diff options
| -rw-r--r-- | example/Makefile.in | 1 | ||||
| -rw-r--r-- | example/calls.conf | 8 | ||||
| -rw-r--r-- | example/ndpiReader.c | 267 | ||||
| -rw-r--r-- | example/obfuscation.conf | 8 | ||||
| -rw-r--r-- | tests/cfgs/ndpireader_conf_file/config.txt | 1 | ||||
| l--------- | tests/cfgs/ndpireader_conf_file/pcap/openvpn_obfuscated.pcapng | 1 | ||||
| l--------- | tests/cfgs/ndpireader_conf_file/pcap/signal_videocall.pcapng | 1 | ||||
| -rw-r--r-- | tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out | 33 | ||||
| -rw-r--r-- | tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out | 30 |
9 files changed, 251 insertions, 99 deletions
diff --git a/example/Makefile.in b/example/Makefile.in index 707dbfb19..8593abd57 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -96,6 +96,7 @@ distdir: -o -name '*.h' \ -o -name '*.py' \ -o -name '*.txt' \ + -o -name '*.conf' \ -o -name '*.csv' | xargs -I'{}' cp '{}' '$(distdir)/{}' distclean: clean diff --git a/example/calls.conf b/example/calls.conf new file mode 100644 index 000000000..73640741b --- /dev/null +++ b/example/calls.conf @@ -0,0 +1,8 @@ +#Useful ndpiReader configuration to analyse audio/video calls traffic + +#Generic limits +--cfg=packets_limit_per_flow,255 -U 0 -T 0 +#Stun +--cfg=stun,monitoring,1 --cfg=stun,max_packets_extra_dissection,255 +#Zoom +--cfg=zoom,max_packets_extra_dissection,255 diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 630daa43f..d5bc9f382 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -93,6 +93,12 @@ static char* domain_to_check = NULL; static char* ip_port_to_check = NULL; static u_int8_t ignore_vlanid = 0; FILE *fingerprint_fp = NULL; /**< for flow fingerprint export */ +#ifdef __linux__ +static char *bind_mask = NULL; +#endif +#define MAX_FARGS 64 +static char* fargv[MAX_FARGS]; +static int fargc = 0; #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../nDPI-custom/ndpiReader_defs.c" @@ -770,6 +776,7 @@ static void help(u_int long_help) { #define OPTLONG_VALUE_CFG 3000 #define OPTLONG_VALUE_OPENVPN_HEURISTICS 3001 #define OPTLONG_VALUE_TLS_HEURISTICS 3002 +#define OPTLONG_VALUE_CONF 3003 static struct option longopts[] = { /* mandatory extcap options */ @@ -817,6 +824,7 @@ static struct option longopts[] = { { "cfg", required_argument, NULL, OPTLONG_VALUE_CFG}, { "openvpn_heuristics", no_argument, NULL, OPTLONG_VALUE_OPENVPN_HEURISTICS}, { "tls_heuristics", no_argument, NULL, OPTLONG_VALUE_TLS_HEURISTICS}, + { "conf", required_argument, NULL, OPTLONG_VALUE_CONF}, {0, 0, 0, 0} }; @@ -1083,33 +1091,13 @@ int reader_add_cfg(char *proto, char *param, char *value, int dup) /* ********************************** */ -/** - * @brief Option parser - */ -static void parseOptions(int argc, char **argv) { + +static void parse_parameters(int argc, char **argv) +{ int option_idx = 0; int opt; -#ifndef USE_DPDK - char *__pcap_file = NULL; - int thread_id; -#ifdef __linux__ - char *bind_mask = NULL; - u_int num_cores = sysconf(_SC_NPROCESSORS_ONLN); -#endif -#endif char *s1, *s2, *s3; -#ifdef USE_DPDK - { - int ret = rte_eal_init(argc, argv); - - if(ret < 0) - rte_exit(EXIT_FAILURE, "Error with EAL initialization\n"); - - argc -= ret, argv += ret; - } -#endif - while((opt = getopt_long(argc, argv, longopts_short, longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### Handling option -%c [%s] #### \n", opt, optarg ? optarg : ""); @@ -1152,8 +1140,8 @@ static void parseOptions(int argc, char **argv) { } if(reader_add_cfg("tls", "metadata.ja4r_fingerprint", "1", 