aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.seed36
-rw-r--r--example/ndpiReader.c63
-rw-r--r--example/reader_util.c39
-rw-r--r--example/reader_util.h4
-rw-r--r--fuzz/Makefile.am30
-rw-r--r--fuzz/fuzz_ndpi_reader.c74
-rw-r--r--src/include/ndpi_api.h.in7
-rw-r--r--src/include/ndpi_define.h.in2
-rw-r--r--src/include/ndpi_typedefs.h6
-rw-r--r--src/lib/Makefile.in2
-rw-r--r--src/lib/ndpi_analyze.c96
-rw-r--r--src/lib/ndpi_content_match.c.inc2
-rw-r--r--src/lib/ndpi_main.c95
-rw-r--r--src/lib/ndpi_utils.c5
-rw-r--r--src/lib/protocols/dhcp.c10
-rw-r--r--src/lib/protocols/dns.c19
-rw-r--r--src/lib/protocols/h323.c2
-rw-r--r--src/lib/protocols/http.c16
-rw-r--r--src/lib/protocols/tls.c19
-rw-r--r--src/lib/third_party/include/ndpi_patricia.h2
-rwxr-xr-xtests/do.sh61
-rw-r--r--tests/ossfuzz.sh32
-rw-r--r--tests/pcap/h323-overflow.pcapbin0 -> 98 bytes
-rw-r--r--tests/pcap/http-lines-split.pcapbin0 -> 2751 bytes
-rw-r--r--tests/pcap/ja3_lots_of_cipher_suites.pcapbin0 -> 5332 bytes
-rw-r--r--tests/pcap/ja3_lots_of_cipher_suites_2_anon.pcapbin0 -> 7422 bytes
-rw-r--r--tests/pcap/malformed_icmp.pcapbin0 -> 82 bytes
-rw-r--r--tests/pcap/tls-esni-fuzzed.pcapbin0 -> 2382 bytes
-rw-r--r--tests/result/dnp3.pcap.out5
-rw-r--r--tests/result/fuzz-2006-06-26-2594.pcap.out66
-rw-r--r--tests/result/h323-overflow.pcap.out3
-rw-r--r--tests/result/http-lines-split.pcap.out3
-rw-r--r--tests/result/ja3_lots_of_cipher_suites.pcap.out8
-rw-r--r--tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out8
-rw-r--r--tests/result/malformed_icmp.pcap.out3
-rw-r--r--tests/result/tls-esni-fuzzed.pcap.out10
-rwxr-xr-xwireshark/download-fuzz-traces.sh10
37 files changed, 559 insertions, 179 deletions
diff --git a/configure.seed b/configure.seed
index 6726a63c9..1a385f06d 100644
--- a/configure.seed
+++ b/configure.seed
@@ -4,19 +4,29 @@ AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE([foreign subdir-objects])
-AC_ARG_WITH(sanitizer, [ --with-sanitizer Build with support for address, undefined and leak sanitizer])
+AC_ARG_WITH(sanitizer, AS_HELP_STRING([--with-sanitizer], [Build with support for address, undefined and leak sanitizer]))
+AC_ARG_ENABLE(fuzztargets, AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no])
+AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"])
-AS_IF([test "${with_sanitizer+set}" = set],[
- CFLAGS="${CFLAGS} -g3 -O0 -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fno-sanitize=shift -fsanitize=leak -fno-omit-frame-pointer"
- LDFLAGS="${LDFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fno-sanitize=shift -fsanitize=leak"
+AS_IF([test "${with_sanitizer+set}" = set -o "x$enable_fuzztargets" = "xyes"],[
+ CFLAGS+="${CFLAGS} -g3 -O0 -Wno-unused-value -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak -fno-omit-frame-pointer"
+ LDFLAGS+="${LDFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak"
])
LT_INIT
-AC_PROG_CC
-AM_PROG_CC_C_O
-AC_PROG_CXX
-AC_PROG_CC_STDC
+SYSTEM=`uname -s`
+if test $SYSTEM = "Darwin"; then
+dnl> AC_PROG_CC(clang gcc)
+ AM_PROG_CC_C_O(clang gcc)
+ AC_PROG_CXX(clang++ g++)
+ AC_PROG_CC_STDC(clang gcc)
+else
+dnl> AC_PROG_CC
+ AM_PROG_CC_C_O
+ AC_PROG_CXX
+ AC_PROG_CC_STDC
+fi
AC_LANG_WERROR
AX_PTHREAD
@@ -34,7 +44,7 @@ if test -d ".git"; then :
GIT_DATE=`git log -1 --format=%cd`
#
# On CentOS 6 `git rev-list HEAD --count` does not work
- #
+ #
#
GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'`
GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}"
@@ -78,10 +88,6 @@ else
fi
MACHINE=`uname -m`
-SYSTEM=`uname -s`
-if test $SYSTEM = "Darwin"; then
- CC=clang
-fi
CUSTOM_NDPI=
@@ -121,10 +127,6 @@ AC_ARG_ENABLE([debug-messages],
AS_HELP_STRING([--enable-debug-messages], [Define NDPI_ENABLE_DEBUG_MESSAGES=1]), [
AC_DEFINE(NDPI_ENABLE_DEBUG_MESSAGES, 1, [Enable ndpi_debug_messages]) ])
-AC_ARG_ENABLE(fuzztargets,
- AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no])
-AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"])
-
@FUZZY@ AS_IF([test "x$enable_fuzztargets" = "xyes"], [
@FUZZY@ AC_PROG_CXX
@FUZZY@ AC_LANG_PUSH(C++)
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 4be142d28..a03c461be 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -848,9 +848,6 @@ static void parseOptions(int argc, char **argv) {
}
}
- if(_pcap_file[0] == NULL)
- help(0);
-
if(csv_fp)
printCSVHeader();
@@ -860,6 +857,9 @@ static void parseOptions(int argc, char **argv) {
extcap_capture();
}
+ if(_pcap_file[0] == NULL)
+ help(0);
+
if(strchr(_pcap_file[0], ',')) { /* multiple ingress interfaces */
num_threads = 0; /* setting number of threads = number of interfaces */
__pcap_file = strtok(_pcap_file[0], ",");
@@ -1828,13 +1828,13 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth,
/* update stats */
node_proto_guess_walker(node, which, depth, user_data);
+ if(verbose == 3)
+ port_stats_walker(node, which, depth, user_data);
if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) && !undetected_flows_deleted)
undetected_flows_deleted = 1;
- ndpi_free_flow_info_half(flow);
- ndpi_free_flow_data_analysis(flow);
- ndpi_free_flow_tls_data(flow);
+ ndpi_flow_info_free_data(flow);
ndpi_thread_info[thread_id].workflow->stats.ndpi_flow_count--;
/* adding to a queue (we can't delete it from the tree inline ) */
@@ -3094,6 +3094,10 @@ void test_lib() {
}
}
+#ifdef USE_DPDK
+ dpdk_port_deinit(dpdk_port_id);
+#endif
+
gettimeofday(&end, NULL);
processing_time_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec);
setup_time_usec = begin.tv_sec*1000000 + begin.tv_usec - (startup_time.tv_sec*1000000 + startup_time.tv_usec);
@@ -3111,6 +3115,31 @@ void test_lib() {
/* *********************************************** */
+static void binUnitTest() {
+ struct ndpi_bin b1, b2;
+ u_int8_t num_bins = 32;
+ u_int32_t i;
+ char out_buf[128];
+
+ srand(time(NULL));
+
+ ndpi_init_bin(&b1, ndpi_bin_family8, num_bins), ndpi_init_bin(&b2, ndpi_bin_family8, num_bins);
+
+ for(i=0; i<32; i++)
+ ndpi_inc_bin(&b1, rand() % num_bins), ndpi_inc_bin(&b2, rand() % num_bins);
+
+#if 0
+ printf("1) %s\n", ndpi_print_bin(&b1, 0, out_buf, sizeof(out_buf)));
+ printf("2) %s\n", ndpi_print_bin(&b2, 0, out_buf, sizeof(out_buf)));
+
+ printf("Similarity: %f\n\n", ndpi_bin_similarity(&b1, &b2, 1));
+#endif
+
+ ndpi_free_bin(&b1), ndpi_free_bin(&b2);
+}
+
+/* *********************************************** */
+
static void dgaUnitTest() {
const char *dga[] = {
"lbjamwptxz",
@@ -3474,6 +3503,25 @@ void bpf_filter_port_array_add(int filter_array[], int size, int port) {
/* *********************************************** */
+void analysisUnitTest() {
+ struct ndpi_analyze_struct *s = ndpi_alloc_data_analysis(32);
+ u_int32_t i;
+
+ for(i=0; i<256; i++)
+ ndpi_data_add_value(s, i);
+
+ if(0) {
+ ndpi_data_print_window_values(s);
+ printf("Average: [all: %f][window: %f]\n", ndpi_data_average(s), ndpi_data_window_average(s));
+ printf("Entropy: %f\n", ndpi_data_entropy(s));
+ printf("StdDev: %f\n", ndpi_data_stddev(s));
+ printf("Min/Max: %u/%u\n", ndpi_data_min(s), ndpi_data_max(s));
+ }
+
+ ndpi_free_data_analysis(s);
+}
+
+/* *********************************************** */
/**
@brief MAIN FUNCTION
@@ -3496,6 +3544,7 @@ int orginal_main(int argc, char **argv) {
if(ndpi_info_mod == NULL) return -1;
/* Internal checks */
+ binUnitTest();
dgaUnitTest();
hllUnitTest();
bitmapUnitTest();
@@ -3503,7 +3552,7 @@ int orginal_main(int argc, char **argv) {
serializerUnitTest();
analyzeUnitTest();
ndpi_self_check_host_match();
-
+ analysisUnitTest();
memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info));
parseOptions(argc, argv);
diff --git a/example/reader_util.c b/example/reader_util.c
index fa90b7000..43afcd402 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -454,23 +454,13 @@ struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * pref
void ndpi_flow_info_freer(void *node) {
struct ndpi_flow_info *flow = (struct ndpi_flow_info*)node;
- ndpi_free_flow_info_half(flow);
- ndpi_free_flow_data_analysis(flow);
- ndpi_free_flow_tls_data(flow);
-
-#ifdef DIRECTION_BINS
