ALL(all); @@ -408,11 +408,12 @@ int parse_proto_name_list(char *str, NDPI_PROTOCOL_BITMASK *bitmask, int inverte struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle, int do_init_flows_root, - ndpi_serialization_format serialization_format) { + ndpi_serialization_format serialization_format, + struct ndpi_global_context *g_ctx) { struct ndpi_detection_module_struct * module; struct ndpi_workflow * workflow; - module = ndpi_init_detection_module(); + module = ndpi_init_detection_module(g_ctx); if(module == NULL) { LOG(NDPI_LOG_ERROR, "global structure initialization failed\n"); diff --git a/example/reader_util.h b/example/reader_util.h index 4623be378..408a14ec4 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -383,6 +383,7 @@ typedef struct ndpi_workflow { /* allocated by prefs */ void **ndpi_flows_root; struct ndpi_detection_module_struct *ndpi_struct; + struct ndpi_global_context *g_ctx; u_int32_t num_allocated_flows; /* CSV,TLV,JSON serialization interface */ @@ -391,7 +392,7 @@ typedef struct ndpi_workflow { /* TODO: remove wrappers parameters and use ndpi global, when their initialization will be fixed... */ -struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle, int do_init_flows_root, ndpi_serialization_format serialization_format); +struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle, int do_init_flows_root, ndpi_serialization_format serialization_format, struct ndpi_global_context *g_ctx); /* workflow main free function */ diff --git a/fuzz/fuzz_common_code.c b/fuzz/fuzz_common_code.c index f0f75514e..08147d635 100644 --- a/fuzz/fuzz_common_code.c +++ b/fuzz/fuzz_common_code.c @@ -34,12 +34,13 @@ void fuzz_set_alloc_callbacks_and_seed(int seed) fuzz_set_alloc_seed(seed); } -void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_mod) +void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_mod, + struct ndpi_global_context *g_ctx) { NDPI_PROTOCOL_BITMASK all; if(*ndpi_info_mod == NULL) { - *ndpi_info_mod = ndpi_init_detection_module(); + *ndpi_info_mod = ndpi_init_detection_module(g_ctx); ndpi_set_config_u64(*ndpi_info_mod, NULL, "log.level", 3); ndpi_set_config(*ndpi_info_mod, "all", "log", "enable"); diff --git a/fuzz/fuzz_common_code.h b/fuzz/fuzz_common_code.h index c5e4fb9c9..e2a158664 100644 --- a/fuzz/fuzz_common_code.h +++ b/fuzz/fuzz_common_code.h @@ -8,7 +8,8 @@ extern "C" { #endif -void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_mod); +void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_mod, + struct ndpi_global_context *g_ctx); /* To allow memory allocation failures */ void fuzz_set_alloc_callbacks(void); diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 6f8ea2b9f..daf2b561c 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -27,6 +27,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { struct ndpi_flow_input_info input_info; ndpi_proto p, p2; char out[128]; + struct ndpi_global_context *g_ctx; char log_ts[32]; int value; char cfg_value[32]; @@ -37,7 +38,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_info_mod = ndpi_init_detection_module(); + if(fuzzed_data.ConsumeBool()) + g_ctx = ndpi_global_init(); + else + g_ctx = NULL; + + ndpi_info_mod = ndpi_init_detection_module(g_ctx); set_ndpi_debug_function(ndpi_info_mod, NULL); @@ -271,6 +277,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_info_mod, NULL, "lru.ookla.ttl", cfg_value); } if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "lru.ookla.scope", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 / 2); /* max / 2 instead of max + 1 to avoid oom on oss-fuzzer */ sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "lru.bittorrent.size", cfg_value); @@ -281,6 +292,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_info_mod, NULL, "lru.bittorrent.ttl", cfg_value); } if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "lru.bittorrent.scope", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 / 2); /* max / 2 instead of max + 1 to avoid oom on oss-fuzzer */ sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "lru.zoom.size", cfg_value); @@ -291,6 +307,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_info_mod, NULL, "lru.zoom.ttl", cfg_value); } if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "lru.zoom.scope", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 / 2); /* max / 2 instead of max + 1 to avoid oom on oss-fuzzer */ sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "lru.stun.size", cfg_value); @@ -301,6 +322,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_info_mod, NULL, "lru.stun.ttl", cfg_value); } if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "lru.stun.scope", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 / 2); /* max / 2 instead of max + 1 to avoid oom on oss-fuzzer */ sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "lru.tls_cert.size", cfg_value); @@ -311,6 +337,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_info_mod, NULL, "lru.tls_cert.ttl", cfg_value); } if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "lru.tls_cert.scope", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 / 2); /* max / 2 instead of max + 1 to avoid oom on oss-fuzzer */ sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "lru.mining.size", cfg_value); @@ -321,6 +352,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_info_mod, NULL, "lru.mining.ttl", cfg_value); } if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "lru.mining.scope", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 / 2); /* max / 2 instead of max + 1 to avoid oom on oss-fuzzer */ sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "lru.msteams.size", cfg_value); @@ -331,6 +367,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_info_mod, NULL, "lru.msteams.ttl", cfg_value); } if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "lru.msteams.scope", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 / 2); /* max / 2 instead of max + 1 to avoid oom on oss-fuzzer */ sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "lru.stun_zoom.size", cfg_value); @@ -340,6 +381,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "lru.stun_zoom.ttl", cfg_value); } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "lru.stun_zoom.scope", cfg_value); + } /* Configure one cache via index */ if(fuzzed_data.ConsumeBool()) { idx = fuzzed_data.ConsumeIntegralInRange(0, static_cast<int>(NDPI_LRUCACHE_MAX)); @@ -347,10 +393,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if(name) { value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 / 2); /* max / 2 instead of max + 1 to avoid oom on oss-fuzzer */ sprintf(cfg_param, "lru.%s.size", name); + sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, cfg_param, cfg_value); ndpi_get_config(ndpi_info_mod, NULL, cfg_param, cfg_value, sizeof(cfg_value)); value = fuzzed_data.ConsumeIntegralInRange(0, 16777215 + 1); sprintf(cfg_param, "lru.%s.ttl", name); + sprintf(cfg_value, "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, cfg_param, cfg_value); + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_param, "lru.%s.scope", name); + sprintf(cfg_value, "%d", value); ndpi_set_config(ndpi_info_mod, NULL, cfg_param, cfg_value); ndpi_get_config(ndpi_info_mod, NULL, cfg_param, cfg_value, sizeof(cfg_value)); } @@ -500,7 +552,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Get some final stats */ for(i = 0; i < NDPI_LRUCACHE_MAX + 1; i++) /* + 1 to test invalid type */ - ndpi_get_lru_cache_stats(ndpi_info_mod, static_cast<lru_cache_type>(i), &lru_stats); + ndpi_get_lru_cache_stats(g_ctx, ndpi_info_mod, static_cast<lru_cache_type>(i), &lru_stats); for(i = 0; i < NDPI_PTREE_MAX + 1; i++) /* + 1 to test invalid type */ ndpi_get_patricia_stats(ndpi_info_mod, static_cast<ptree_type>(i), &patricia_stats); for(i = 0; i < NDPI_AUTOMA_MAX + 1; i++) /* + 1 to test invalid type */ @@ -523,5 +575,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_exit_detection_module(ndpi_info_mod); + ndpi_global_deinit(g_ctx); + return 0; } diff --git a/fuzz/fuzz_dga.c b/fuzz/fuzz_dga.c index 3b09550ff..2635e64f5 100644 --- a/fuzz/fuzz_dga.c +++ b/fuzz/fuzz_dga.c @@ -13,7 +13,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { char *name; if (ndpi_struct == NULL) { - fuzz_init_detection_module(&ndpi_struct); + fuzz_init_detection_module(&ndpi_struct, NULL); ndpi_flow = ndpi_calloc(1, sizeof(struct ndpi_flow_struct)); } diff --git a/fuzz/fuzz_filecfg_categories.c b/fuzz/fuzz_filecfg_categories.c index 00e922c2f..9e24b6c03 100644 --- a/fuzz/fuzz_filecfg_categories.c +++ b/fuzz/fuzz_filecfg_categories.c @@ -10,7 +10,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_struct = ndpi_init_detection_module(); + ndpi_struct = ndpi_init_detection_module(NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); diff --git a/fuzz/fuzz_filecfg_category.c b/fuzz/fuzz_filecfg_category.c index 757ada01f..3e6de6edd 100644 --- a/fuzz/fuzz_filecfg_category.c +++ b/fuzz/fuzz_filecfg_category.c @@ -10,7 +10,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_struct = ndpi_init_detection_module(); + ndpi_struct = ndpi_init_detection_module(NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); diff --git a/fuzz/fuzz_filecfg_config.c b/fuzz/fuzz_filecfg_config.c