1) == -1) { - printf("Unable to enable JA4r fingerprints\n"); - exit(1); + printf("Unable to enable JA4r fingerprints\n"); + exit(1); } do_load_lists = true; @@ -1224,10 +1212,10 @@ static void parseOptions(int argc, char **argv) { case 'C': errno = 0; if((csv_fp = fopen(optarg, "w")) == NULL) - { - printf("Unable to write on CSV file %s: %s\n", optarg, strerror(errno)); - exit(1); - } + { + printf("Unable to write on CSV file %s: %s\n", optarg, strerror(errno)); + exit(1); + } break; case 'r': @@ -1253,58 +1241,58 @@ static void parseOptions(int argc, char **argv) { case 'V': { - char buf[12]; - int log_level; - const char *errstrp; - - /* (Internals) log levels are 0-3, but ndpiReader allows 0-4, where with 4 - we also enable all protocols */ - log_level = ndpi_strtonum(optarg, NDPI_LOG_ERROR, NDPI_LOG_DEBUG_EXTRA + 1, &errstrp, 10); - if(errstrp != NULL) { - printf("Invalid log level %s: %s\n", optarg, errstrp); - exit(1); - } - if(log_level > NDPI_LOG_DEBUG_EXTRA) { - log_level = NDPI_LOG_DEBUG_EXTRA; - if(reader_add_cfg("all", "log", "enable", 1) == 1) { - printf("Invalid cfg [num:%d/%d]\n", num_cfgs, MAX_NUM_CFGS); - exit(1); - } - } - snprintf(buf, sizeof(buf), "%d", log_level); - if(reader_add_cfg(NULL, "log.level", buf, 1) == 1) { - printf("Invalid log level [%s] [num:%d/%d]\n", buf, num_cfgs, MAX_NUM_CFGS); - exit(1); - } - reader_log_level = log_level; - break; + char buf[12]; + int log_level; + const char *errstrp; + + /* (Internals) log levels are 0-3, but ndpiReader allows 0-4, where with 4 + we also enable all protocols */ + log_level = ndpi_strtonum(optarg, NDPI_LOG_ERROR, NDPI_LOG_DEBUG_EXTRA + 1, &errstrp, 10); + if(errstrp != NULL) { + printf("Invalid log level %s: %s\n", optarg, errstrp); + exit(1); + } + if(log_level > NDPI_LOG_DEBUG_EXTRA) { + log_level = NDPI_LOG_DEBUG_EXTRA; + if(reader_add_cfg("all", "log", "enable", 1) == 1) { + printf("Invalid cfg [num:%d/%d]\n", num_cfgs, MAX_NUM_CFGS); + exit(1); + } + } + snprintf(buf, sizeof(buf), "%d", log_level); + if(reader_add_cfg(NULL, "log.level", buf, 1) == 1) { + printf("Invalid log level [%s] [num:%d/%d]\n", buf, num_cfgs, MAX_NUM_CFGS); + exit(1); + } + reader_log_level = log_level; + break; } case 'u': { - char *n; - char *str = ndpi_strdup(optarg); - int inverted_logic; - - /* Reset any previous call to this knob */ - if(reader_add_cfg("all", "log", "disable", 1) == 1) { - printf("Invalid cfg [num:%d/%d]\n", num_cfgs, MAX_NUM_CFGS); - exit(1); - } + char *n; + char *str = ndpi_strdup(optarg); + int inverted_logic; + + /* Reset any previous call to this knob */ + if(reader_add_cfg("all", "log", "disable", 1) == 1) { + printf("Invalid cfg [num:%d/%d]\n", num_cfgs, MAX_NUM_CFGS); + exit(1); + } - for(n = strtok(str, ","); n && *n; n = strtok(NULL, ",")) { - inverted_logic = 0; - if(*n == '-') { - inverted_logic = 1; - n++; - } - if(reader_add_cfg(n, "log", inverted_logic ? "disable" : "enable", 1) == 1) { - printf("Invalid parameter [%s] [num:%d/%d]\n", n, num_cfgs, MAX_NUM_CFGS); - exit(1); - } - } - ndpi_free(str); - break; + for(n = strtok(str, ","); n && *n; n = strtok(NULL, ",")) { + inverted_logic = 0; + if(*n == '-') { + inverted_logic = 1; + n++; + } + if(reader_add_cfg(n, "log", inverted_logic ? "disable" : "enable", 1) == 1) { + printf("Invalid parameter [%s] [num:%d/%d]\n", n, num_cfgs, MAX_NUM_CFGS); + exit(1); + } + } + ndpi_free(str); + break; } case 'B': @@ -1359,23 +1347,23 @@ static void parseOptions(int argc, char **argv) { case 