- ndpi_free_bin(&flow->payload_len_bin_src2dst);
- ndpi_free_bin(&flow->payload_len_bin_dst2src);
-#else
- ndpi_free_bin(&flow->payload_len_bin);
-#endif
-
+ ndpi_flow_info_free_data(flow);
ndpi_free(flow);
}
/* ***************************************************** */
-void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow) {
+static void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow) {
if(flow->ssh_tls.server_names) {
ndpi_free(flow->ssh_tls.server_names);
@@ -505,7 +495,7 @@ void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow) {
/* ***************************************************** */
-void ndpi_free_flow_data_analysis(struct ndpi_flow_info *flow) {
+static void ndpi_free_flow_data_analysis(struct ndpi_flow_info *flow) {
if(flow->iat_c_to_s) ndpi_free_data_analysis(flow->iat_c_to_s);
if(flow->iat_s_to_c) ndpi_free_data_analysis(flow->iat_s_to_c);
@@ -517,6 +507,22 @@ void ndpi_free_flow_data_analysis(struct ndpi_flow_info *flow) {
/* ***************************************************** */
+void ndpi_flow_info_free_data(struct ndpi_flow_info *flow) {
+
+ ndpi_free_flow_info_half(flow);
+ ndpi_free_flow_data_analysis(flow);
+ ndpi_free_flow_tls_data(flow);
+
+#ifdef DIRECTION_BINS
+ ndpi_free_bin(&flow->payload_len_bin_src2dst);
+ ndpi_free_bin(&flow->payload_len_bin_dst2src);
+#else
+ ndpi_free_bin(&flow->payload_len_bin);
+#endif
+}
+
+/* ***************************************************** */
+
void ndpi_workflow_free(struct ndpi_workflow * workflow) {
u_int i;
@@ -1708,7 +1714,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
workflow->stats.mpls_count++;
type = ETH_P_IP, ip_offset += 4;
- while(!mpls.mpls.s) {
+ while(!mpls.mpls.s && (((bpf_u_int32)ip_offset) + 4 < header->caplen)) {
mpls.u32 = *((uint32_t *) &packet[ip_offset]);
mpls.u32 = ntohl(mpls.u32);
ip_offset += 4;
@@ -2027,4 +2033,9 @@ int dpdk_port_init(int port, struct rte_mempool *mbuf_pool) {
return 0;
}
+int dpdk_port_deinit(int port) {
+ rte_eth_dev_stop(port);
+ rte_eth_dev_close(port);
+}
+
#endif
diff --git a/example/reader_util.h b/example/reader_util.h
index 8e99bdbbb..75d66bfd4 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -50,6 +50,7 @@
#define PREFETCH_OFFSET 3
extern int dpdk_port_init(int port, struct rte_mempool *mbuf_pool);
+extern int dpdk_port_deinit(int port);
#endif
/* ETTA Spec defiintions for feature readiness */
@@ -328,9 +329,8 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow *
int ndpi_workflow_node_cmp(const void *a, const void *b);
void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow);
u_int32_t ethernet_crc32(const void* data, size_t n_bytes);
+void ndpi_flow_info_free_data(struct ndpi_flow_info *flow);
void ndpi_flow_info_freer(void *node);
-void ndpi_free_flow_data_analysis(struct ndpi_flow_info *flow);
-void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow);
const char* print_cipher_id(u_int32_t cipher);
float ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], unsigned int num_bytes);
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index 9c028d690..959bedda8 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am
@@ -1,11 +1,12 @@
-bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader
+bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_with_main
fuzz_process_packet_SOURCES = fuzz_process_packet.c
-fuzz_process_packet_LDFLAGS = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
+fuzz_process_packet_CFLAGS =
+fuzz_process_packet_LDADD = ../src/lib/libndpi.a
+fuzz_process_packet_LDFLAGS = $(ADDITIONAL_LIBS)
if HAS_FUZZLDFLAGS
- fuzz_process_packet_LDFLAGS += $(LIB_FUZZING_ENGINE)
-#else
-# fuzz_process_packet_SOURCES += onefile.c
+fuzz_process_packet_CFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_process_packet_LDFLAGS += $(LIB_FUZZING_ENGINE)
endif
# force usage of CXX for linker
fuzz_process_packet_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
@@ -14,19 +15,28 @@ fuzz_process_packet_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
fuzz_ndpi_reader_SOURCES = fuzz_ndpi_reader.c
fuzz_ndpi_reader_CFLAGS = -I../example/
-fuzz_ndpi_reader_LDFLAGS = ../example/libndpiReader.a ../src/lib/libndpi.a $(PCAP_LIB) $(ADDITIONAL_LIBS)
+fuzz_ndpi_reader_LDADD = ../src/lib/libndpi.a
+fuzz_ndpi_reader_LDFLAGS = ../example/libndpiReader.a $(PCAP_LIB) $(ADDITIONAL_LIBS)
if HAS_FUZZLDFLAGS
- fuzz_ndpi_reader_LDFLAGS += $(LIB_FUZZING_ENGINE)
-#else
-# fuzz_ndpi_reader_SOURCES += onefile.c
+fuzz_ndpi_reader_CFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_ndpi_reader_LDFLAGS += $(LIB_FUZZING_ENGINE)
endif
# force usage of CXX for linker
fuzz_ndpi_reader_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
$(fuzz_ndpi_reader_LDFLAGS) $(LDFLAGS) -o $@
-EXTRA_fuzz_ndpi_reader_DEPENDENCIES = fuzz_ndpi_reader_seed_corpus.zip
+fuzz_ndpi_reader_with_main_SOURCES = fuzz_ndpi_reader.c
+fuzz_ndpi_reader_with_main_CFLAGS = -I../example/ -DBUILD_MAIN
+fuzz_ndpi_reader_with_main_LDADD = ../src/lib/libndpi.a
+fuzz_ndpi_reader_with_main_LDFLAGS = ../example/libndpiReader.a $(PCAP_LIB) $(ADDITIONAL_LIBS)
+# force usage of CXX for linker
+fuzz_ndpi_reader_with_main_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
+ $(fuzz_ndpi_reader_with_main_LDFLAGS) $(LDFLAGS) -o $@
+# required for Google oss-fuzz
+# see https://github.com/google/oss-fuzz/tree/master/projects/ndpi
testpcaps := $(wildcard ../tests/pcap/*.pcap)
fuzz_ndpi_reader_seed_corpus.zip: $(testpcaps)
diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
index 7de3d45f4..3d35cf89b 100644
--- a/fuzz/fuzz_ndpi_reader.c
+++ b/fuzz/fuzz_ndpi_reader.c
@@ -21,13 +21,13 @@ int bufferToFile(const char * name, const uint8_t *Data, size_t Size) {
FILE * fd;
if (remove(name) != 0) {
if (errno != ENOENT) {
- printf("failed remove, errno=%d\n", errno);
+ perror("remove failed");
return -1;
}
}
fd = fopen(name, "wb");
if (fd == NULL) {
- printf("failed open, errno=%d\n", errno);
+ perror("open failed");
return -2;
}
if (fwrite (Data, 1, Size, fd) != Size) {
@@ -45,6 +45,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int r;
char errbuf[PCAP_ERRBUF_SIZE];
NDPI_PROTOCOL_BITMASK all;
+ char * pcap_path = tempnam("/tmp", "fuzz-ndpi-reader");
if (prefs == NULL) {
prefs = calloc(sizeof(struct ndpi_workflow_prefs), 1);
@@ -57,10 +58,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
prefs->max_ndpi_flows = 1024;
prefs->quiet_mode = 0;
}
- bufferToFile("/tmp/fuzz.pcap", Data, Size);
+ bufferToFile(pcap_path, Data, Size);
- pkts = pcap_open_offline("/tmp/fuzz.pcap", errbuf);
+ pkts = pcap_open_offline(pcap_path, errbuf);
if (pkts == NULL) {
+ remove(pcap_path);
+ free(pcap_path);
return 0;
}
struct ndpi_workflow * workflow = ndpi_workflow_init(prefs, pkts);
@@ -87,5 +90,68 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
ndpi_workflow_free(workflow);
pcap_close(pkts);
+ remove(pcap_path);
+ free(pcap_path);
+
return 0;
}
+
+#ifdef BUILD_MAIN
+int main(int argc, char ** argv)
+{
+ FILE * pcap_file;
+ long pcap_file_size;
+ uint8_t * pcap_buffer;
+ int test_retval;
+
+ if (argc != 2) {
+ fprintf(stderr, "usage: %s: [pcap-file]\n",
+ (argc > 0 ? argv[0] : "fuzz_ndpi_reader_with_main"));
+ return 1;
+ }
+
+ pcap_file = fopen(argv[1], "r");
+ if (pcap_file == NULL) {
+ perror("fopen failed");
+ return 1;
+ }
+
+ if (fseek(pcap_file, 0, SEEK_END) != 0) {
+ perror("fseek(SEEK_END) failed");
+ fclose(pcap_file);
+ return 1;
+ }
+
+ pcap_file_size = ftell(pcap_file);
+ if (pcap_file_size < 0) {
+ perror("ftell failed");
+ fclose(pcap_file);
+ return 1;
+ }
+
+ if (fseek(pcap_file, 0, SEEK_SET) != 0) {
+ perror("fseek(0, SEEK_SET) failed");
+ fclose(pcap_file);
+ return 1;
+ }
+
+ pcap_buffer = malloc(pcap_file_size);
+ if (pcap_buffer == NULL) {
+ perror("malloc failed");
+ fclose(pcap_file);
+ return 1;
+ }
+
+ if (fread(pcap_buffer, sizeof(*pcap_buffer), pcap_file_size, pcap_file) != pcap_file_size) {
+ perror("fread failed");
+ fclose(pcap_file);
+ return 1;
+ }
+
+ test_retval = LLVMFuzzerTestOneInput(pcap_buffer, pcap_file_size);
+ fclose(pcap_file);
+ free(pcap_buffer);
+
+ return test_retval;