index 6a096d75e..f9af6a59e 100644 --- a/fuzz/fuzz_filecfg_config.c +++ b/fuzz/fuzz_filecfg_config.c @@ -10,7 +10,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_struct = ndpi_init_detection_module(); + ndpi_struct = ndpi_init_detection_module(NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); diff --git a/fuzz/fuzz_filecfg_malicious_ja3.c b/fuzz/fuzz_filecfg_malicious_ja3.c index 9c32fc227..3d7b4e70b 100644 --- a/fuzz/fuzz_filecfg_malicious_ja3.c +++ b/fuzz/fuzz_filecfg_malicious_ja3.c @@ -10,7 +10,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_struct = ndpi_init_detection_module(); + ndpi_struct = ndpi_init_detection_module(NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); diff --git a/fuzz/fuzz_filecfg_malicious_sha1.c b/fuzz/fuzz_filecfg_malicious_sha1.c index ef056f9c8..6685b5d6e 100644 --- a/fuzz/fuzz_filecfg_malicious_sha1.c +++ b/fuzz/fuzz_filecfg_malicious_sha1.c @@ -10,7 +10,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_struct = ndpi_init_detection_module(); + ndpi_struct = ndpi_init_detection_module(NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); diff --git a/fuzz/fuzz_filecfg_protocols.c b/fuzz/fuzz_filecfg_protocols.c index 9a5bba43c..b42cb6524 100644 --- a/fuzz/fuzz_filecfg_protocols.c +++ b/fuzz/fuzz_filecfg_protocols.c @@ -10,7 +10,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_struct = ndpi_init_detection_module(); + ndpi_struct = ndpi_init_detection_module(NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); diff --git a/fuzz/fuzz_filecfg_risk_domains.c b/fuzz/fuzz_filecfg_risk_domains.c index 4e482c783..bb3677c16 100644 --- a/fuzz/fuzz_filecfg_risk_domains.c +++ b/fuzz/fuzz_filecfg_risk_domains.c @@ -10,7 +10,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - ndpi_struct = ndpi_init_detection_module(); + ndpi_struct = ndpi_init_detection_module(NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); diff --git a/fuzz/fuzz_is_stun.c b/fuzz/fuzz_is_stun.c index dc1c98f07..76576f100 100644 --- a/fuzz/fuzz_is_stun.c +++ b/fuzz/fuzz_is_stun.c @@ -21,7 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { struct ndpi_packet_struct *packet; if (ndpi_struct == NULL) { - fuzz_init_detection_module(&ndpi_struct); + fuzz_init_detection_module(&ndpi_struct, NULL); } packet = &ndpi_struct->packet; diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c index 7b0268eed..9d53918e3 100644 --- a/fuzz/fuzz_ndpi_reader.c +++ b/fuzz/fuzz_ndpi_reader.c @@ -10,6 +10,7 @@ struct ndpi_workflow_prefs *prefs = NULL; struct ndpi_workflow *workflow = NULL; +struct ndpi_global_context *g_ctx; u_int8_t enable_payload_analyzer = 0; u_int8_t enable_flow_stats = 1; @@ -48,7 +49,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { fuzz_set_alloc_callbacks(); #endif - workflow = ndpi_workflow_init(prefs, NULL /* pcap handler will be set later */, 0, ndpi_serialization_format_json); + g_ctx = ndpi_global_init(); + + workflow = ndpi_workflow_init(prefs, NULL /* pcap handler will be set later */, 0, ndpi_serialization_format_json, g_ctx); ndpi_set_config(workflow->ndpi_struct, NULL, "log.level", "3"); ndpi_set_config(workflow->ndpi_struct, "all", "log", "1"); diff --git a/fuzz/fuzz_process_packet.c b/fuzz/fuzz_process_packet.c index 2098f4fd1..c570c3fd6 100644 --- a/fuzz/fuzz_process_packet.c +++ b/fuzz/fuzz_process_packet.c @@ -13,7 +13,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { uint8_t protocol_was_guessed; if (ndpi_info_mod == NULL) { - fuzz_init_detection_module(&ndpi_info_mod); + fuzz_init_detection_module(&ndpi_info_mod, NULL); ndpi_init_serializer(&json_serializer, ndpi_serialization_format_json); ndpi_init_serializer(&csv_serializer, ndpi_serialization_format_csv); diff --git a/fuzz/fuzz_quic_get_crypto_data.c b/fuzz/fuzz_quic_get_crypto_data.c index 86a2ec32f..16c95ab47 100644 --- a/fuzz/fuzz_quic_get_crypto_data.c +++ b/fuzz/fuzz_quic_get_crypto_data.c @@ -14,7 +14,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { u_int32_t first_int, version = 0; if(ndpi_info_mod == NULL) { - fuzz_init_detection_module(&ndpi_info_mod); + fuzz_init_detection_module(&ndpi_info_mod, NULL); flow = ndpi_calloc(1, SIZEOF_FLOW_STRUCT); } diff --git a/fuzz/fuzz_readerutils_workflow.cpp b/fuzz/fuzz_readerutils_workflow.cpp index a3aea2e11..9087a72c1 100644 --- a/fuzz/fuzz_readerutils_workflow.cpp +++ b/fuzz/fuzz_readerutils_workflow.cpp @@ -17,6 +17,7 @@ int malloc_size_stats = 0; extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fuzzed_data(data, size); ndpi_workflow *w; + struct ndpi_global_context *g_ctx; struct ndpi_workflow_prefs prefs; pcap_t *pcap_handle; ndpi_serialization_format serialization_format; @@ -82,7 +83,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { return 0; } - w = ndpi_workflow_init(&prefs, pcap_handle, 1, serialization_format); + g_ctx = ndpi_global_init(); + + w = ndpi_workflow_init(&prefs, pcap_handle, 1, serialization_format, g_ctx); if(w) { NDPI_BITMASK_SET_ALL(enabled_bitmask); rc = ndpi_set_protocol_detection_bitmask2(w->ndpi_struct, &enabled_bitmask); @@ -101,6 +104,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { } pcap_close(pcap_handle); + ndpi_global_deinit(g_ctx); + ndpi_free(_debug_protocols); return 0; diff --git a/fuzz/fuzz_tls_certificate.c b/fuzz/fuzz_tls_certificate.c index 0843a30fe..9f38dd52c 100644 --- a/fuzz/fuzz_tls_certificate.c +++ b/fuzz/fuzz_tls_certificate.c @@ -17,7 +17,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int is_ipv6; if (ndpi_struct == NULL) { - fuzz_init_detection_module(&ndpi_struct); + fuzz_init_detection_module(&ndpi_struct, NULL); ndpi_flow = ndpi_calloc(1, sizeof(struct ndpi_flow_struct)); } diff --git a/python/ndpi/ndpi.py b/python/ndpi/ndpi.py index 32d6ea595..3745af94d 100644 --- a/python/ndpi/ndpi.py +++ b/python/ndpi/ndpi.py @@ -32,7 +32,7 @@ class NDPI(object): "_detection_module") def __init__(self): - self._detection_module = lib.ndpi_init_detection_module() + self._detection_module = lib.ndpi_init_detection_module(ffi.NULL) if self._detection_module == ffi.NULL: raise MemoryError("Unable to instantiate NDPI object") lib.ndpi_py_setup_detection_module(self._detection_module) diff --git a/python/ndpi/ndpi_build.py b/python/ndpi/ndpi_build.py index a2af30716..07aac0de3 100644 --- a/python/ndpi/ndpi_build.py +++ b/python/ndpi/ndpi_build.py @@ -49,7 +49,7 @@ struct ndpi_flow_struct * ndpi_py_initialize_flow(void) { NDPI_APIS = """ u_int16_t ndpi_get_api_version(void); char* ndpi_revision(void); -struct ndpi_detection_module_struct *ndpi_init_detection_module(); +struct ndpi_detection_module_struct *ndpi_init_detection_module(struct ndpi_global_context *g_ctx); void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct); void ndpi_flow_free(void *ptr); ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index abef7ad34..ea40927bf 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -202,6 +202,22 @@ extern "C" { ndpi_protocol_match const * const match); /** + * Returns a new initialized global context. + * + * @return the initialized global context + * + */ + struct ndpi_global_context *ndpi_global_init(void); + + /** + * Deinit a properly initialized global context. + * + * @par g_ctx = global context to free/deinit + * + */ + void ndpi_global_deinit(struct ndpi_global_context *g_ctx); + + /** * Returns a new initialized detection module * Note that before you can use it you can still load * hosts and do other things. As soon as you are ready to use @@ -211,10 +227,11 @@ extern "C" { * indipendent detection contexts) but all these calls MUST NOT run * in parallel * + * @g_ctx = global context associated to the new detection module; NULL if no global context is needed * @return the initialized detection module * */ - struct ndpi_detection_module_struct *ndpi_init_detection_module(void); + struct ndpi_detection_module_struct *ndpi_init_detection_module(struct ndpi_global_context *g_ctx); /** * Completes the initialization (2nd step) @@ -1038,14 +1055,15 @@ extern "C" { u_int32_t ndpi_get_current_time(struct ndpi_flow_struct *flow); /* LRU cache */ - struct ndpi_lru_cache* ndpi_lru_cache_init(u_int32_t num_entries, u_int32_t ttl); + struct ndpi_lru_cache* ndpi_lru_cache_init(u_int32_t num_entries, u_int32_t ttl, int shared); void ndpi_lru_free_cache(struct ndpi_lru_cache *c); u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int16_t *value, u_int8_t clean_key_when_found, u_int32_t now_sec); void ndpi_lru_add_to_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int16_t value, u_int32_t now_sec); void ndpi_lru_get_stats(struct ndpi_lru_cache *c, struct ndpi_lru_cache_stats *stats); - int ndpi_get_lru_cache_stats(struct ndpi_detection_module_struct *ndpi_struct, + int ndpi_get_lru_cache_stats(struct ndpi_global_context *g_ctx, + struct ndpi_detection_module_struct *ndpi_struct, lru_cache_type cache_type, struct ndpi_lru_cache_stats *stats); diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index 0721f2db1..efaafb67a 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -144,6 +144,34 @@ typedef struct { } nbpf_filter; #endif +struct ndpi_global_context { + + /* LRU caches */ + + /* NDPI_PROTOCOL_OOKLA */ + int ookla_cache_is_global; + struct ndpi_lru_cache *ookla_global_cache; + + /* NDPI_PROTOCOL_BITTORRENT */ + struct ndpi_lru_cache *bittorrent_global_cache; + + /* NDPI_PROTOCOL_ZOOM */ + struct ndpi_lru_cache *zoom_global_cache; + + /* NDPI_PROTOCOL_STUN and subprotocols */ + struct ndpi_lru_cache *stun_global_cache; + struct ndpi_lru_cache *stun_zoom_global_cache; + + /* NDPI_PROTOCOL_TLS and subprotocols */ + struct ndpi_lru_cache *tls_cert_global_cache; + + /* NDPI_PROTOCOL_MINING and subprotocols */ + struct ndpi_lru_cache *mining_global_cache; + + /* NDPI_PROTOCOL_MSTEAMS */ + struct ndpi_lru_cache *msteams_global_cache; +}; + #define CFG_MAX_LEN 256 struct ndpi_detection_module_config_struct { @@ -177,20 +205,28 @@ struct ndpi_detection_module_config_struct { int ookla_cache_num_entries; int ookla_cache_ttl; + int ookla_cache_scope; int bittorrent_cache_num_entries; int bittorrent_cache_ttl; + int bittorrent_cache_scope; int zoom_cache_num_entries; int zoom_cache_ttl; + int zoom_cache_scope; int stun_cache_num_entries; int stun_cache_ttl; + int stun_cache_scope; int tls_cert_cache_num_entries; int tls_cert_cache_ttl; + int tls_cert_cache_scope; int mining_cache_num_entries; int mining_cache_ttl; + int mining_cache_scope; int msteams_cache_num_entries; int msteams_cache_ttl; + int msteams_cache_scope; int stun_zoom_cache_num_entries; int stun_zoom_cache_ttl; + int stun_zoom_cache_scope; /* Protocols */ @@ -301,6 +337,7 @@ struct ndpi_detection_module_struct { u_int8_t ip_version_limit; + struct ndpi_global_context *g_ctx; struct ndpi_detection_module_config_struct cfg; /* NDPI_PROTOCOL_TINC */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 72e2cd704..ebad711f1 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -24,6 +24,11 @@ E * ndpi_typedefs.h #ifndef __NDPI_TYPEDEFS_H__ #define __NDPI_TYPEDEFS_H__ +#ifndef NDPI_CFFI_PREPROCESSING +#define HAVE_STRUCT_TIMESPEC +#include <pthread.h> +#endif + #include "ndpi_define.h" #ifndef NDPI_CFFI_PREPROCESSING #include "ndpi_includes.h" @@ -743,6 +748,11 @@ typedef enum { NDPI_LRUCACHE_MAX /* Last one! */ } lru_cache_type; +typedef enum { + NDPI_LRUCACHE_SCOPE_LOCAL = 0, + NDPI_LRUCACHE_SCOPE_GLOBAL, +} lru_cache_scope; + struct ndpi_lru_cache_entry { u_int32_t key; /* Store the whole key to avoid ambiguities */ u_int32_t is_full:1, value:16, pad:15; @@ -757,7 +767,10 @@ struct ndpi_lru_cache_stats { struct ndpi_lru_cache { u_int32_t num_entries; - u_int32_t ttl; + u_int32_t ttl : 31, shared : 1; +#ifndef NDPI_CFFI_PREPROCESSING + pthread_mutex_t mutex; +#endif struct ndpi_lru_cache_stats stats; struct ndpi_lru_cache_entry *entries; }; @@ -947,6 +960,8 @@ struct ndpi_flow_udp_struct { /* ************************************************** */ + +struct ndpi_global_context; struct ndpi_detection_module_struct; struct ndpi_flow_struct; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ab2470aaa..0870bcbc1 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3088,9 +3088,60 @@ static void free_ptree_data(void *data) { } } +struct ndpi_global_context *ndpi_global_init(void) { + +#ifndef USE_GLOBAL_CONTEXT + return NULL; +#endif + + struct ndpi_global_context *g_ctx = ndpi_calloc(1, sizeof(struct ndpi_global_context)); + + if(g_ctx == NULL) + return(NULL); + + /* Global caches (if any) are initialized during the initialization + of the local context(s) */ + + /* Note that we don't have yet an easy way to log from this function */ + + return g_ctx; +} + /* ******************************************************************** */ -struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { +void ndpi_global_deinit(struct ndpi_global_context *g_ctx) { + + /* Note that we don't have yet an easy way to log from this function */ + + if(g_ctx) { + + /* Global caches are freed here, so that we are able to get statistics even + after the uninitialization of all the local contexts */ + + if(g_ctx->ookla_global_cache) + ndpi_lru_free_cache(g_ctx->ookla_global_cache); + if(g_ctx->bittorrent_global_cache) + ndpi_lru_free_cache(g_ctx->bittorrent_global_cache); + if(g_ctx->zoom_global_cache) + ndpi_lru_free_cache(g_ctx->zoom_global_cache); + if(g_ctx->stun_global_cache) + ndpi_lru_free_cache(g_ctx->stun_global_cache); + if(g_ctx->stun_zoom_global_cache) + ndpi_lru_free_cache(g_ctx->stun_zoom_global_cache); + if(g_ctx->tls_cert_global_cache) + ndpi_lru_free_cache(g_ctx->tls_cert_global_cache); + if(g_ctx->mining_global_cache) + ndpi_lru_free_cache(g_ctx->mining_global_cache); + if(g_ctx->msteams_global_cache) + ndpi_lru_free_cache(g_ctx->msteams_global_cache); + + ndpi_free(g_ctx); + } +} + +/* ******************************************************************** */ + +struct ndpi_detection_module_struct *ndpi_init_detection_module(struct ndpi_global_context *g_ctx) { struct ndpi_detection_module_struct *ndpi_str = ndpi_malloc(sizeof(struct ndpi_detection_module_struct)); int i; @@ -3126,6 +3177,7 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { ndpi_str->ip_risk_mask_ptree = ndpi_patricia_new(32 /* IPv4 */); ndpi_str->ip_risk_mask_ptree6 = ndpi_patricia_new(128 /* IPv6 */); + ndpi_str->g_ctx = g_ctx; set_default_config(&ndpi_str->cfg); NDPI_BITMASK_SET_ALL(ndpi_str->detection_bitmask); @@ -3546,64 +3598,128 @@ int ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str) ndpi_add_domain_risk_exceptions(ndpi_str); if(ndpi_str->cfg.ookla_cache_num_entries > 0) { - ndpi_str->ookla_cache = ndpi_lru_cache_init(ndpi_str->cfg.ookla_cache_num_entries, - ndpi_str->cfg.ookla_cache_ttl); + if(ndpi_str->cfg.ookla_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) { + if(!ndpi_str->g_ctx->ookla_global_cache) { + ndpi_str->g_ctx->ookla_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.ookla_cache_num_entries, + ndpi_str->cfg.ookla_cache_ttl, 1); + } + ndpi_str->ookla_cache = ndpi_str->g_ctx->ookla_global_cache; + } else { + ndpi_str->ookla_cache = ndpi_lru_cache_init(ndpi_str->cfg.ookla_cache_num_entries, + ndpi_str->cfg.ookla_cache_ttl, 0); + } if(!ndpi_str->ookla_cache) { NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n", ndpi_str->cfg.ookla_cache_num_entries); } } if(ndpi_str->cfg.bittorrent_cache_num_entries > 0) { - ndpi_str->bittorrent_cache = ndpi_lru_cache_init(ndpi_str->cfg.bittorrent_cache_num_entries, - ndpi_str->cfg.bittorrent_cache_ttl); + if(ndpi_str->cfg.bittorrent_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) { + if(!ndpi_str->g_ctx->bittorrent_global_cache) { + ndpi_str->g_ctx->bittorrent_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.bittorrent_cache_num_entries, + ndpi_str->cfg.bittorrent_cache_ttl, 1); + } + ndpi_str->bittorrent_cache = ndpi_str->g_ctx->bittorrent_global_cache; + } else { + ndpi_str->bittorrent_cache = ndpi_lru_cache_init(ndpi_str->cfg.bittorrent_cache_num_entries, + ndpi_str->cfg.bittorrent_cache_ttl, 0); + } if(!ndpi_str->bittorrent_cache) { NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n", ndpi_str->cfg.bittorrent_cache_num_entries); } } if(ndpi_str->cfg.zoom_cache_num_entries > 0) { - ndpi_str->zoom_cache = ndpi_lru_cache_init(ndpi_str->cfg.zoom_cache_num_entries, - ndpi_str->cfg.zoom_cache_ttl); + if(ndpi_str->cfg.zoom_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) { + if(!ndpi_str->g_ctx->zoom_global_cache) { + ndpi_str->g_ctx->zoom_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.zoom_cache_num_entries, + ndpi_str->cfg.zoom_cache_ttl, 1); + } + ndpi_str->zoom_cache = ndpi_str->g_ctx->zoom_global_cache; + } else { + ndpi_str->zoom_cache = ndpi_lru_cache_init(ndpi_str->cfg.zoom_cache_num_entries, + ndpi_str->cfg.zoom_cache_ttl, 0); + } if(!ndpi_str->zoom_cache) { NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n", ndpi_str->cfg.zoom_cache_num_entries); } } if(ndpi_str->cfg.stun_cache_num_entries > 0) { - ndpi_str->stun_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_cache_num_entries, - ndpi_str->cfg.stun_cache_ttl); + if(ndpi_str->cfg.stun_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) { + if(!ndpi_str->g_ctx->stun_global_cache) { + ndpi_str->g_ctx->stun_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_cache_num_entries, + ndpi_str->cfg.stun_cache_ttl, 1); + } + ndpi_str->stun_cache = ndpi_str->g_ctx->stun_global_cache; + } else { + ndpi_str->stun_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_cache_num_entries, + ndpi_str->cfg.stun_cache_ttl, 0); + } if(!ndpi_str->stun_cache) { NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n", ndpi_str->cfg.stun_cache_num_entries); } } if(ndpi_str->cfg.tls_cert_cache_num_entries > 0) { - ndpi_str->tls_cert_cache = ndpi_lru_cache_init(ndpi_str->cfg.tls_cert_cache_num_entries, - ndpi_str->cfg.tls_cert_cache_ttl); + if(ndpi_str->cfg.tls_cert_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) { + if(!ndpi_str->g_ctx->tls_cert_global_cache) { + ndpi_str->g_ctx->tls_cert_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.tls_cert_cache_num_entries, + ndpi_str->cfg.tls_cert_cache_ttl, 1); + } + ndpi_str->tls_cert_cache = ndpi_str->g_ctx->tls_cert_global_cache; + } else { + ndpi_str->tls_cert_cache = ndpi_lru_cache_init(ndpi_str->cfg.tls_cert_cache_num_entries, + ndpi_str->cfg.tls_cert_cache_ttl, 0); + } if(!ndpi_str->tls_cert_cache) { NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n", ndpi_str->cfg.tls_cert_cache_num_entries); } } if(ndpi_str->cfg.mining_cache_num_entries > 0) { - ndpi_str->mining_cache = ndpi_lru_cache_init(ndpi_str->cfg.mining_cache_num_entries, - ndpi_str->cfg.mining_cache_ttl); + if(ndpi_str->cfg.mining_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) { + if(!ndpi_str->g_ctx->mining_global_cache) { + ndpi_str->g_ctx->mining_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.mining_cache_num_entries, + ndpi_str->cfg.mining_cache_ttl, 1); + } + ndpi_str->mining_cache = ndpi_str->g_ctx->mining_global_cache; + } else { + ndpi_str->mining_cache = ndpi_lru_cache_init(ndpi_str->cfg.mining_cache_num_entries, + ndpi_str->cfg.mining_cache_ttl, 0); + } if(!ndpi_str->mining_cache) { NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n", ndpi_str->cfg.mining_cache_num_entries); } } if(ndpi_str->cfg.msteams_cache_num_entries > 0) { - ndpi_str->msteams_cache = ndpi_lru_cache_init(ndpi_str->cfg.msteams_cache_num_entries, - ndpi_str->cfg.msteams_cache_ttl); + if(ndpi_str->cfg.msteams_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) { + if(!ndpi_str->g_ctx->msteams_global_cache) { + ndpi_str->g_ctx->msteams_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.msteams_cache_num_entries, + ndpi_str->cfg.msteams_cache_ttl, 1); + } + ndpi_str->msteams_cache = ndpi_str->g_ctx->msteams_global_cache; + } else { + ndpi_str->msteams_cache = ndpi_lru_cache_init(ndpi_str->cfg.msteams_cache_num_entries, + ndpi_str->cfg.msteams_cache_ttl, 0); + } if(!ndpi_str->msteams_cache) { NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n", ndpi_str->cfg.msteams_cache_num_entries); } } if(ndpi_str->cfg.stun_zoom_cache_num_entries > 0) { - ndpi_str->stun_zoom_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_zoom_cache_num_entries, - ndpi_str->cfg.stun_zoom_cache_ttl); + if(ndpi_str->cfg.stun_zoom_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) { + if(!ndpi_str->g_ctx->stun_zoom_global_cache) { + ndpi_str->g_ctx->stun_zoom_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_zoom_cache_num_entries, + ndpi_str->cfg.stun_zoom_cache_ttl, 1); + } + ndpi_str->stun_zoom_cache = ndpi_str->g_ctx->stun_zoom_global_cache; + } else { + ndpi_str->stun_zoom_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_zoom_cache_num_entries, + ndpi_str->cfg.stun_zoom_cache_ttl, 0); + } if(!ndpi_str->stun_zoom_cache) { NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n", ndpi_str->cfg.stun_zoom_cache_num_entries); @@ -3910,28 +4026,36 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) { if(ndpi_str->tinc_cache) cache_free((cache_t)(ndpi_str->tinc_cache)); - if(ndpi_str->ookla_cache) + if(!ndpi_str->cfg.ookla_cache_scope && + ndpi_str->ookla_cache) ndpi_lru_free_cache(ndpi_str->ookla_cache); - if(ndpi_str->bittorrent_cache) + if(!ndpi_str->cfg.bittorrent_cache_scope && + ndpi_str->bittorrent_cache) ndpi_lru_free_cache(ndpi_str->bittorrent_cache); - if(ndpi_str->zoom_cache) + if(!ndpi_str->cfg.zoom_cache_scope && + ndpi_str->zoom_cache) ndpi_lru_free_cache(ndpi_str->zoom_cache); - if(ndpi_str->stun_cache) + if(!ndpi_str->cfg.stun_cache_scope && + ndpi_str->stun_cache) ndpi_lru_free_cache(ndpi_str->stun_cache); - if(ndpi_str->stun_zoom_cache) + if(!ndpi_str->cfg.stun_zoom_cache_scope && + ndpi_str->stun_zoom_cache) ndpi_lru_free_cache(ndpi_str->stun_zoom_cache); - if(ndpi_str->tls_cert_cache) + if(!ndpi_str->cfg.tls_cert_cache_scope && + ndpi_str->tls_cert_cache) ndpi_lru_free_cache(ndpi_str->tls_cert_cache); - if(ndpi_str->mining_cache) + if(!ndpi_str->cfg.mining_cache_scope && + ndpi_str->mining_cache) ndpi_lru_free_cache(ndpi_str->mining_cache); - if(ndpi_str->msteams_cache) + if(!ndpi_str->cfg.msteams_cache_scope && + ndpi_str->msteams_cache) ndpi_lru_free_cache(ndpi_str->msteams_cache); if(ndpi_str->protocols_ptree) @@ -9283,7 +9407,7 @@ void ndpi_generate_options(u_int opt, FILE *options_out) { u_int i; if (!options_out) return; - ndpi_str = ndpi_init_detection_module(); + ndpi_str = ndpi_init_detection_module(NULL); if (!ndpi_str) return; NDPI_BITMASK_SET_ALL(all); @@ -9729,13 +9853,20 @@ u_int32_t ndpi_get_current_time(struct ndpi_flow_struct *flow) /* ******************************************************************** */ /* LRU cache */ -struct ndpi_lru_cache *ndpi_lru_cache_init(u_int32_t num_entries, u_int32_t ttl) { +struct ndpi_lru_cache *ndpi_lru_cache_init(u_int32_t num_entries, u_int32_t ttl, int shared) { struct ndpi_lru_cache *c = (struct ndpi_lru_cache *) ndpi_calloc(1, sizeof(struct ndpi_lru_cache)); if(!c) return(NULL); - c->ttl = ttl; + c->ttl = ttl & 0x7FFFFFFF; + c->shared = !!shared; + if(c->shared) { + if(pthread_mutex_init(&c->mutex, NULL) != 0) { + ndpi_free(c); + return(NULL); + } + } c->entries = (struct ndpi_lru_cache_entry *) ndpi_calloc(num_entries, sizeof(struct ndpi_lru_cache_entry)); if(!c->entries) { @@ -9752,9 +9883,26 @@ void ndpi_lru_free_cache(struct ndpi_lru_cache *c) { ndpi_free(c); } +static void __lru_cache_lock(struct ndpi_lru_cache *c) +{ + if(c->shared) { + pthread_mutex_lock(&c->mutex); + } +} + +static void __lru_cache_unlock(struct ndpi_lru_cache *c) +{ + if(c->shared) { + pthread_mutex_unlock(&c->mutex); + } +} + u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int16_t *value, u_int8_t clean_key_when_found, u_int32_t now_sec) { u_int32_t slot = key % c->num_entries; + u_int8_t ret; + + __lru_cache_lock(c); c->stats.n_search++; if(c->entries[slot].is_full && c->entries[slot].key == key && @@ -9764,16 +9912,24 @@ u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key, if(clean_key_when_found) c->entries[slot].is_full = 0; c->stats.n_found++; - return(1); + ret = 1; } else - return(0); + ret = 0; + + __lru_cache_unlock(c); + + return ret; } void ndpi_lru_add_to_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int16_t value, u_int32_t now_sec) { u_int32_t slot = key % c->num_entries; + __lru_cache_lock(c); + c->stats.n_insert++; c->entries[slot].is_full = 1, c->entries[slot].key = key, c->entries[slot].value = value, c->entries[slot].timestamp = now_sec; + + __lru_cache_unlock(c); } void ndpi_lru_get_stats(struct ndpi_lru_cache *c, struct ndpi_lru_cache_stats *stats) { @@ -9788,37 +9944,53 @@ void ndpi_lru_get_stats(struct ndpi_lru_cache *c, struct ndpi_lru_cache_stats *s } } -int ndpi_get_lru_cache_stats(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_get_lru_cache_stats(struct ndpi_global_context *g_ctx, + struct ndpi_detection_module_struct *ndpi_struct, lru_cache_type cache_type, struct ndpi_lru_cache_stats *stats) { - if(!ndpi_struct || !stats) + int scope, is_local = 1; + char param[64], buf[8]; + + if(!stats || (!ndpi_struct && !g_ctx)) return -1; + if(!ndpi_struct) { + is_local = 0; + } else { + snprintf(param, sizeof(param), "lru.%s.scope", ndpi_lru_cache_idx_to_name(cache_type)); + ndpi_get_config(ndpi_struct, NULL, param, buf, sizeof(buf)); + scope = atoi(buf); + if(scope == NDPI_LRUCACHE_SCOPE_GLOBAL) { + is_local = 0; + if(!g_ctx) + return -1; + } + } switch(cache_type) { case NDPI_LRUCACHE_OOKLA: - ndpi_lru_get_stats(ndpi_struct->ookla_cache, stats); + ndpi_lru_get_stats(is_local ? ndpi_struct->ookla_cache : g_ctx->ookla_global_cache, stats); return 0; case NDPI_LRUCACHE_BITTORRENT: - ndpi_lru_get_stats(ndpi_struct->bittorrent_cache, stats); + ndpi_lru_get_stats(is_local ? ndpi_struct->bittorrent_cache : g_ctx->bittorrent_global_cache, stats); return 0; case NDPI_LRUCACHE_ZOOM: - ndpi_lru_get_stats(ndpi_struct->zoom_cache, stats); + ndpi_lru_get_stats(is_local ? ndpi_struct->zoom_cache : g_ctx->zoom_global_cache, stats); return 0; case NDPI_LRUCACHE_STUN: - ndpi_lru_get_stats(ndpi_struct->stun_cache, stats); + ndpi_lru_get_stats(is_local ? ndpi_struct->stun_cache : g_ctx->stun_global_cache, stats); return 0; case NDPI_LRUCACHE_TLS_CERT: - ndpi_lru_get_stats(ndpi_struct->tls_cert_cache, stats); + ndpi_lru_get_stats(is_local ? ndpi_struct->tls_cert_cache : g_ctx->tls_cert_global_cache, stats); return 0; case NDPI_LRUCACHE_MINING: - ndpi_lru_get_stats(ndpi_struct->mining_cache, stats); + ndpi_lru_get_stats(is_local ? ndpi_struct->mining_cache : g_ctx->mining_global_cache, stats); return 0; case NDPI_LRUCACHE_MSTEAMS: - ndpi_lru_get_stats(ndpi_struct->msteams_cache, stats); + ndpi_lru_get_stats(is_local ? ndpi_struct->msteams_cache : g_ctx->msteams_global_cache, stats); return 0; case NDPI_LRUCACHE_STUN_ZOOM: - ndpi_lru_get_stats(ndpi_struct->stun_zoom_cache, stats); + ndpi_lru_get_stats(is_local ? ndpi_struct->stun_zoom_cache : g_ctx->stun_zoom_global_cache, stats); return 0; default: return -1; @@ -10487,7 +10659,7 @@ static u_int16_t __get_proto_id(const char *proto_name_or_id) /* Try to decode the string as protocol name */ /* Use a temporary module with all protocols enabled */ - module = ndpi_init_detection_module(); + module = ndpi_init_detection_module(NULL); if(!module) return NDPI_PROTOCOL_UNKNOWN; NDPI_BITMASK_SET_ALL(all); @@ -10661,6 +10833,20 @@ static ndpi_cfg_error _set_param_protocol_enable_disable(struct ndpi_detection_m return NDPI_CFG_INVALID_PARAM; } +static int clbk_only_with_global_ctx(struct ndpi_detection_module_struct *ndpi_str, + void *_variable, const char *proto, + const char *param) +{ + int *variable = (int *)_variable; + + /* Integer set > 0 only if there is a global context */ + if(*variable > 0 && !ndpi_str->g_ctx) { + *variable = 0; + return -1; + } + return 0; +} + enum cfg_param_type { CFG_PARAM_ENABLE_DISABLE = 0, @@ -10749,27 +10935,35 @@ static const struct cfg_param { { NULL, "lru.ookla.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(ookla_cache_num_entries), NULL }, { NULL, "lru.ookla.ttl", "120", "0", "16777215", CFG_PARAM_INT, __OFF(ookla_cache_ttl), NULL }, + { NULL, "lru.ookla.scope", "0", "0", "1", CFG_PARAM_INT, __OFF(ookla_cache_scope), clbk_only_with_global_ctx }, { NULL, "lru.bittorrent.size", "32768", "0", "16777215", CFG_PARAM_INT, __OFF(bittorrent_cache_num_entries), NULL }, { NULL, "lru.bittorrent.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(bittorrent_cache_ttl), NULL }, + { NULL, "lru.bittorrent.scope", "0", "0", "1", CFG_PARAM_INT, __OFF(bittorrent_cache_scope), clbk_only_with_global_ctx }, { NULL, "lru.zoom.size", "512", "0", "16777215", CFG_PARAM_INT, __OFF(zoom_cache_num_entries), NULL }, { NULL, "lru.zoom.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(zoom_cache_ttl), NULL }, + { NULL, "lru.zoom.scope", "0", "0", "1", CFG_PARAM_INT, __OFF(zoom_cache_scope), clbk_only_with_global_ctx }, { NULL, "lru.stun.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(stun_cache_num_entries), NULL }, { NULL, "lru.stun.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(stun_cache_ttl), NULL }, + { NULL, "lru.stun.scope", "0", "0", "1", CFG_PARAM_INT, __OFF(stun_cache_scope), clbk_only_with_global_ctx }, { NULL, "lru.tls_cert.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(tls_cert_cache_num_entries), NULL }, { NULL, "lru.tls_cert.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(tls_cert_cache_ttl), NULL }, + { NULL, "lru.tls_cert.scope", "0", "0", "1", CFG_PARAM_INT, __OFF(tls_cert_cache_scope), clbk_only_with_global_ctx }, { NULL, "lru.mining.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(mining_cache_num_entries), NULL }, { NULL, "lru.mining.ttl", "0", "0", "16777215", CFG_PARAM_INT, __OFF(mining_cache_ttl), NULL }, + { NULL, "lru.mining.scope", "0", "0", "1", CFG_PARAM_INT, __OFF(mining_cache_scope), clbk_only_with_global_ctx }, { NULL, "lru.msteams.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(msteams_cache_num_entries), NULL }, { NULL, "lru.msteams.ttl", "60", "0", "16777215", CFG_PARAM_INT, __OFF(msteams_cache_ttl), NULL }, + { NULL, "lru.msteams.scope", "0", "0", "1", CFG_PARAM_INT, __OFF(msteams_cache_scope), clbk_only_with_global_ctx }, { NULL, "lru.stun_zoom.size", "1024", "0", "16777215", CFG_PARAM_INT, __OFF(stun_zoom_cache_num_entries), NULL }, { NULL, "lru.stun_zoom.ttl", "60", "0", "16777215", CFG_PARAM_INT, __OFF(stun_zoom_cache_ttl), NULL }, + { NULL, "lru.stun_zoom.scope", "0", "0", "1", CFG_PARAM_INT, __OFF(stun_zoom_cache_scope), clbk_only_with_global_ctx }, { NULL, NULL, NULL, NULL, NULL, 0, -1, NULL }, diff --git a/tests/cfgs/caches_global/config.txt b/tests/cfgs/caches_global/config.txt new file mode 100644 index 000000000..5050b0958 --- /dev/null +++ b/tests/cfgs/caches_global/config.txt @@ -0,0 +1 @@ +--cfg=lru.ookla.scope,1 --cfg=lru.bittorrent.scope,1 --cfg=lru.zoom.scope,1 --cfg=lru.stun.scope,1 --cfg=lru.tls_cert.scope,1 --cfg=lru.mining.scope,1 --cfg=lru.msteams.scope,1 --cfg=lru.stun_zoom.scope,1 diff --git a/tests/cfgs/caches_global/pcap/bittorrent.pcap b/tests/cfgs/caches_global/pcap/bittorrent.pcap new file mode 120000 index 000000000..304cd7bcd --- /dev/null +++ b/tests/cfgs/caches_global/pcap/bittorrent.pcap @@ -0,0 +1 @@ +../../default/pcap/bittorrent.pcap
\ No newline at end of file diff --git a/tests/cfgs/caches_global/pcap/lru_ipv6_caches.pcapng b/tests/cfgs/caches_global/pcap/lru_ipv6_caches.pcapng new file mode 120000 index 000000000..56b131a34 --- /dev/null +++ b/tests/cfgs/caches_global/pcap/lru_ipv6_caches.pcapng @@ -0,0 +1 @@ +../../default/pcap/lru_ipv6_caches.pcapng
\ No newline at end of file diff --git a/tests/cfgs/caches_global/pcap/mining.pcapng b/tests/cfgs/caches_global/pcap/mining.pcapng new file mode 120000 index 000000000..b1439cf48 --- /dev/null +++ b/tests/cfgs/caches_global/pcap/mining.pcapng @@ -0,0 +1 @@ +../../default/pcap/mining.pcapng
\ No newline at end of file diff --git a/tests/cfgs/caches_global/pcap/ookla.pcap b/tests/cfgs/caches_global/pcap/ookla.pcap new file mode 120000 index 000000000..7887844d7 --- /dev/null +++ b/tests/cfgs/caches_global/pcap/ookla.pcap @@ -0,0 +1 @@ +../../default/pcap/ookla.pcap
\ No newline at end of file diff --git a/tests/cfgs/caches_global/pcap/teams.pcap b/tests/cfgs/caches_global/pcap/teams.pcap new file mode 120000 index 000000000..3aa985b9e --- /dev/null +++ b/tests/cfgs/caches_global/pcap/teams.pcap @@ -0,0 +1 @@ +../../default/pcap/teams.pcap
\ No newline at end of file diff --git a/tests/cfgs/caches_global/pcap/zoom_p2p.pcapng b/tests/cfgs/caches_global/pcap/zoom_p2p.pcapng new file mode 120000 index 000000000..0f13069d9 --- /dev/null +++ b/tests/cfgs/caches_global/pcap/zoom_p2p.pcapng @@ -0,0 +1 @@ +../../default/pcap/zoom_p2p.pcapng
\ No newline at end of file diff --git a/tests/cfgs/caches_global/result/bittorrent.pcap.out b/tests/cfgs/caches_global/result/bittorrent.pcap.out new file mode 100644 index 000000000..65478a993 --- /dev/null +++ b/tests/cfgs/caches_global/result/bittorrent.pcap.out @@ -0,0 +1,51 @@ +DPI Packets (TCP): 24 (1.00 pkts/flow) +Confidence DPI : 24 (flows) +Num dissector calls: 1784 (74.33 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 120/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 48/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 48/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +BitTorrent 299 305728 24 + +Acceptable 299 305728 24 + + 1 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][Goodput ratio: 59/95][5.77 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 12/0 319/30 779/919 241/95][Pkt Len c2s/s2c min/avg/max/stddev: 83/80 161/1463 242/1506 58/218][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 2,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0] + 2 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/583 bytes <-> 4 pkts/975 bytes][Goodput ratio: 55/73][4.11 sec][bytes ratio: -0.252 (Download)][IAT c2s/s2c min/avg/max/stddev: 132/72 959/2027 1966/3982 760/1955][Pkt Len c2s/s2c min/avg/max/stddev: 80/73 146/244 198/648 44/235][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,12,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][Goodput ratio: 59/78][3.54 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 489/661 1178/883 1943/1105 596/222][Pkt Len c2s/s2c min/avg/max/stddev: 75/113 160/303 241/650 62/246][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 14,14,28,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/583 bytes <-> 2 pkts/818 bytes][Goodput ratio: 77/84][1.89 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,25,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/582 bytes <-> 2 pkts/796 bytes][Goodput ratio: 66/83][0.92 sec][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/510 bytes <-> 2 pkts/771 bytes][Goodput ratio: 61/83][0.92 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,20,60,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/410 bytes <-> 3 pkts/851 bytes][Goodput ratio: 52/77][0.81 sec][bytes ratio: -0.350 (Download)][IAT c2s/s2c min/avg/max/stddev: 320/159 407/298 494/436 87/138][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 137/284 196/601 47/227][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 2 pkts/771 bytes][Goodput ratio: 56/83][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/442 bytes <-> 2 pkts/771 bytes][Goodput ratio: 55/83][0.94 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/440 bytes <-> 2 pkts/772 bytes][Goodput ratio: 55/83][0.27 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.36 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.26 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/430 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.45 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/409 bytes <-> 2 pkts/771 bytes][Goodput ratio: 51/83][0.25 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 2 pkts/796 bytes][Goodput ratio: 50/83][0.23 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 1 pkts/624 bytes][Goodput ratio: 50/89][0.22 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/349 bytes <-> 2 pkts/265 bytes][Goodput ratio: 62/50][1.91 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,25,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 1 pkts/157 bytes][Goodput ratio: 56/58][0.15 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,50,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out new file mode 100644 index 000000000..2def9f8d7 --- /dev/null +++ b/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out @@ -0,0 +1,48 @@ +DPI Packets (TCP): 9 (3.00 pkts/flow) +DPI Packets (UDP): 30 (3.33 pkts/flow) +Confidence DPI (cache) : 4 (flows) +Confidence DPI : 8 (flows) +Num dissector calls: 642 (53.50 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 25/7/2 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 6/8/0 (insert/search/found) +LRU cache tls_cert: 1/3/2 