'k': errno = 0; if((serialization_fp = fopen(optarg, "w")) == NULL) - { - printf("Unable to write on serialization file %s: %s\n", optarg, strerror(errno)); - exit(1); - } + { + printf("Unable to write on serialization file %s: %s\n", optarg, strerror(errno)); + exit(1); + } break; case 'K': if (strcasecmp(optarg, "tlv") == 0 && strlen(optarg) == 3) - { - serialization_format = ndpi_serialization_format_tlv; - } else if (strcasecmp(optarg, "csv") == 0 && strlen(optarg) == 3) - { - serialization_format = ndpi_serialization_format_csv; - } else if (strcasecmp(optarg, "json") == 0 && strlen(optarg) == 4) - { - serialization_format = ndpi_serialization_format_json; - } else { + { + serialization_format = ndpi_serialization_format_tlv; + } else if (strcasecmp(optarg, "csv") == 0 && strlen(optarg) == 3) + { + serialization_format = ndpi_serialization_format_csv; + } else if (strcasecmp(optarg, "json") == 0 && strlen(optarg) == 4) + { + serialization_format = ndpi_serialization_format_json; + } else { printf("Unknown serialization format. Valid values are: tlv,csv,json\n"); exit(1); } @@ -1412,6 +1400,58 @@ static void parseOptions(int argc, char **argv) { } break; + case OPTLONG_VALUE_CONF: + { + FILE *fd; + char buffer[512], *line, *saveptr; + int len, saved_optind, initial_fargc; + + fd = fopen(optarg, "r"); + if(fd == NULL) { + printf("Error opening: %s\n", optarg); + exit(1); + } + + if(fargc == 0) { + fargv[0] = ndpi_strdup(argv[0]); + fargc = 1; + } + initial_fargc = fargc; + + while(1) { + line = fgets(buffer, sizeof(buffer), fd); + + if(line == NULL) + break; + + len = strlen(line); + + if((len <= 1) || (line[0] == '#')) + continue; + + line[len - 1] = '\0'; + + fargv[fargc] = ndpi_strdup(strtok_r(line, " \t", &saveptr)); + while(fargc < MAX_FARGS && fargv[fargc] != NULL) { + fargc++; + fargv[fargc] = ndpi_strdup(strtok_r(NULL, " \t", &saveptr)); + } + if(fargc == MAX_FARGS) { + printf("Too many arguments\n"); + exit(1); + } + } + + /* Recursive call to getopt_long() */ + saved_optind = optind; + optind = initial_fargc; + parse_parameters(fargc, fargv); + optind = saved_optind; + + fclose(fd); + } + break; + /* Extcap */ case '0': extcap_interfaces(); @@ -1441,18 +1481,18 @@ static void parseOptions(int argc, char **argv) { case '9': { - struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(NULL); - NDPI_PROTOCOL_BITMASK all; + struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(NULL); + NDPI_PROTOCOL_BITMASK all; - NDPI_BITMASK_SET_ALL(all); - ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); - ndpi_finalize_initialization(ndpi_str); + NDPI_BITMASK_SET_ALL(all); + ndpi_set_protocol_detection_bitmask2(ndpi_str, &all); + ndpi_finalize_initialization(ndpi_str); - extcap_packet_filter = ndpi_get_proto_by_name(ndpi_str, optarg); - if(extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); + extcap_packet_filter = ndpi_get_proto_by_name(ndpi_str, optarg); + if(extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); - ndpi_exit_detection_module(ndpi_str); - break; + ndpi_exit_detection_module(ndpi_str); + break; } case 'T': @@ -1475,7 +1515,7 @@ static void parseOptions(int argc, char **argv) { case OPTLONG_VALUE_CFG: if(parse_three_strings(optarg, &s1, &s2, &s3) == -1 || - reader_add_cfg(s1, s2, s3, 0) == -1) { + reader_add_cfg(s1, s2, s3, 0) == -1) { printf("Invalid parameter [%s] [num:%d/%d]\n", optarg, num_cfgs, MAX_NUM_CFGS); exit(1); } @@ -1490,6 +1530,32 @@ static void parseOptions(int argc, char **argv) { break; } } +} + +/** + * @brief Option parser + */ +static void parseOptions(int argc, char **argv) { +#ifndef USE_DPDK + char *__pcap_file = NULL; + int thread_id; +#ifdef __linux__ + u_int num_cores = sysconf(_SC_NPROCESSORS_ONLN); +#endif +#endif + +#ifdef USE_DPDK + { + int ret = rte_eal_init(argc, argv); + + if(ret < 0) + rte_exit(EXIT_FAILURE, "Error with EAL initialization\n"); + + argc -= ret, argv += ret; + } +#endif + + parse_parameters(argc, argv); if (serialization_fp == NULL && serialization_format != ndpi_serialization_format_unknown) { @@ -6634,6 +6700,9 @@ int main(int argc, char **argv) { ndpi_free(cfgs[i].value); } + for(i = 0; i < fargc; i++) + ndpi_free(fargv[i]); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../nDPI-custom/ndpiReader_term.c" #endif diff --git a/example/obfuscation.conf b/example/obfuscation.conf new file mode 100644 index 000000000..4d7d078fb --- /dev/null +++ b/example/obfuscation.conf @@ -0,0 +1,8 @@ +#Useful ndpiReader configuration to analyse VPN and/or obfuscated traffic + +#Generic limits +--cfg=packets_limit_per_flow,255 -U 0 -T 0 +#TLS heuristics +--cfg=tls,dpi.heuristics,0x07 --cfg=tls,dpi.heuristics.max_packets_extra_dissection,25 +#OpenVPN heuristic +--cfg=openvpn,dpi.heuristics,0x01 diff --git a/tests/cfgs/ndpireader_conf_file/config.txt b/tests/cfgs/ndpireader_conf_file/config.txt new file mode 100644 index 000000000..7d7530ddc --- /dev/null +++ b/tests/cfgs/ndpireader_conf_file/config.txt @@ -0,0 +1 @@ +--conf=../../../example/calls.conf --conf=../../../example/obfuscation.conf diff --git a/tests/cfgs/ndpireader_conf_file/pcap/openvpn_obfuscated.pcapng b/tests/cfgs/ndpireader_conf_file/pcap/openvpn_obfuscated.pcapng new file mode 120000 index 000000000..4e91a46c1 --- /dev/null +++ b/tests/cfgs/ndpireader_conf_file/pcap/openvpn_obfuscated.pcapng @@ -0,0 +1 @@ +../../default/pcap/openvpn_obfuscated.pcapng
\ No newline at end of file diff --git a/tests/cfgs/ndpireader_conf_file/pcap/signal_videocall.pcapng b/tests/cfgs/ndpireader_conf_file/pcap/signal_videocall.pcapng new file mode 120000 index 000000000..877fc5615 --- /dev/null +++ b/tests/cfgs/ndpireader_conf_file/pcap/signal_videocall.pcapng @@ -0,0 +1 @@ +../../default/pcap/signal_videocall.pcapng
\ No newline at end of file diff --git a/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out b/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out new file mode 100644 index 000000000..a8d908bef --- /dev/null +++ b/tests/cfgs/ndpireader_conf_file/result/openvpn_obfuscated.pcapng.out @@ -0,0 +1,33 @@ +DPI Packets (TCP): 59 (29.50 pkts/flow) +DPI Packets (UDP): 10 (10.00 pkts/flow) +Confidence DPI (aggressive) : 3 (flows) +Num dissector calls: 771 (257.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/9/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 0/3/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 4/2 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +TLS 60 17222 1 +OpenVPN 87 25469 1 +NordVPN 30 10598 1 + +Safe 60 17222 1 +Acceptable 117 36067 2 + + 1 TCP 107.161.86.131:443 <-> 192.168.12.156:48072 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 40][cat: VPN/2][40 pkts/9272 bytes <-> 47 pkts/16197 bytes][Goodput ratio: 70/81][3.15 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 212/303 66/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/345 1514/1090 370/406][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN / Expected on port 1194][PLAIN TEXT (MhLYoT)][Plen Bins: 