+}
+#endif
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in
index 248d18cee..865ddc8dd 100644
--- a/src/include/ndpi_api.h.in
+++ b/src/include/ndpi_api.h.in
@@ -923,8 +923,8 @@ extern "C" {
/* ptree (trie) API */
ndpi_ptree_t* ndpi_ptree_create(void);
- int ndpi_ptree_insert(ndpi_ptree_t *tree, const ndpi_ip_addr_t *addr, u_int8_t bits, uint user_data);
- int ndpi_ptree_match_addr(ndpi_ptree_t *tree, const ndpi_ip_addr_t *addr, uint *user_data);
+ int ndpi_ptree_insert(ndpi_ptree_t *tree, const ndpi_ip_addr_t *addr, u_int8_t bits, u_int32_t user_data);
+ int ndpi_ptree_match_addr(ndpi_ptree_t *tree, const ndpi_ip_addr_t *addr, u_int32_t *user_data);
void ndpi_ptree_destroy(ndpi_ptree_t *tree);
/* DGA */
@@ -1072,7 +1072,10 @@ extern "C" {
void ndpi_free_bin(struct ndpi_bin *b);
void ndpi_inc_bin(struct ndpi_bin *b, u_int8_t slot_id);
void ndpi_normalize_bin(struct ndpi_bin *b);
+ char* ndpi_print_bin(struct ndpi_bin *b, u_int8_t normalize_first, char *out_buf, u_int out_buf_len);
+ float ndpi_bin_similarity(struct ndpi_bin *b1, struct ndpi_bin *b2, u_int8_t normalize_first);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in
index df28c15f3..5add2e1c8 100644
--- a/src/include/ndpi_define.h.in
+++ b/src/include/ndpi_define.h.in
@@ -279,7 +279,7 @@
#define NDPI_SET_BIT(num, n) num |= 1UL << n
#define NDPI_CLR_BIT(num, n) num &= ~(1UL << n)
#define NDPI_CLR_BIT(num, n) num &= ~(1UL << n)
-#define NDPI_ISSET_BIT(num, n) (num & (1 << n))
+#define NDPI_ISSET_BIT(num, n) (num & (1UL << n))
#define NDPI_ZERO_BIT(num) num = 0
/* this is a very very tricky macro *g*,
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 3784f995a..99b91d4be 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -52,8 +52,9 @@ typedef enum {
/*
NOTE
- When the typedef below is modified don't forget
- to update ndpi_risk2str (in ndpi_utils.c)
+ When the typedef below is modified don't forget to update
+ - ndpi_risk2str (in ndpi_utils.c)
+ - https://github.com/ntop/ntopng/blob/dev/scripts/lua/modules/flow_risk_utils.lua
*/
typedef enum {
NDPI_NO_RISK = 0,
@@ -73,6 +74,7 @@ typedef enum {
NDPI_HTTP_SUSPICIOUS_HEADER,
NDPI_TLS_NOT_CARRYING_HTTPS,
NDPI_SUSPICIOUS_DGA_DOMAIN,
+ NDPI_MALFORMED_PACKET,
/* Leave this as last member */
NDPI_MAX_RISK
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
index f69c81946..874cee20c 100644
--- a/src/lib/Makefile.in
+++ b/src/lib/Makefile.in
@@ -54,7 +54,7 @@ $(NDPI_LIB_SHARED): $(OBJECTS)
$(CC) $(CFLAGS) -c $< -o $@ $(LDFLAGS)
clean:
- /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo $(NDPI_LIB_SHARED)
+ /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo libndpi.so*
distclean: clean
/bin/rm -f Makefile
diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c
index e1f37cc8d..4ca3ac25a 100644
--- a/src/lib/ndpi_analyze.c
+++ b/src/lib/ndpi_analyze.c
@@ -125,6 +125,12 @@ float ndpi_data_variance(struct ndpi_analyze_struct *s) {
/* ********************************************************************************* */
+/*
+ See the link below for "Population and sample standard deviation review"
+ https://www.khanacademy.org/math/statistics-probability/summarizing-quantitative-data/variance-standard-deviation-sample/a/population-and-sample-standard-deviation-review
+
+ In nDPI we use an approximate stddev calculation to avoid storing all data in memory
+*/
/* Compute the standard deviation on all values */
float ndpi_data_stddev(struct ndpi_analyze_struct *s) {
return(sqrt(ndpi_data_variance(s)));
@@ -260,6 +266,8 @@ int ndpi_init_bin(struct ndpi_bin *b, enum ndpi_bin_family f, u_int8_t num_bins)
return(0);
}
+/* ********************************************************************************* */
+
void ndpi_free_bin(struct ndpi_bin *b) {
switch(b->family) {
case ndpi_bin_family8:
@@ -274,6 +282,8 @@ void ndpi_free_bin(struct ndpi_bin *b) {
}
}
+/* ********************************************************************************* */
+
void ndpi_inc_bin(struct ndpi_bin *b, u_int8_t slot_id) {
if(slot_id >= b->num_bins) slot_id = 0;
@@ -292,6 +302,8 @@ void ndpi_inc_bin(struct ndpi_bin *b, u_int8_t slot_id) {
}
}
+/* ********************************************************************************* */
+
/*
Each bin slot is transformed in a % with respect to the value total
*/
@@ -316,3 +328,87 @@ void ndpi_normalize_bin(struct ndpi_bin *b) {
}
}
+/* ********************************************************************************* */
+
+char* ndpi_print_bin(struct ndpi_bin *b, u_int8_t normalize_first, char *out_buf, u_int out_buf_len) {
+ u_int8_t i;
+ u_int len = 0;
+
+ if(!out_buf) return(out_buf); else out_buf[0] = '\0';
+
+ if(normalize_first)
+ ndpi_normalize_bin(b);
+
+ switch(b->family) {
+ case ndpi_bin_family8:
+ for(i=0; i<b->num_bins; i++) {
+ int rc = snprintf(&out_buf[len], out_buf_len-len, "%s%u", (i > 0) ? "," : "", b->u.bins8[i]);
+
+ if(rc < 0) break;
+ len += rc;
+ }
+ break;
+
+ case ndpi_bin_family16:
+ for(i=0; i<b->num_bins; i++) {
+ int rc = snprintf(&out_buf[len], out_buf_len-len, "%s%u", (i > 0) ? "," : "", b->u.bins16[i]);
+
+ if(rc < 0) break;
+ len += rc;
+ }
+ break;
+
+ case ndpi_bin_family32:
+ for(i=0; i<b->num_bins; i++) {
+ int rc = snprintf(&out_buf[len], out_buf_len-len, "%s%u", (i > 0) ? "," : "", b->u.bins32[i]);
+
+ if(rc < 0) break;
+ len += rc;
+ }
+ break;
+ }
+
+ return(out_buf);
+}
+
+/* ********************************************************************************* */
+
+/*
+ Determines how similar are two bins
+
+ 0 = Very differet
+ ... (gray zone)
+ 1 = Alike
+
+ See https://en.wikipedia.org/wiki/Cosine_similarity for more details
+*/
+float ndpi_bin_similarity(struct ndpi_bin *b1, struct ndpi_bin *b2, u_int8_t normalize_first) {
+ u_int8_t i;
+ u_int32_t sumxx = 0, sumxy = 0, sumyy = 0;
+
+ if((b1->num_incs == 0) || (b2->num_incs == 0)
+ || (b1->family != b2->family) || (b1->num_bins != b2->num_bins))
+ return(0);
+
+ if(normalize_first)
+ ndpi_normalize_bin(b1), ndpi_normalize_bin(b2);
+
+ switch(b1->family) {
+ case ndpi_bin_family8:
+ for(i=0; i<b1->num_bins; i++)
+ sumxx += b1->u.bins8[i] * b1->u.bins8[i], sumyy += b2->u.bins8[i] * b2->u.bins8[i], sumxy += b1->u.bins8[i] * b2->u.bins8[i];
+ break;
+ case ndpi_bin_family16:
+ for(i=0; i<b1->num_bins; i++)
+ sumxx += b1->u.bins16[i] * b1->u.bins16[i], sumyy += b2->u.bins16[i] * b2->u.bins16[i], sumxy += b1->u.bins16[i] * b2->u.bins16[i];
+ break;
+ case ndpi_bin_family32:
+ for(i=0; i<b1->num_bins; i++)
+ sumxx += b1->u.bins32[i] * b1->u.bins32[i], sumyy += b2->u.bins32[i] * b2->u.bins32[i], sumxy += b1->u.bins32[i] * b2->u.bins32[i];
+ break;
+ }
+
+ return((float)sumxy / sqrt((float)(sumxx * sumyy)));
+}
+
+/* ********************************************************************************* */
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 82a77183a..4ad5c5598 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -909,7 +909,7 @@ static ndpi_network host_protocol_list[] = {
/* Teamviewer 159.122.189.32-63 */
- { 0x9F7ABD30 /* 159.122.189.32 */, 21, NDPI_PROTOCOL_TEAMVIEWER },
+ { 0x9F7ABD20 /* 159.122.189.32 */, 27, NDPI_PROTOCOL_TEAMVIEWER },
#if 0
/*
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index ec0ade60b..199c34a5b 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -275,7 +275,7 @@ u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *nd
if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS)
return(0);
- switch (protoId) {
+ switch(protoId) {
/* All dissectors that have calls to ndpi_match_host_subprotocol() */
case NDPI_PROTOCOL_DNS:
return(1);
@@ -578,7 +578,7 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp
for (i = 0; ndpi_en_popular_bigrams[i] != NULL; i++)
ndpi_string_to_automa(ndpi_str, &ndpi_str->bigrams_automa, (char *) ndpi_en_popular_bigrams[i], 1, 1, 1, 0);
#endif
-
+
for (i = 0; ndpi_en_impossible_bigrams[i] != NULL; i++)
ndpi_string_to_automa(ndpi_str, &ndpi_str->impossible_bigrams_automa, (char *) ndpi_en_impossible_bigrams[i], 1,
1, 1, 0);
@@ -588,7 +588,7 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp
int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_str, ndpi_detection_preference pref,
int value) {
- switch (pref) {
+ switch(pref) {
case ndpi_pref_direction_detect_disable:
ndpi_str->direction_detect_disable = (u_int8_t) value;
break;
@@ -2032,7 +2032,7 @@ void ndpi_finalize_initalization(struct ndpi_detection_module_struct *ndpi_str)
for (i = 0; i < 4; i++) {
ndpi_automa *automa;
- switch (i) {
+ switch(i) {
case 0:
automa = &ndpi_str->host_automa;
break;
@@ -2380,7 +2380,7 @@ static ndpi_default_ports_tree_node_t *ndpi_get_guessed_protocol_id(struct ndpi_
as they have been excluded
*/
u_int8_t is_udp_guessable_protocol(u_int16_t l7_guessed_proto) {
- switch (l7_guessed_proto) {
+ switch(l7_guessed_proto) {
case NDPI_PROTOCOL_QUIC:
case NDPI_PROTOCOL_SNMP:
case NDPI_PROTOCOL_NETFLOW:
@@ -2416,7 +2416,7 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
} else {
/* No TCP/UDP */
- switch (proto) {
+ switch(proto) {
case NDPI_IPSEC_PROTOCOL_ESP:
case NDPI_IPSEC_PROTOCOL_AH:
return(NDPI_PROTOCOL_IP_IPSEC);
@@ -2425,6 +2425,21 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
return(NDPI_PROTOCOL_IP_GRE);
break;
case NDPI_ICMP_PROTOCOL_TYPE:
+ if(flow) {
+ /* Run some basic consistency tests */
+
+ if(flow->packet.payload_packet_len < sizeof(struct ndpi_icmphdr))
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
+ else {
+ u_int8_t icmp_type = (u_int8_t)flow->packet.payload[0];
+ u_int8_t icmp_code = (u_int8_t)flow->packet.payload[1];
+
+ /* https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml */
+ if(((icmp_type >= 44) && (icmp_type <= 252))
+ || (icmp_code > 15))
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
+ }
+ }
return(NDPI_PROTOCOL_IP_ICMP);
break;
case NDPI_IGMP_PROTOCOL_TYPE:
@@ -2443,6 +2458,22 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
return(NDPI_PROTOCOL_IP_IP_IN_IP);
break;
case NDPI_ICMPV6_PROTOCOL_TYPE:
+ if(flow) {
+ /* Run some basic consistency tests */
+
+ if(flow->packet.payload_packet_len < sizeof(struct ndpi_icmphdr))
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
+ else {
+ u_int8_t icmp6_type = (u_int8_t)flow->packet.payload[0];
+ u_int8_t icmp6_code = (u_int8_t)flow->packet.payload[1];
+
+ /* https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_for_IPv6 */
+ if(((icmp6_type >= 5) && (icmp6_type <= 127))
+ || (icmp6_type >= 156)
+ || ((icmp6_code > 7) && (icmp6_type != 255)))
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
+ }
+ }
return(NDPI_PROTOCOL_IP_ICMPV6);
break;
case 112:
@@ -2491,7 +2522,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_str, char *rule,
at[0] = 0, proto = &at[1];
for (i = 0; proto[i] != '\0'; i++) {
- switch (proto[i]) {
+ switch(proto[i]) {
case '/':
case '&':
case '^':
@@ -3261,6 +3292,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
/* IEC 60870-5-104 */
init_104_dissector(ndpi_str, &a, detection_bitmask);
+ /* DNP3 */
+ init_dnp3_dissector(ndpi_str, &a, detection_bitmask);
+
/* WEBSOCKET */
init_websocket_dissector(ndpi_str, &a, detection_bitmask);
@@ -3625,6 +3659,10 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
flow->packet.udp = (struct ndpi_udphdr *) l4ptr;
flow->packet.payload_packet_len = flow->packet.l4_packet_len - 8;
flow->packet.payload = ((u_int8_t *) flow->packet.udp) + 8;
+ } else if((l4protocol == IPPROTO_ICMP && flow->packet.l4_packet_len >= sizeof(struct ndpi_icmphdr))
+ || (l4protocol == IPPROTO_ICMPV6 && flow->packet.l4_packet_len >= sizeof(struct ndpi_icmp6hdr))) {
+ flow->packet.payload = ((u_int8_t *) l4ptr);
+ flow->packet.payload_packet_len = flow->packet.l4_packet_len;
} else {
flow->packet.generic_l4_ptr = l4ptr;
}
@@ -4345,7 +4383,8 @@ static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet) {
packet->http_cookie.len = 0, packet->http_origin.len = 0, packet->http_origin.ptr = NULL,
packet->http_x_session_type.ptr = NULL, packet->http_x_session_type.len = 0, packet->server_line.ptr = NULL,
packet->server_line.len = 0, packet->http_method.ptr = NULL, packet->http_method.len = 0,
- packet->http_response.ptr = NULL, packet->http_response.len = 0, packet->http_num_headers = 0;
+ packet->http_response.ptr = NULL, packet->http_response.len = 0, packet->http_num_headers = 0,
+ packet->forwarded_line.ptr = NULL, packet->forwarded_line.len = 0;
}
/* ********************************************************************************* */
@@ -4382,13 +4421,13 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
Skype for a host doing MS Teams means MS Teams
(MS Teams uses Skype as transport protocol for voice/video)
*/
-
+
if(flow) {
/* Do not go for DNS when there is an application protocol. Example DNS.Apple */
if((flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN)
&& (flow->detected_protocol_stack[0] /* app */ != flow->detected_protocol_stack[1] /* major */))
NDPI_CLR_BIT(flow->risk, NDPI_SUSPICIOUS_DGA_DOMAIN);
- }
+ }
switch(ret->app_protocol) {
case NDPI_PROTOCOL_MSTEAMS:
@@ -5676,7 +5715,7 @@ char *ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_str,
/* ****************************************************** */
int ndpi_is_custom_category(ndpi_protocol_category_t category) {
- switch (category) {
+ switch(category) {
case NDPI_PROTOCOL_CATEGORY_CUSTOM_1:
case NDPI_PROTOCOL_CATEGORY_CUSTOM_2:
case NDPI_PROTOCOL_CATEGORY_CUSTOM_3:
@@ -5699,7 +5738,7 @@ void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_str,
if(!name)
return;
- switch (category) {
+ switch(category) {
case NDPI_PROTOCOL_CATEGORY_CUSTOM_1:
snprintf(ndpi_str->custom_category_labels[0], CUSTOM_CATEGORY_LABEL_LEN, "%s", name);
break;
@@ -5740,7 +5779,7 @@ const char *ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_str
}
if((category >= NDPI_PROTOCOL_CATEGORY_CUSTOM_1) && (category <= NDPI_PROTOCOL_CATEGORY_CUSTOM_5)) {
- switch (category) {
+ switch(category) {
case NDPI_PROTOCOL_CATEGORY_CUSTOM_1:
return(ndpi_str->custom_category_labels[0]);
case NDPI_PROTOCOL_CATEGORY_CUSTOM_2:
@@ -5806,7 +5845,7 @@ ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *
char *ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_str,
ndpi_protocol_breed_t breed_id) {
- switch (breed_id) {
+ switch(breed_id) {
case NDPI_PROTOCOL_SAFE:
return("Safe");
break;
@@ -5974,7 +6013,7 @@ static u_int8_t ndpi_is_more_generic_protocol(u_int16_t previous_proto, u_int16_
if((previous_proto == NDPI_PROTOCOL_UNKNOWN) || (previous_proto == new_proto))
return(0);
- switch (previous_proto) {
+ switch(previous_proto) {
case NDPI_PROTOCOL_WHATSAPP_CALL:
case NDPI_PROTOCOL_WHATSAPP_FILES:
if(new_proto == NDPI_PROTOCOL_WHATSAPP)
@@ -6324,7 +6363,7 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp
proto);
#endif
- switch (proto) {
+ switch(proto) {
case NDPI_PROTOCOL_TLS:
if(!flow->l4.tcp.tls.certificate_processed)
return(1); /* TODO: add check for TLS 1.3 */
@@ -6365,7 +6404,7 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp
/* ******************************************************************** */
const char *ndpi_get_l4_proto_name(ndpi_l4_proto_info proto) {
- switch (proto) {
+ switch(proto) {
case ndpi_l4_proto_unknown:
return("");
break;
@@ -6529,7 +6568,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
int len, rc = 0;
len = strlen(name);
-
+
if(len >= 5) {
int i, j, num_found = 0, num_impossible = 0, num_bigram_checks = 0, num_digits = 0, num_vowels = 0, num_words = 0;
char tmp[128], *word, *tok_tmp;
@@ -6548,29 +6587,29 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
if(!word) break;
num_words++;
-
+
if(strlen(word) < 3) continue;
#ifdef DGA_DEBUG
printf("-> %s [%s][len: %u]\n", word, name, (unsigned int)strlen(word));
#endif
-
+
for(i = 0; word[i+1] != '\0'; i++) {
if(isdigit(word[i])) {
num_digits++;
-
+
// if(!isdigit(word[i+1])) num_impossible++;
-
- continue;
+
+ continue;
}
-
+
switch(word[i]) {
case '_':
case '-':
case ':':
continue;
break;
-
+
case '.':
continue;
break;
@@ -6585,13 +6624,13 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
num_vowels++;
break;
}
-
+
if(isdigit(word[i+1])) {
num_digits++;
// num_impossible++;
continue;
}
-
+
num_bigram_checks++;
if(ndpi_match_bigram(ndpi_str, &ndpi_str->bigrams_automa, &word[i])) {
@@ -6613,7 +6652,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
printf("[num_found: %u][num_impossible: %u][num_digits: %u][num_bigram_checks: %u][num_vowels: %u/%u]\n",
num_found, num_impossible, num_digits, num_bigram_checks, num_vowels, j-num_vowels);
#endif
-
+
if(num_bigram_checks
&& ((num_found == 0) || ((num_digits > 5) && (num_words <= 3)) || enough(num_found, num_impossible)))
rc = 1;
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 335b9dd87..708ac38a0 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1500,7 +1500,10 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
case NDPI_SUSPICIOUS_DGA_DOMAIN:
return("Suspicious DGA domain name");
-
+
+ case NDPI_MALFORMED_PACKET:
+ return("Malformed packet");
+
default:
snprintf(buf, sizeof(buf), "%d", (int)risk);
return(buf);
diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c
index f40a8138c..5bf2a122c 100644
--- a/src/lib/protocols/dhcp.c
+++ b/src/lib/protocols/dhcp.c
@@ -89,8 +89,10 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
u_int8_t len = ndpi_min(dhcp->options[i+1] /* len as found in the packet */,
dhcp_options_size - (i+2) /* 1 for the type and 1 for the value */);
- if(len == 0) break;
-
+ if(len == 0)
+ break;
+
+
#ifdef DHCP_DEBUG
NDPI_LOG_DBG2(ndpi_struct, "[DHCP] Id=%d [len=%d]\n", id, len);
#endif
@@ -150,8 +152,8 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
}
-void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
-{
+void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+ u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) {
ndpi_set_bitmask_protocol_detection("DHCP", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_DHCP,
ndpi_search_dhcp_udp,
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 897fb1e4b..5e6d01d69 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -104,9 +104,11 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
/* 0x8000 RESPONSE */
else if((dns_header->flags & FLAGS_MASK) == 0x8000)
*is_query = 0;
- else
+ else {
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
return(1 /* invalid */);
-
+ }
+
if(*is_query) {
/* DNS Request */
if((dns_header->num_queries > 0) && (dns_header->num_queries <= NDPI_MAX_DNS_REQUESTS)
@@ -125,16 +127,18 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
} else
x++;
}
- } else
+ } else {
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
return(1 /* invalid */);
+ }
} else {
/* DNS Reply */
flow->protos.dns.reply_code = dns_header->flags & 0x0F;
if((dns_header->num_queries > 0) && (dns_header->num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */
- && (((dns_header->num_answers > 0) && (dns_header->num_answers <= NDPI_MAX_DNS_REQUESTS))
- || ((dns_header->authority_rrs > 0) && (dns_header->authority_rrs <= NDPI_MAX_DNS_REQUESTS))
- || ((dns_header->additional_rrs > 0) && (dns_header->additional_rrs <= NDPI_MAX_DNS_REQUESTS)))
+ && ((((dns_header->num_answers > 0) && (dns_header->num_answers <= NDPI_MAX_DNS_REQUESTS))
+ || ((dns_header->authority_rrs > 0) && (dns_header->authority_rrs <= NDPI_MAX_DNS_REQUESTS))
+ || ((dns_header->additional_rrs > 0) && (dns_header->additional_rrs <= NDPI_MAX_DNS_REQUESTS))))
) {
/* This is a good reply: we dissect it both for request and response */
@@ -213,8 +217,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
(s_port == 5355) ? NDPI_PROTOCOL_LLMNR : NDPI_PROTOCOL_DNS,
NDPI_PROTOCOL_UNKNOWN);
}
- } else
- return(1 /* invalid */);
+ }
}
/* Valid */
diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c
index 13ec9d364..1d70a8cec 100644
--- a/src/lib/protocols/h323.c
+++ b/src/lib/protocols/h323.c
@@ -33,7 +33,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n
NDPI_LOG_DBG2(ndpi_struct, "calculated dport over tcp\n");
/* H323 */
- if(packet->payload_packet_len >= 4
+ if(packet->payload_packet_len > 4
&& (packet->payload[0] == 0x03)
&& (packet->payload[1] == 0x00)) {
struct tpkt *t = (struct tpkt*)packet->payload;
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 1d5e88365..8f74d22ad 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -604,7 +604,9 @@ static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *nd
packet->payload_packet_len);
/* Check first char */
- if(!packet->payload_packet_len || !strchr(http_fs,packet->payload[0])) return 0;
+ if(!packet->payload_packet_len || !strchr(http_fs,packet->payload[0]))
+ return 0;
+
/**
FIRST PAYLOAD PACKET FROM CLIENT
**/
@@ -813,6 +815,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
return;
}
+ /* try to get some additional request header info even if the packet may not be HTTP */
+ ndpi_parse_packet_line_info(ndpi_struct, flow);
+ if (packet->http_num_headers > 0) {
+ check_content_type_and_change_protocol(ndpi_struct, flow);
+ return;
+ }
+
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
http_bitmask_exclude_other(flow);
return;
@@ -1021,9 +1030,10 @@ static void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struc
ndpi_http_method ndpi_get_http_method(struct ndpi_detection_module_struct *ndpi_mod,
struct ndpi_flow_struct *flow) {
- if(!flow)
+ if(!flow) {
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
return(NDPI_HTTP_METHOD_UNKNOWN);
- else
+ } else
return(flow->http.method);
}
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index b2cf1f23c..830232554 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -508,14 +508,18 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
packet->payload[3], packet->payload[4], packet->payload[5]);
#endif
- if((packet->payload_packet_len != (length + 4)) || (packet->payload[1] != 0x0))
+ if((packet->payload_packet_len != (length + 4)) || (packet->payload[1] != 0x0)) {
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
return(-1); /* Invalid length */
-
+ }
+
certificates_length = (packet->payload[4] << 16) + (packet->payload[5] << 8) + packet->payload[6];
- if((packet->payload[4] != 0x0) || ((certificates_length+3) != length))
+ if((packet->payload[4] != 0x0) || ((certificates_length+3) != length)) {
+ NDPI_SET_BIT(flow->risk, NDPI_MALFORMED_PACKET);
return(-2); /* Invalid length */
-
+ }
+
if(!flow->l4.tcp.tls.srv_cert_fingerprint_ctx) {
if((flow->l4.tcp.tls.srv_cert_fingerprint_ctx = (void*)ndpi_malloc(sizeof(SHA1_CTX))) == NULL)
return(-3); /* Not enough memory */
@@ -814,14 +818,14 @@ static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndp
/* https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967 */
#define JA3_STR_LEN 1024
-#define MAX_NUM_JA3 128
+#define MAX_NUM_JA3 512
struct ja3_info {
u_int16_t tls_handshake_version;
u_int16_t num_cipher, cipher[MAX_NUM_JA3];
u_int16_t num_tls_extension, tls_extension[MAX_NUM_JA3];
u_int16_t num_elliptic_curve, elliptic_curve[MAX_NUM_JA3];
- u_int8_t num_elliptic_curve_point_format, elliptic_curve_point_format[MAX_NUM_JA3];
+ u_int16_t num_elliptic_curve_point_format, elliptic_curve_point_format[MAX_NUM_JA3];
};
/* **************************************** */
@@ -1294,7 +1298,8 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
e_sni_len = ntohs(*((u_int16_t*)&packet->payload[e_offset]));
e_offset += 2;
- if((e_offset+e_sni_len-extension_len-initial_offset) >= 0) {
+ if((e_offset+e_sni_len-extension_len-initial_offset) >= 0 &&
+ e_offset+e_sni_len < packet->payload_packet_len) {
#ifdef DEBUG_ENCRYPTED_SNI
printf("Client SSL [Encrypted Server Name len: %u]\n", e_sni_len);
#endif
diff --git a/src/lib/third_party/include/ndpi_patricia.h b/src/lib/third_party/include/ndpi_patricia.h
index 6823c3112..b53253d95 100644
--- a/src/lib/third_party/include/ndpi_patricia.h
+++ b/src/lib/third_party/include/ndpi_patricia.h
@@ -107,7 +107,7 @@ union patricia_node_value_t {
/* User-defined values */
struct {
- u_int16_t user_value, additional_user_value;
+ u_int32_t user_value, additional_user_value;
} uv;
};
diff --git a/tests/do.sh b/tests/do.sh
index 63ef0c8bc..13014a7aa 100755
--- a/tests/do.sh
+++ b/tests/do.sh
@@ -7,42 +7,45 @@ READER="../example/ndpiReader -p ../example/protos.txt -c ../example/categories.
RC=0
PCAPS=`cd pcap; /bin/ls *.pcap`
-build_results() {
- for f in $PCAPS; do
- #echo $f
- # create result files if not present
- if [ ! -f result/$f.out ]; then
- CMD="$READER -q -t -i pcap/$f -w result/$f.out -v 2"
- $CMD
- fi
- # test fuzz target built with sanitizer on input from corpus
+fuzzy_testing() {
if [ -f ../fuzz/fuzz_ndpi_reader ]; then
- ../fuzz/fuzz_ndpi_reader pcap/$f
+ ../fuzz/fuzz_ndpi_reader -max_total_time="${MAX_TOTAL_TIME:-592}" -print_pcs=1 -workers="${FUZZY_WORKERS:-0}" -jobs="${FUZZY_JOBS:-0}" pcap/
fi
- done
+}
+
+build_results() {
+ for f in $PCAPS; do
+ #echo $f
+ # create result files if not present
+ if [ ! -f result/$f.out ]; then
+ CMD="$READER -q -t -i pcap/$f -w result/$f.out -v 2"
+ $CMD
+ fi
+ done
}
check_results() {
- for f in $PCAPS; do
- if [ -f result/$f.out ]; then
- CMD="$READER -q -t -i pcap/$f -w /tmp/reader.out -v 2"
- $CMD
- NUM_DIFF=`diff result/$f.out /tmp/reader.out | wc -l`
-
- if [ $NUM_DIFF -eq 0 ]; then
- printf "%-32s\tOK\n" "$f"
- else
- printf "%-32s\tERROR\n" "$f"
- echo "$CMD"
- diff result/$f.out /tmp/reader.out
- RC=1
- fi
-
- /bin/rm /tmp/reader.out
- fi
- done
+ for f in $PCAPS; do
+ if [ -f result/$f.out ]; then
+ CMD="$READER -q -t -i pcap/$f -w /tmp/reader.out -v 2"
+ $CMD
+ NUM_DIFF=`diff result/$f.out /tmp/reader.out | wc -l`
+
+ if [ $NUM_DIFF -eq 0 ]; then
+ printf "%-32s\tOK\n" "$f"
+ else
+ printf "%-32s\tERROR\n" "$f"
+ echo "$CMD"
+ diff result/$f.out /tmp/reader.out
+ RC=1
+ fi
+
+ /bin/rm /tmp/reader.out
+ fi
+ done
}
+fuzzy_testing
build_results
check_results
diff --git a/tests/ossfuzz.sh b/tests/ossfuzz.sh
new file mode 100644
index 000000000..14741fd92
--- /dev/null
+++ b/tests/ossfuzz.sh
@@ -0,0 +1,32 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+# build libpcap
+tar -xvzf libpcap-1.9.1.tar.gz
+cd libpcap-1.9.1
+./configure --disable-shared
+make -j"$(nproc)"
+make install
+cd ..
+# build project
+cd ndpi
+sh autogen.sh
+./configure --enable-fuzztargets
+make
+make -C fuzz fuzz_ndpi_reader_seed_corpus.zip
+# copy fuzz executables to output directory
+cp -v fuzz/fuzz_ndpi_reader "$OUT/"
+cp -v fuzz/fuzz_process_packet "$OUT/"
diff --git a/tests/pcap/h323-overflow.pcap b/tests/pcap/h323-overflow.pcap
new file mode 100644
index 000000000..f6af70ecc
--- /dev/null
+++ b/tests/pcap/h323-overflow.pcap
Binary files differ
diff --git a/tests/pcap/http-lines-split.pcap b/tests/pcap/http-lines-split.pcap
new file mode 100644
index 000000000..01570c76c
--- /dev/null
+++ b/tests/pcap/http-lines-split.pcap
Binary files differ
diff --git a/tests/pcap/ja3_lots_of_cipher_suites.pcap b/tests/pcap/ja3_lots_of_cipher_suites.pcap
new file mode 100644
index 000000000..86fc74712
--- /dev/null
+++ b/tests/pcap/ja3_lots_of_cipher_suites.pcap
Binary files differ
diff --git a/tests/pcap/ja3_lots_of_cipher_suites_2_anon.pcap b/tests/pcap/ja3_lots_of_cipher_suites_2_anon.pcap
new file mode 100644
index 000000000..7286f3a73
--- /dev/null
+++ b/tests/pcap/ja3_lots_of_cipher_suites_2_anon.pcap
Binary files differ
diff --git a/tests/pcap/malformed_icmp.pcap b/tests/pcap/malformed_icmp.pcap
new file mode 100644
index 000000000..da000581b
--- /dev/null
+++ b/tests/pcap/malformed_icmp.pcap
Binary files differ
diff --git a/tests/pcap/tls-esni-fuzzed.pcap b/tests/pcap/tls-esni-fuzzed.pcap
new file mode 100644
index 000000000..ec8de8aba
--- /dev/null
+++ b/tests/pcap/tls-esni-fuzzed.pcap
Binary files differ
diff --git a/tests/result/dnp3.pcap.out b/tests/result/dnp3.pcap.out
index 4c9319e5d..5d80040a7 100644
--- a/tests/result/dnp3.pcap.out
+++ b/tests/result/dnp3.pcap.out
@@ -1,8 +1,7 @@
-SOCKS 135 9351 1
-DNP3 408 29403 7
+DNP3 543 38754 8
1 TCP 10.0.0.8:2828 <-> 10.0.0.3:20000 [proto: 244/DNP3][cat: Network/14][60 pkts/4041 bytes <-> 78 pkts/7164 bytes][Goodput ratio: 17/38][121.83 sec][bytes ratio: -0.279 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 421/302 13044/8439 1926/1115][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 67/92 79/145 5/37][Plen Bins: 64,3,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 10.0.0.9:1080 <-> 10.0.0.3:20000 [proto: 172/SOCKS][cat: Web/5][72 pkts/4659 bytes <-> 63 pkts/4692 bytes][Goodput ratio: 10/27][384.60 sec][bytes ratio: -0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4732/3049 75028/40127 13787/9968][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 65/74 81/147 7/16][Plen Bins: 96,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 10.0.0.9:1080 <-> 10.0.0.3:20000 [proto: 244/DNP3][cat: Network/14][72 pkts/4659 bytes <-> 63 pkts/4692 bytes][Goodput ratio: 10/27][384.60 sec][bytes ratio: -0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4732/3049 75028/40127 13787/9968][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 65/74 81/147 7/16][Plen Bins: 96,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 10.0.0.8:1086 <-> 10.0.0.3:20000 [proto: 244/DNP3][cat: Network/14][57 pkts/3891 bytes <-> 36 pkts/2760 bytes][Goodput ratio: 17/28][70.37 sec][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1467/2686 45001/45233 7093/9611][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 68/77 81/147 8/22][Plen Bins: 95,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 10.0.0.8:2789 <-> 10.0.0.3:20000 [proto: 244/DNP3][cat: Network/14][24 pkts/1584 bytes <-> 15 pkts/1005 bytes][Goodput ratio: 12/15][123.54 sec][bytes ratio: 0.224 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 162/2 2891/21 628/7][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 66/67 79/71 8/5][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 10.0.0.8:2803 <-> 10.0.0.3:20000 [proto: 244/DNP3][cat: Network/14][21 pkts/1374 bytes <-> 18 pkts/1119 bytes][Goodput ratio: 10/5][25.63 sec][bytes ratio: 0.102 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1205/2488 17203/17487 4073/5519][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 65/62 78/71 8/4][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out
index b379da511..80f7a1f34 100644
--- a/tests/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/result/fuzz-2006-06-26-2594.pcap.out
@@ -23,7 +23,7 @@ SIP 85 39540 15
13 UDP 192.168.1.52:5060 -> 212.242.33.35:5060 [proto: 100/SIP][cat: VoIP/10][1 pkts/509 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 192.168.1.2:5060 -> 212.234.33.35:5060 [proto: 100/SIP][cat: VoIP/10][1 pkts/506 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 UDP 192.168.1.2:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][cat: System/18][2 pkts/486 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][718.24 sec][Host: d002465][PLAIN TEXT ( EEDADADCDEDGDFC)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 UDP 192.168.1.2:2740 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cyberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 UDP 192.168.1.2:2740 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed packet **][PLAIN TEXT (cyberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 UDP 192.168.1.2:2744 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 UDP 192.168.1.2:2748 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
19 UDP 192.168.1.2:2756 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -40,9 +40,9 @@ SIP 85 39540 15
30 UDP 208.242.33.35:5060 -> 192.168.1.2:5060 [proto: 100/SIP][cat: VoIP/10][1 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (SIP/2.0 100 Trying)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
31 UDP 192.168.1.2:2734 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 UDP 192.168.1.2:2742 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 33 UDP 192.168.1.2:2750 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.vo_s][::][PLAIN TEXT (brujula)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 34 UDP 192.168.1.2:2764 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.s_p.cibercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 35 UDP 192.168.1.2:2772 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 33 UDP 192.168.1.2:2750 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.vo_s][::][Risk: ** Malformed packet **][PLAIN TEXT (brujula)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 34 UDP 192.168.1.2:2764 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 35 UDP 192.168.1.2:2772 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
36 UDP 192.168.1.2:2774 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (sipicybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
37 UDP 192.168.1.2:2776 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
38 UDP 192.168.1.2:2787 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -51,20 +51,20 @@ SIP 85 39540 15
41 UDP 192.168.1.2:2812 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cyaercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.2:2816 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.24 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 UDP 192.168.1.2:2823 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/344 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.00 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 44 UDP 192.168.1.2:2722 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/340 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][16.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 44 UDP 192.168.1.2:2722 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][4 pkts/340 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][16.01 sec][Host: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 UDP 192.168.1.2:2793 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/169 bytes][Goodput ratio: 44/75][3.35 sec][Host: reg.sippstar.com][82.98.209.39][PLAIN TEXT (sippstar)][Plen Bins: 0,66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
46 UDP 192.168.1.2:2794 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/128 bytes][Goodput ratio: 44/67][4.28 sec][Host: sip.cybercity.dk][212.242.33.35][PLAIN TEXT (cybercity)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 UDP 192.168.1.2:2715 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][5.00 sec][Host: _sip._udp.sip.cyber_ity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 48 UDP 192.168.1.2:2724 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 49 UDP 192.168.1.2:2736 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 48 UDP 192.168.1.2:2724 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 49 UDP 192.168.1.2:2736 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
50 UDP 192.168.1.2:2738 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
51 UDP 192.168.1.2:2746 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.voip.brujula.net][::][PLAIN TEXT (brujula)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 UDP 192.168.1.2:2752 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][5.00 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 UDP 192.168.1.2:2754 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][8.26 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
54 UDP 192.168.1.2:2760 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][6.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 55 UDP 192.168.1.2:2762 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.00 sec][Host: _sip._udp.sip.cybercity.sk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 56 UDP 192.168.1.2:2783 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 57 UDP 192.168.1.2:2796 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.20 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 55 UDP 192.168.1.2:2762 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.00 sec][Host: _sip._udp.sip.cybercity.sk][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 56 UDP 192.168.1.2:2783 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 57 UDP 192.168.1.2:2796 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.20 sec][Host: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
58 UDP 192.168.1.2:2800 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.06 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
59 UDP 192.168.1.2:2802 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
60 UDP 192.168.1.2:2810 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][3 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][4.01 sec][Host: _sip._udp.sip.nybercity.dk][::][PLAIN TEXT (Mybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -83,13 +83,13 @@ SIP 85 39540 15
73 UDP 192.168.1.2:2739 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
74 UDP 192.168.1.2:2743 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
75 UDP 192.168.1.2:2753 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Host: 1.0.0.527.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 76 UDP 192.168.1.2:2755 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 76 UDP 192.168.1.2:2755 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
77 UDP 192.168.1.2:2757 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
78 UDP 192.168.1.2:2761 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 11/59][0.00 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
79 UDP 192.168.1.2:2763 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
80 UDP 192.168.1.2:2767 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
81 UDP 192.168.1.2:2775 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 82 UDP 192.168.1.2:2797 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 82 UDP 192.168.1.2:2797 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
83 UDP 192.168.1.2:2801 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
84 UDP 192.168.1.2:2803 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
85 UDP 192.168.1.2:2809 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/105 bytes][Goodput ratio: 48/59][0.00 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -100,9 +100,9 @@ SIP 85 39540 15
90 UDP 192.168.1.2:2713 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
91 UDP 192.168.1.2:2732 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][4.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
92 UDP 192.168.1.2:2758 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][4.01 sec][Host: _sip._udp.sip.gybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 93 UDP 192.168.1.2:2766 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][2.00 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 94 UDP 192.168.1.2:2768 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 95 UDP 192.168.1.2:2770 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][4.01 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 93 UDP 192.168.1.2:2766 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][2.00 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 94 UDP 192.168.1.2:2768 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Host: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 95 UDP 192.168.1.2:2770 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][4.01 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
96 UDP 192.168.1.2:2785 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][276.51 sec][Host: _sip._udp.sip.cybevcity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
97 UDP 192.168.1.2:2808 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][2.00 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
98 UDP 192.168.1.2:2827 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][2.00 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cyberciMy)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -124,7 +124,7 @@ SIP 85 39540 15
114 UDP 192.168.1.1:53 -> 192.168.1.2:2807 [proto: 5/DNS][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
115 UDP 192.168.1.1:53 -> 192.168.5.2:2784 [proto: 5/DNS][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Host: 1.0.0.127.in-addr.aspa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
116 UDP 192.168.1.1:53 -> 192.168.119.2:2799 [proto: 5/DNS][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 117 UDP 192.168.1.1:53 -> 240.168.1.2:2792 [proto: 5/DNS][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 117 UDP 192.168.1.1:53 -> 240.168.1.2:2792 [proto: 5/DNS][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Host: 1.0.0.127.in-a_dr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
118 UDP 192.168.130.1:53 -> 192.168.1.2:2741 [proto: 5/DNS][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
119 UDP 192.168.233.1:53 -> 192.168.1.2:2811 [proto: 5/DNS][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
120 UDP 253.168.1.1:53 -> 192.168.1.2:2735 [proto: 5/DNS][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -153,9 +153,9 @@ SIP 85 39540 15
143 UDP 0.168.1.2:2783 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
144 UDP 14.168.1.2:2754 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
145 UDP 116.168.1.2:2829 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 146 UDP 128.168.1.2:2810 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cybescity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 147 UDP 172.168.1.2:2734 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 148 UDP 192.22.1.2:2760 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 146 UDP 128.168.1.2:2810 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybescity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 147 UDP 172.168.1.2:2734 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 148 UDP 192.22.1.2:2760 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
149 UDP 192.98.1.2:2752 -> 25.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
150 UDP 192.168.1.2:202 -> 192.168.37.115:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
151 UDP 192.168.1.2:2568 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -165,27 +165,27 @@ SIP 85 39540 15
155 UDP 192.168.1.2:2724 -> 192.168.17.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _zip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
156 UDP 192.168.1.2:2736 -> 192.168.1.17:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
157 UDP 192.168.1.2:2738 -> 192.168.84.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercitu.dk][::][PLAIN TEXT (cybercitu)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 158 UDP 192.168.1.2:2752 -> 102.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 158 UDP 192.168.1.2:2752 -> 102.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
159 UDP 192.168.1.2:2772 -> 192.184.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
160 UDP 192.168.1.2:2787 -> 192.168.3.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
161 UDP 192.168.1.2:2791 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
162 UDP 192.168.1.2:2791 -> 192.168.67.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (yberci)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 163 UDP 192.168.1.2:2796 -> 192.168.1.129:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 163 UDP 192.168.1.2:2796 -> 192.168.1.129:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
164 UDP 192.168.1.2:2827 -> 192.168.1.114:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
165 UDP 192.168.1.2:2827 -> 192.170.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cyberc_ty.dk][::][PLAIN TEXT (cyberc)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
166 UDP 192.168.1.2:2832 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
167 UDP 192.168.1.2:10942 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.voip.brujula.net][::][PLAIN TEXT (brujula)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
168 UDP 192.168.1.2:14798 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 169 UDP 192.168.1.2:18162 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cyhercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 169 UDP 192.168.1.2:18162 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cyhercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
170 UDP 192.168.1.2:19192 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
171 UDP 192.168.1.2:29688 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cyberciby.dk][::][PLAIN TEXT (cyberciby)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 172 UDP 192.168.1.2:35536 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 173 UDP 192.168.1.34:2746 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 172 UDP 192.168.1.2:35536 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 173 UDP 192.168.1.34:2746 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
174 UDP 192.168.1.53:2791 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
175 UDP 192.168.1.110:2713 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
176 UDP 192.168.1.172:2766 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 177 UDP 192.168.9.2:2774 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 178 UDP 192.168.37.115:2758 -> 128.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 177 UDP 192.168.9.2:2774 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 178 UDP 192.168.37.115:2758 -> 128.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][Risk: ** Malformed packet **][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
179 UDP 192.168.54.2:2829 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cibercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
180 UDP 192.168.79.2:2791 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: _sip._udp.sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
181 UDP 192.170.1.2:2810 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -194,32 +194,32 @@ SIP 85 39540 15
184 UDP 192.168.1.2:2733 -> 192.168.115.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-addr.arqa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
185 UDP 192.168.1.2:2741 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
186 UDP 192.168.1.2:2747 -> 67.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 187 UDP 192.168.1.2:2749 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 187 UDP 192.168.1.2:2749 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
188 UDP 192.168.1.2:2759 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.sn-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
189 UDP 192.168.1.2:2769 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
190 UDP 192.168.1.2:2773 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.il-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
191 UDP 192.168.1.2:2784 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
192 UDP 192.168.1.2:2786 -> 192.168.1.3:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-ad_r.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
193 UDP 192.168.1.2:2788 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 194 UDP 192.168.1.2:2790 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 194 UDP 192.168.1.2:2790 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
195 UDP 192.168.1.2:2792 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
196 UDP 192.168.1.2:2799 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 197 UDP 192.168.1.2:2811 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 197 UDP 192.168.1.2:2811 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
198 UDP 192.168.1.2:2813 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127_in-ad_r_arpa___][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
199 UDP 192.168.1.2:2815 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 200 UDP 192.168.1.2:2822 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 200 UDP 192.168.1.2:2822 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
201 UDP 192.168.1.2:2828 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 202 UDP 192.168.1.18:2751 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 202 UDP 192.168.1.18:2751 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
203 UDP 192.168.1.57:2771 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
204 UDP 192.168.1.110:2765 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
205 UDP 192.168.33.2:2782 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 206 UDP 194.168.1.2:2807 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 206 UDP 194.168.1.2:2807 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
207 UDP 200.168.1.2:2735 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: 1.0.0.127.in-adds.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
208 TCP 147.234.1.253:21 -> 192.168.1.66:2720 [proto: 1/FTP_CONTROL][cat: Download-FileTransfer-FileSharing/7][1 pkts/81 bytes -> 0 pkts/0 bytes][Goodput ratio: 33/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
209 UDP 192.168.1.2:2712 -> 192.37.115.0:53 [proto: 5/DNS][cat: Network/14][1 pkts/76 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Host: sip.cybercrty.dk][::][PLAIN TEXT (cybercrty)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
210 UDP 192.168.1.2:2712 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/76 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Host: sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
211 UDP 192.168.1.2:2794 -> 192.168.108.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/76 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Host: sip.cybercity.dk][::][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 212 UDP 192.114.1.2:2719 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/75 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 212 UDP 192.114.1.2:2719 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/75 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][::][Risk: ** Malformed packet **][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
213 TCP 147.234.1.253:21 -> 84.168.1.2:2720 [proto: 1/FTP_CONTROL][cat: Download-FileTransfer-FileSharing/7][1 pkts/73 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][PLAIN TEXT (200 Type set to I)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
214 TCP 192.168.1.2:2720 -> 147.117.1.253:21 [proto: 1/FTP_CONTROL][cat: Download-FileTransfer-FileSharing/7][1 pkts/73 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][PLAIN TEXT (RETR Site)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
215 TCP 192.168.1.2:2679 -> 147.234.1.253:21 [proto: 1/FTP_CONTROL][cat: Download-FileTransfer-FileSharing/7][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 18/0][< 1 sec][PLAIN TEXT (PASS d0)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/h323-overflow.pcap.out b/tests/result/h323-overflow.pcap.out
new file mode 100644
index 000000000..2a1d8e7e0
--- /dev/null
+++ b/tests/result/h323-overflow.pcap.out
@@ -0,0 +1,3 @@
+HTTP 1 58 1
+
+ 1 TCP 192.168.1.1:31337 -> 192.168.1.2:80 [proto: 7/HTTP][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 7/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/http-lines-split.pcap.out b/tests/result/http-lines-split.pcap.out
new file mode 100644
index 000000000..99f6f1415
--- /dev/null
+++ b/tests/result/http-lines-split.pcap.out
@@ -0,0 +1,3 @@
+HTTP 14 2503 1
+
+ 1 TCP 192.168.0.1:39236 <-> 192.168.0.20:31337 [proto: 7/HTTP][cat: Web/5][7 pkts/481 bytes <-> 7 pkts/2022 bytes][Goodput ratio: 14/81][0.00 sec][Host: toni.lan][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 69/289 92/1514 12/503][URL: toni.lan:31337/][StatusCode: 200][User-Agent: uclient-fetch][Risk: ** Known protocol on non standard port **** HTTP Suspicious User-Agent **][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0]
diff --git a/tests/result/ja3_lots_of_cipher_suites.pcap.out b/tests/result/ja3_lots_of_cipher_suites.pcap.out
new file mode 100644
index 000000000..cac6eadfb
--- /dev/null
+++ b/tests/result/ja3_lots_of_cipher_suites.pcap.out
@@ -0,0 +1,8 @@
+TLS 11 5132 1
+
+JA3 Host Stats:
+ IP Address # JA3C
+ 1 10.206.131.18 1
+
+
+ 1 TCP 10.206.131.18:58657 <-> 10.206.65.249:443 [VLAN: 258][proto: 91/TLS][cat: Web/5][5 pkts/1144 bytes <-> 6 pkts/3988 bytes][Goodput ratio: 70/90][0.22 sec][bytes ratio: -0.554 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/39 164/136 72/50][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 229/665 866/1522 319/650][Risk: ** TLS Certificate Mismatch **** TLS (probably) not carrying HTTPS **][TLSv1.2][JA3C: 0463681bfef175d3d61ec414c65e482c][JA3S: 9d456958a9e86bb0d503543beaf1a65b][Issuer: C=US, ST=New York, L=Rochester, O=Xerox Corporation, OU=Generic Root Certificate Authority, CN=Xerox Generic Root Certificate Authority][Subject: C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF, C=US, ST=Connecticut, L=Norwalk, O=Xerox Corporation, OU=Global Product Delivery Group, CN=XRX9C934E949FEF][Certificate SHA-1: 3B:2B:5E:58:6E:3E:30:1F:52:BF:9B:81:20:47:DE:10:A0:67:8E:FA][Validity: 2018-11-29 18:57:22 - 2023-11-29 18:57:22][Cipher: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
diff --git a/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out b/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out
new file mode 100644
index 000000000..4dbffc3ed
--- /dev/null
+++ b/tests/result/ja3_lots_of_cipher_suites_2_anon.pcap.out
@@ -0,0 +1,8 @@
+TLS 27 6966 1
+
+JA3 Host Stats:
+ IP Address # JA3C
+ 1 192.168.147.177 1
+
+
+ 1 TCP 192.168.147.177:58496 <-> 151.121.193.160:443 [proto: GTP:91/TLS][cat: Web/5][13 pkts/3520 bytes <-> 14 pkts/3446 bytes][Goodput ratio: 60/59][5.96 sec][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 479/256 1619/1072 582/419][Pkt Len c2s/s2c min/avg/max/stddev: 106/90 271/246 1202/1490 315/354][Risk: ** Self-signed Certificate **** Weak TLS cipher **** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: 192.69.136.179][JA3C: 50221ef5bde0fcee8864bbcea5211d51][JA3S: 7c02dbae662670040c7af9bd15fb7e2f (WEAK)][Issuer: C=DE, ST=Munich, L=Grenoble, O=Munniccan Establishment GmBH, OU=Munnican Workforce, CN=munniccan.de][Subject: C=DE, ST=Munich, L=Grenoble, O=Munniccan Establishment GmBH, OU=Munnican Workforce, CN=munniccan.de][Certificate SHA-1: 91:0C:1D:82:6B:28:01:8F:55:03:28:5B:90:A9:18:B9:ED:72:01:37][Validity: 2016-12-21 19:19:24 - 2019-09-16 19:19:24][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 9,27,0,0,0,9,18,0,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0]
diff --git a/tests/result/malformed_icmp.pcap.out b/tests/result/malformed_icmp.pcap.out
new file mode 100644
index 000000000..90fe244aa
--- /dev/null
+++ b/tests/result/malformed_icmp.pcap.out
@@ -0,0 +1,3 @@
+ICMP 1 42 1
+
+ 1 ICMP 218.152.179.213:0 -> 218.152.179.54:0 [proto: 81/ICMP][cat: Network/14][1 pkts/42 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Malformed packet **]
diff --git a/tests/result/tls-esni-fuzzed.pcap.out b/tests/result/tls-esni-fuzzed.pcap.out
new file mode 100644
index 000000000..ddf36dd68
--- /dev/null
+++ b/tests/result/tls-esni-fuzzed.pcap.out
@@ -0,0 +1,10 @@
+Cloudflare 3 2310 3
+
+JA3 Host Stats:
+ IP Address # JA3C
+ 1 192.168.1.12 1
+
+
+ 1 TCP 192.168.1.12:49886 -> 104.27.129.77:443 [proto: 91.220/TLS.Cloudflare][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.2][JA3C: e5ef852e686954ba9fe060fbfa881e15][ESNI: 9624CB3C4E230827F78CF5BF640D22DEA33FCC598EA6A32D939905586FBE997B9E68661F8956D4893072E19DE24CD1FB88A9F71FC4CC01BAB5C914FDF96A647D671B5E89859BAEEAB122218688496DF4DF0C328C3D5F940B109CEB2A2743D5CBE3594288A229B8C7E2F88303E3FE1A26A89E5001F2BD936890FEF78F06E05ECC063A68BDB8C18DFAC114CF1FECDB8BE1FC2FEECB2315D27998D682B129FD1E3EB5D7985DCBDC452A1082CCC038E0BF69570FEFAC6BC6FB951F89B6792CADA76403C02CEB5DCE1CE6EDDD16D5F7FB6B85D2B92485448DE0088E421E83F1E28B267FBE3B59AE0496FB845213C271D4C5AC5E9E7E5F6A3072445307FCCEB7306710459991C40CC4DC1FC325154C7974DD780371397805456A19AE23EE88475C1DF07697B666][ESNI Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 192.168.1.12:49887 -> 104.16.125.175:443 [proto: 91.220/TLS.Cloudflare][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.2][JA3C: e5ef852e686954ba9fe060fbfa881e15][ESNI: B900004E39E84B98F5AE87B0A020EC49FED86F2B488B6AB28BDE9F957621F2774366DE90E65C4CA808668911624685EC4C6DC6C161A97CBE82281BC08427697AA3BE6A40E5F00ACF8B63E329317B0E4E85642D50AB8790E6197DA62D9F5B3239DCC59437797FE768A520C9D471FEABA1375DF61E4A39B09363CB109E7B24A793844896DDD16B6EE7DBE576D767161D782D7BF6FEC453A05A923D8D8E9BEFFC97E8E56C4F1AAB70FE99BC97819E1D908A5F3B3094F4BF25EB7A24A94FDBC3E107A423B8BB341F22900F7BBD87780E30B6ECF393FEB8FBFFEB54C79FA0673FE1AAD17B221D4BFF6450AA0CD4AF513066B66080B602147F3ACB7145A436C5689DA20BACB8BF9BABD851012556EC8F7BB9D74BFAAF25DCF4362A5775607C3CE5C2C29F183969][ESNI Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 192.168.1.12:49897 -> 104.22.71.197:443 [proto: 91.220/TLS.Cloudflare][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.2][JA3C: e5ef852e686954ba9fe060fbfa881e15][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/wireshark/download-fuzz-traces.sh b/wireshark/download-fuzz-traces.sh
new file mode 100755
index 000000000..4f580a121
--- /dev/null
+++ b/wireshark/download-fuzz-traces.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+URL_PREFIX='https://www.wireshark.org/download/automated/captures/'
+TRACES="$(wget --no-verbose -O - "${URL_PREFIX}" | sed -n 's|^.*<a href="\([^"]\+\).pcap">.*$|\1.pcap|gp')"
+CURDIR="$(dirname ${0})/../tests/pcap"
+
+for trace in ${TRACES}; do
+ destfile="${CURDIR}/${trace}"
+ test -r "${destfile}" || wget --no-verbose "${URL_PREFIX}${trace}" -O "${destfile}"
+done