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 9/0 (search/found) +Automa domain: 9/0 (search/found) +Automa tls cert: 1/1 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 3/3 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk mask IPv6: 22/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 12/0 (search/found) +Patricia protocols: 0/0 (search/found) +Patricia protocols IPv6: 24/0 (search/found) + +BitTorrent 25 4546 5 +WhatsAppCall 24 3996 3 +STUN 30 3450 1 +Cloudflare 9 8862 3 + +Acceptable 88 20854 12 + +JA3 Host Stats: + IP Address # JA3C + + + 1 UDP [32fb:f967:681e:e96b:face:b00c::74fd]:3478 <-> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080]:45658 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 12][cat: Network/14][14 pkts/1612 bytes <-> 16 pkts/1838 bytes][Goodput ratio: 46/46][2.71 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 12/1 188/155 778/396 231/147][Pkt Len c2s/s2c min/avg/max/stddev: 84/84 115/115 214/206 44/39][PLAIN TEXT (4/WtFTidwfa)][Plen Bins: 46,23,16,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44144 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.16 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 3 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44150 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 4 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44192 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 5 UDP [2a2f:8509:1cb2:466d:ecbf:69d6:109c:608]:62229 -> [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][9 pkts/2397 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1249/0 8358/0 2694/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 266/0 610/0 243/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (added.f)][Plen Bins: 44,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP [3069:c624:1d42:9469:98b1:67ff:fe43:325]:56131 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][11 pkts/1958 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][2.35 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/0 236/0 1183/0 350/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 178/0 214/0 41/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BHBeRjaHJ)][Plen Bins: 9,0,18,0,72,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP [2118:ec33:112b:7908:2c80:27ff:fef7:d71f]:48415 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][11 pkts/1742 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][2.97 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 279/0 1388/0 400/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 158/0 214/0 51/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (NGuJOnsW)][Plen Bins: 18,0,36,0,45,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27]:60506 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][11 pkts/1319 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][6.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 670/0 2769/0 758/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 120/0 431/0 99/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (added.f)][Plen Bins: 72,18,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][8.49 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [38b2:46b7:27a4:94c3:c134:948:e069:d71f]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][20.08 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP [3297:a1af:5121:cfc:360b:2e07:872f:1ea0]:43865 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][2 pkts/296 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][0.26 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BZ9/sp6)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 1][cat: Download/7][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/caches_global/result/mining.pcapng.out b/tests/cfgs/caches_global/result/mining.pcapng.out new file mode 100644 index 000000000..ef8daea4d --- /dev/null +++ b/tests/cfgs/caches_global/result/mining.pcapng.out @@ -0,0 +1,31 @@ +DPI Packets (TCP): 17 (4.25 pkts/flow) +Confidence DPI : 4 (flows) +Num dissector calls: 101 (25.25 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 4/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 1/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 8/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +Mining 673 219078 4 + +Unsafe 673 219078 4 + + 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes][Goodput ratio: 93/43][1091.42 sec][currency: ZCash][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7234/8131 71734/71815 15224/15291][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 900/117 1514/376 709/99][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (method)][Plen Bins: 28,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,29,0,0] + 2 TCP 147.229.13.222:49307 <-> 185.71.66.39:9999 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Mining/99][112 pkts/10941 bytes <-> 97 pkts/20817 bytes][Goodput ratio: 45/74][295.93 sec][currency: Ethereum][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 2992/2893 9784/10017 3265/3384][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 98/215 259/297 57/112][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (worker)][Plen Bins: 0,1,28,0,12,0,0,58,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes][Goodput ratio: 53/53][1154.54 sec][currency: ZCash/Monero][bytes ratio: 0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 15953/19141 60205/60205 20621/20751][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/143 326/369 91/88][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (method)][Plen Bins: 0,40,0,0,0,44,0,13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Mining/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes][Goodput ratio: 70/78][1065.16 sec][currency: ZCash][bytes ratio: -0.136 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46166/51528 195463/195463 61020/65306][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 186/255 1498/364 395/138][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (method)][Plen Bins: 4,13,4,8,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0] diff --git a/tests/cfgs/caches_global/result/ookla.pcap.out b/tests/cfgs/caches_global/result/ookla.pcap.out new file mode 100644 index 000000000..6cc0458e4 --- /dev/null +++ b/tests/cfgs/caches_global/result/ookla.pcap.out @@ -0,0 +1,42 @@ +Guessed flow protos: 1 + +DPI Packets (TCP): 40 (6.67 pkts/flow) +Confidence DPI (partial cache): 1 (flows) +Confidence DPI : 4 (flows) +Confidence DPI (aggressive) : 1 (flows) +Num dissector calls: 559 (93.17 diss/flow) +LRU cache ookla: 4/2/2 (insert/search/found) +LRU cache bittorrent: 0/3/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/2/0 (insert/search/found) +LRU cache mining: 0/1/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 3/2 (search/found) +Automa domain: 3/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 1/0 (search/found) +Automa common alpns: 4/4 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 11/1 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +Ookla 113 38411 6 + +Safe 113 38411 6 + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.1.128 2 + + + 1 TCP 192.168.1.128:35830 <-> 89.96.108.170:8080 [proto: 91.191/TLS.Ookla][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][DPI packets: 6][cat: Web/5][21 pkts/21216 bytes <-> 8 pkts/1950 bytes][Goodput ratio: 93/72][0.32 sec][Hostname/SNI: spd-pub-mi-01-01.fastwebnet.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.832 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/61 274/280 62/109][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1010/244 1514/387 612/138][TLSv1.3][JA3C: c279b0189edb9269da7bc43dea5e0c36][JA4: t13d1714h2_5b57614c22b0_8f66f9ee9c6c][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,4,0,0,0,0,4,9,0,9,0,0,0,0,0,4,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,55,0,0] + 2 TCP 192.168.1.128:48854 <-> 104.16.209.12:443 [proto: 91.191/TLS.Ookla][IP: 220/Cloudflare][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][8 pkts/1620 bytes <-> 6 pkts/3818 bytes][Goodput ratio: 67/89][0.06 sec][Hostname/SNI: www.speedtest.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.404 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 18/15 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 202/636 583/1514 181/646][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (@oTAgOeedtest.net)][Plen Bins: 0,0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] + 3 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][12 pkts/2238 bytes <-> 8 pkts/2082 bytes][Goodput ratio: 64/74][5.33 sec][Hostname/SNI: massarosa-1.speedtest.welcomeitalia.it][bytes ratio: 0.036 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 528/47 5005/84 1493/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 186/260 430/523 168/194][URL: massarosa-1.speedtest.welcomeitalia.it/crossdomain.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache/2.2.22 (Ubuntu)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete Apache server 2.2.22][PLAIN TEXT (GET /crossdomain.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,12,75,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.192:51156 <-> 89.96.108.170:8080 [proto: 191/Ookla][IP: 0/Unknown][ClearText][Confidence: DPI (partial cache)][DPI packets: 10][cat: Network/14][6 pkts/591 bytes <-> 4 pkts/1784 bytes][Goodput ratio: 32/85][0.05 sec][bytes ratio: -0.502 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/10 15/20 6/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/446 143/1514 31/617][PLAIN TEXT (gKRZvA)][Plen Bins: 0,40,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 5 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][19 pkts/1421 bytes <-> 11 pkts/920 bytes][Goodput ratio: 11/20][0.80 sec][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 26/0 44/75 103/137 23/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/84 85/100 9/8][PLAIN TEXT ( 6HELLO 2.4 2016)][Plen Bins: 94,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.1.192:37790 <-> 185.157.229.246:8080 [proto: 191/Ookla][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][6 pkts/454 bytes <-> 4 pkts/317 bytes][Goodput ratio: 11/14][0.06 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/5 46/9 17/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/79 106/108 14/17][PLAIN TEXT (HELLO 2.9 )][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/caches_global/result/teams.pcap.out b/tests/cfgs/caches_global/result/teams.pcap.out new file mode 100644 index 000000000..5fca8dfad --- /dev/null +++ b/tests/cfgs/caches_global/result/teams.pcap.out @@ -0,0 +1,142 @@ +Guessed flow protos: 2 + +DPI Packets (TCP): 337 (8.02 pkts/flow) +DPI Packets (UDP): 74 (1.85 pkts/flow) +DPI Packets (other): 1 (1.00 pkts/flow) +Confidence Unknown : 1 (flows) +Confidence Match by port : 2 (flows) +Confidence DPI (partial) : 4 (flows) +Confidence DPI : 76 (flows) +Num dissector calls: 529 (6.37 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/9/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 24/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/3/0 (insert/search/found) +LRU cache msteams: 27/19/15 (insert/search/found) +LRU cache stun_zoom: 0/1/0 (insert/search/found) +Automa host: 85/71 (search/found) +Automa domain: 85/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 24/1 (search/found) +Automa common alpns: 67/67 (search/found) +Patricia risk mask: 80/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 1/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 121/47 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +Unknown 4 456 1 +DNS 8 1126 4 +DHCP 7 2323 2 +ntop 40 9816 3 +Skype_TeamsCall 93 19649 12 +ICMP 2 140 1 +TLS 23 11660 3 +Dropbox 2 1054 2 +Skype_Teams 178 78638 8 +Apple 2 231 1 +Spotify 1 82 1 +Microsoft 405 284048 12 +Microsoft365 136 52120 6 +Teams 595 215358 26 +Azure 2 294 1 + +Safe 1065 521113 45 +Acceptable 428 155344 36 +Fun 1 82 1 +Unrated 4 456 1 + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.1.6 6 + + + 1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 9][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] + 2 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0] + 3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][DPI packets: 12][cat: Collaborative/15][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0] + 4 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 10][cat: Cloud/13][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0] + 5 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 10][cat: Cloud/13][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0] + 6 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Cloud/13][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0] + 7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] + 8 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][DPI packets: 10][cat: Collaborative/15][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] + 9 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0] + 10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][DPI packets: 12][cat: Collaborative/15][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] + 11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] + 12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0] + 13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 11][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0] + 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 125/Skype_Teams][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 12][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] + 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 14][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] + 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] + 17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 10][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] + 18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] + 19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][DPI packets: 9][cat: Collaborative/15][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] + 20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0] + 21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][DPI packets: 14][cat: VoIP/10][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0] + 22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][DPI packets: 14][cat: VoIP/10][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0] + 23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0] + 24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][DPI packets: 12][cat: Collaborative/15][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] + 25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][DPI packets: 12][cat: Collaborative/15][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] + 26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][DPI packets: 5][cat: VoIP/10][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] + 27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][DPI packets: 5][cat: VoIP/10][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] + 28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 11][cat: Collaborative/15][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0] + 29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0] + 30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0] + 31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][DPI packets: 12][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0] + 34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 13][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] + 35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0] + 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_158b9cf6d7fa][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_158b9cf6d7fa][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 UDP 192.168.1.6:50016 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 UDP 192.168.1.6:50036 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 UDP 192.168.1.6:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/397 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (6.10.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 UDP 192.168.1.6:63930 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/301 bytes][Goodput ratio: 56/86][0.04 sec][Hostname/SNI: dc.applicationinsights.microsoft.com][40.79.138.41][PLAIN TEXT (applicationinsights)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 UDP 192.168.1.6:54069 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/264 bytes][Goodput ratio: 49/84][0.06 sec][Hostname/SNI: api.microsoftstream.com][104.40.187.151][PLAIN TEXT (microsoftstream)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 58 UDP 192.168.1.6:62735 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/225 bytes][Goodput ratio: 53/81][0.01 sec][Hostname/SNI: euno-1.api.microsoftstream.com][52.169.186.119][PLAIN TEXT (microsoftstream)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 UDP 192.168.1.6:55765 <-> 192.168.1.1:53 [proto: 5.276/DNS.Azure][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/109 bytes <-> 1 pkts/185 bytes][Goodput ratio: 61/77][0.01 sec][Hostname/SNI: b-tr-teams-euno-05.northeurope.cloudapp.azure.com][::][PLAIN TEXT (northeurope)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 UDP 192.168.1.6:59403 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/214 bytes][Goodput ratio: 47/80][0.01 sec][Hostname/SNI: substrate.office.com][13.107.18.11][PLAIN TEXT (substrate)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 UDP 192.168.1.6:49514 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/204 bytes][Goodput ratio: 51/79][0.01 sec][Hostname/SNI: config.teams.microsoft.com][52.113.194.132][PLAIN TEXT (config)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 UDP 192.168.1.6:57530 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/181 bytes][Goodput ratio: 57/76][0.03 sec][Hostname/SNI: presence.services.sfb.trafficmanager.net][52.114.77.58][PLAIN TEXT (presence)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 UDP 192.168.1.6:53678 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/173 bytes][Goodput ratio: 59/75][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][2a01:111:f100:7000::6fdd:54a1][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 UDP 192.168.1.6:60837 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/100 bytes <-> 1 pkts/176 bytes][Goodput ratio: 57/76][0.01 sec][Hostname/SNI: c-flightproxy-euno-01-teams.cloudapp.net][::][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 UDP 192.168.1.6:65230 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/161 bytes][Goodput ratio: 59/73][0.01 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][52.114.15.45][PLAIN TEXT (trouter)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 UDP 192.168.1.6:65387 <-> 192.168.1.1:53 [proto: 5.212/DNS.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/171 bytes][Goodput ratio: 54/75][0.01 sec][Hostname/SNI: northeuropecns.trafficmanager.net][52.114.76.48][PLAIN TEXT (northeuropecns)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 75 UDP 192.168.1.6:51033 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype_Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/182 bytes][Goodput ratio: 47/77][0.04 sec][Hostname/SNI: eu-api.asm.skype.com][52.114.75.69][PLAIN TEXT (trafficmanager)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 76 UDP 192.168.1.6:51309 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/169 bytes][Goodput ratio: 54/75][0.01 sec][Hostname/SNI: skypedataprdcolneu04.cloudapp.net][::][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 UDP 192.168.1.6:62863 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/158 bytes][Goodput ratio: 59/73][0.07 sec][Hostname/SNI: emea.ng.msg.teams-msgapi.trafficmanager.net][52.114.108.8][PLAIN TEXT (msgapi)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 78 UDP 192.168.1.6:56634 <-> 192.168.1.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/142 bytes][Goodput ratio: 52/70][0.03 sec][Hostname/SNI: captive.apple.com.edgekey.net][23.50.158.88][PLAIN TEXT (captive)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 79 UDP 192.168.1.6:60813 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/93 bytes <-> 1 pkts/109 bytes][Goodput ratio: 54/61][0.01 sec][Hostname/SNI: skypedataprdcolneu04.cloudapp.net][52.114.77.33][PLAIN TEXT (skypedataprdcolneu04)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 80 TCP 192.168.1.6:58533 -> 149.154.167.91:443 [proto: 91/TLS][IP: 185/Telegram][Encrypted][Confidence: Match by port][DPI packets: 3][cat: Web/5][3 pkts/186 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][4.29 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 81 ICMP 93.71.110.205:0 -> 192.168.1.6:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 82 UDP 192.168.1.112:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Music/25][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + + +Undetected flows: + 1 TCP 151.11.50.139:2222 <-> 192.168.1.6:54750 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][2 pkts/252 bytes <-> 2 pkts/204 bytes][Goodput ratio: 47/35][0.05 sec][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out b/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out new file mode 100644 index 000000000..bf6c8b4f4 --- /dev/null +++ b/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out @@ -0,0 +1,46 @@ +Guessed flow protos: 4 + +DPI Packets (UDP): 52 (5.20 pkts/flow) +DPI Packets (other): 2 (1.00 pkts/flow) +Confidence DPI (partial cache): 4 (flows) +Confidence DPI : 8 (flows) +Num dissector calls: 842 (70.17 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/12/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 8/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/4/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 4/4/4 (insert/search/found) +Automa host: 3/0 (search/found) +Automa domain: 3/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 18/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 20/6 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +MDNS 3 549 1 +ICMP 53 6042 2 +Dropbox 16 2784 1 +Zoom 691 262429 8 + +Acceptable 763 271804 12 + + 1 UDP 192.168.12.156:39065 <-> 192.168.1.226:46757 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 13][cat: Video/26][148 pkts/108673 bytes <-> 174 pkts/110457 bytes][Goodput ratio: 94/93][1.67 sec][bytes ratio: -0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 88/71 15/12][Pkt Len c2s/s2c min/avg/max/stddev: 127/98 734/635 1269/1302 277/371][PLAIN TEXT (192.168.1.226)][Plen Bins: 0,0,9,1,0,0,0,6,1,0,0,0,0,2,5,11,10,5,4,4,2,0,0,1,2,2,0,0,0,0,0,1,16,0,0,0,3,1,5,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.12.156:49579 -> 10.78.14.178:49586 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 13][cat: Video/26][154 pkts/19404 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][4.51 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/0 82/0 14/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.12.156:42208 -> 10.78.14.178:47312 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 13][cat: Video/26][130 pkts/16380 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][2.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/0 82/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 ICMP 206.247.10.253:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][40 pkts/4560 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 895/0 2027/0 1000/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.12.1:17500 -> 192.168.12.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][450.15 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30007/0 30010/0 30013/0 9/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.12.156:38453 -> 206.247.87.213:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1974/0 2015/0 2040/0 19/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.12.156:39065 -> 206.247.87.213:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1976/0 2015/0 2040/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.12.156:42208 -> 206.247.10.253:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1990/0 2013/0 2032/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.12.156:49579 -> 206.247.10.253:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1990/0 2013/0 2030/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 ICMP 206.247.87.213:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][13 pkts/1482 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3298/0 22119/0 6017/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.12.156:38453 -> 192.168.1.226:41036 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 5][cat: Video/26][5 pkts/635 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][0.06 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (192.168.1.226)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][384.13 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][PLAIN TEXT (webdav)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/dga/dga_evaluate.c b/tests/dga/dga_evaluate.c index 2d226f2d4..27f89fbdc 100644 --- a/tests/dga/dga_evaluate.c +++ b/tests/dga/dga_evaluate.c @@ -92,7 +92,7 @@ int main(int argc, char **argv) { /* Initialize nDPI detection module*/ NDPI_PROTOCOL_BITMASK all; - struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(); + struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(NULL); assert(ndpi_str != NULL); NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); diff --git a/tests/do.sh.in b/tests/do.sh.in index e8a08f035..dde8587f9 100755 --- a/tests/do.sh.in +++ b/tests/do.sh.in @@ -30,6 +30,8 @@ PCRE2_ENABLED=@PCRE2_ENABLED@ PCRE_PCAPS="WebattackRCE.pcap" NBPF_ENABLED=@NBPF_ENABLED@ NBPF_PCAPS="h323-overflow.pcap" +GLOBAL_CONTEXT_ENABLED=@GLOBAL_CONTEXT_ENABLED@ +GLOBAL_CONTEXT_CFGS="caches_global" READER="${CMD_PREFIX} ../../../example/ndpiReader${EXE_SUFFIX} --cfg=filename.config,../../../example/config.txt -A -p ../../../example/protos.txt -c ../../../example/categories.txt -r ../../../example/risky_domains.txt -j ../../../example/ja3_fingerprints.csv -S ../../../example/sha1_fingerprints.csv -G ../../../lists -q -K JSON -k /dev/null -t -v 2" RC=0 @@ -152,6 +154,21 @@ if [ $FUZZY_TESTING_ENABLED -eq 1 ]; then fi for d in $(find ./cfgs/* -type d -maxdepth 0 2>/dev/null) ; do + + SKIP_CFG=0 + if [ $GLOBAL_CONTEXT_ENABLED -eq 0 ]; then + for c in $GLOBAL_CONTEXT_CFGS; do + if [ $c = $(basename $d) ]; then + SKIP_CFG=1 + break + fi + done + fi + if [ $SKIP_CFG -eq 1 ]; then + printf "Configuration \""$(basename $d)"\" \tSKIPPED\n" + continue + fi + cd ./cfgs/"$(basename $d)" PCAPS=`cd pcap; /bin/ls *.*cap*` diff --git a/tests/unit/unit.c b/tests/unit/unit.c index 948fd2a9e..4b83be3b1 100644 --- a/tests/unit/unit.c +++ b/tests/unit/unit.c @@ -373,7 +373,7 @@ int main(int argc, char **argv) { return -1; } - ndpi_info_mod = ndpi_init_detection_module(); + ndpi_info_mod = ndpi_init_detection_module(NULL); if (ndpi_info_mod == NULL) return -1; diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index d7022a7db..2e78c488c 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -82,6 +82,7 @@ <GenerateDebugInformation>true</GenerateDebugInformation> <SubSystem>Windows</SubSystem> <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalDependencies>Ws2_32.lib;$(ProjectDir)..\windows\packages\pthreads.2.9.1.4\build\native\lib\v110\x64\Debug\static\cdecl\libpthread-static.lib;%(AdditionalDependencies)</AdditionalDependencies> <FullProgramDatabaseFile>true</FullProgramDatabaseFile> <AssemblyDebug>true</AssemblyDebug> </Link> |