35,3,3,15,1,1,0,0,1,3,5,1,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,18,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0] + 2 TCP 192.168.12.156:37976 <-> 185.128.25.99:465 [proto: 91/TLS][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 19][cat: Web/5][29 pkts/7410 bytes <-> 31 pkts/9812 bytes][Goodput ratio: 74/79][1.73 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/26 1019/153 204/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/317 1090/1514 256/424][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS traffic / Expected on port 443][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,14,30,14,2,0,2,5,0,5,5,2,0,0,2,0,0,0,0,0,2,0,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 3 UDP 192.168.12.156:47128 <-> 149.102.238.108:1214 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 10][cat: VPN/2][19 pkts/3629 bytes <-> 11 pkts/6969 bytes][Goodput ratio: 78/93][1.26 sec][bytes ratio: -0.315 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/132 1156/1023 278/337][Pkt Len c2s/s2c min/avg/max/stddev: 115/136 191/634 782/1158 153/438][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Obfuscated Traffic **][Risk Score: 160][Risk Info: Entropy: 6.051 (Executable?) / Obfuscated OpenVPN / Expected on port 1194][PLAIN TEXT (SFhAFI)][Plen Bins: 0,0,23,41,3,0,0,0,3,0,3,6,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out b/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out new file mode 100644 index 000000000..7926a6a3e --- /dev/null +++ b/tests/cfgs/ndpireader_conf_file/result/signal_videocall.pcapng.out @@ -0,0 +1,30 @@ +DPI Packets (UDP): 291 (97.00 pkts/flow) +Confidence DPI (cache) : 1 (flows) +Confidence DPI : 2 (flows) +Num dissector calls: 8 (2.67 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache stun: 11/10/2 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 6/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 3/3 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +SignalVoip 334 123259 3 + +Acceptable 334 123259 3 + + 1 UDP 192.168.12.67:47926 <-> 35.219.252.146:56377 [proto: 338.269/SRTP.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 255][cat: VoIP/10][167 pkts/87565 bytes <-> 131 pkts/31930 bytes][Goodput ratio: 92/83][10.75 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/82 2304/2449 291/279][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 524/244 1223/900 385/198][Mapped IP/Port: 93.35.168.30:45266, 35.219.252.146:56377][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (17uAgN)][Plen Bins: 3,28,9,7,0,0,0,0,16,8,1,0,0,1,1,0,1,1,0,1,0,0,0,0,7,3,0,1,0,0,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.12.67:47926 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 26][cat: VoIP/10][13 pkts/1258 bytes <-> 13 pkts/1454 bytes][Goodput ratio: 57/62][10.01 sec][Hostname/SNI: signal.org][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/6 804/804 4015/4015 1248/1248][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 97/112 162/126 43/14][Mapped IP/Port: 93.35.168.30:45265][Peer IP/Port: 35.219.252.146:56377, 35.219.252.146:34099, 35.219.252.146:37175][Relayed IP/Port: 35.219.252.146:40378][PLAIN TEXT (BFODsIPgWuCIX)][Plen Bins: 34,19,30,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.12.67:47926 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/4 2503/2503 9988/9988 4321/4321][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45265][Relayed IP/Port: 35.216.234.234:29688][PLAIN TEXT (42oPBlgi)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |