aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--example/ndpiReader.c18
-rw-r--r--example/reader_util.c3
-rw-r--r--example/reader_util.h4
-rw-r--r--src/include/ndpi_api.h5
-rw-r--r--src/include/ndpi_private.h1
-rw-r--r--src/include/ndpi_typedefs.h12
-rw-r--r--src/lib/ndpi_main.c3
-rw-r--r--src/lib/ndpi_utils.c60
-rw-r--r--src/lib/protocols/rtp.c150
-rw-r--r--src/lib/protocols/stun.c3
-rw-r--r--tests/cfgs/classification_only/result/sip.pcap.out4
-rw-r--r--tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out4
-rw-r--r--tests/cfgs/default/result/KakaoTalk_talk.pcap.out6
-rw-r--r--tests/cfgs/default/result/false_positives.pcapng.out10
-rw-r--r--tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out4
-rw-r--r--tests/cfgs/default/result/rtp.pcapng.out10
-rw-r--r--tests/cfgs/default/result/sip.pcap.out4
-rw-r--r--tests/cfgs/default/result/skinny.pcap.out12
-rw-r--r--tests/cfgs/default/result/stun_classic.pcap.out2
-rw-r--r--tests/cfgs/default/result/vivox.pcapng.out2
-rw-r--r--tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out2
21 files changed, 245 insertions, 74 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index e96b31a36..cf84390dd 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1872,9 +1872,21 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
if((flow->detected_protocol.proto.master_protocol == NDPI_PROTOCOL_RTP) || (flow->detected_protocol.proto.app_protocol == NDPI_PROTOCOL_RTP))
{
- fprintf(out, "[Payload Type: %s (%u)]",
- ndpi_rtp_payload_type2str(flow->rtp.payload_type),
- flow->rtp.payload_type);
+ if (flow->rtp[0 /* cli -> srv */].payload_detected || flow->rtp[1].payload_detected) {
+ fprintf(out, "[Payload Type: ");
+
+ if (flow->rtp[0].payload_detected)
+ fprintf(out, "%s (%u.%u)",
+ ndpi_rtp_payload_type2str(flow->rtp[0].payload_type, flow->rtp[0].evs_subtype), flow->rtp[0].payload_type, flow->rtp[0].evs_subtype);
+
+ if(flow->rtp[1 /* srv -> cli */].payload_detected) {
+ if (flow->rtp[0].payload_detected) fprintf(out, " / ");
+
+ fprintf(out, "%s (%u.%u)]",
+ ndpi_rtp_payload_type2str(flow->rtp[1].payload_type, flow->rtp[1].evs_subtype), flow->rtp[1].payload_type, flow->rtp[1].evs_subtype);
+ } else
+ fprintf(out, "]");
+ }
}
fprintf(out, "[%s]",
diff --git a/example/reader_util.c b/example/reader_util.c
index 6656143f6..7362321aa 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1216,7 +1216,6 @@ static void serialize_monitoring_metadata(struct ndpi_flow_info *flow)
case NDPI_PROTOCOL_STUN:
case NDPI_PROTOCOL_DTLS:
case NDPI_PROTOCOL_SRTP:
-
ndpi_serialize_start_of_block(&flow->ndpi_flow_serializer, "stun");
if(flow->stun.mapped_address.num_aps > 0) {
@@ -1638,7 +1637,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
}
if(is_ndpi_proto(flow, NDPI_PROTOCOL_RTP))
- flow->rtp.payload_type = flow->ndpi_flow->protos.rtp.payload_type;
+ memcpy(&flow->rtp, &flow->ndpi_flow->protos.rtp, sizeof(flow->rtp));
ndpi_snprintf(flow->http.user_agent,
sizeof(flow->http.user_agent),
diff --git a/example/reader_util.h b/example/reader_util.h
index 1b041c5ba..e404fad01 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -316,9 +316,7 @@ typedef struct ndpi_flow_info {
u_int response_status_code;
} http;
- struct {
- u_int8_t payload_type;
- } rtp;
+ struct rtp_info rtp[2 /* directions */];
struct {
ndpi_address_port_list mapped_address, peer_address,
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index 4a56da56f..467984f9f 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -602,10 +602,11 @@ extern "C" {
/**
* Return the name of a RTP payload type
*
- * @par payload_type = the RTP payload type
+ * @par payload_type = the RTP payload type
+ * @par evs_payload_type = EVS payload type (only in case payload_type is EVS)
* @return The symbolic payload type or "Unknown" if not found
*/
- const char* ndpi_rtp_payload_type2str(u_int8_t payload_type);
+ const char* ndpi_rtp_payload_type2str(u_int8_t payload_type, u_int32_t evs_payload_type);
/**
* Check if subprotocols of the specified master protocol are just
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h
index afd2f48ac..e452df10a 100644
--- a/src/include/ndpi_private.h
+++ b/src/include/ndpi_private.h
@@ -296,6 +296,7 @@ struct ndpi_detection_module_config_struct {
int stun_opportunistic_tls_enabled;
int stun_max_packets_extra_dissection;
+ int rtp_max_packets_extra_dissection;
int stun_mapped_address_enabled;
int stun_response_origin_enabled;
int stun_other_address_enabled;
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 8ca365d01..6b215aa70 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1301,6 +1301,12 @@ struct ndpi_tls_obfuscated_heuristic_matching_set {
u_int32_t pkts[4];
};
+struct rtp_info {
+ u_int8_t payload_type;
+ u_int32_t evs_subtype;
+ bool payload_detected;
+};
+
struct ndpi_flow_struct {
u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];
@@ -1601,10 +1607,8 @@ struct ndpi_flow_struct {
char *user_agent;
} ssdp;
- struct {
- u_int8_t payload_type;
- } rtp;
-} protos;
+ struct rtp_info rtp[2 /* directions */];
+ } protos;
/* **Packet** metadata for flows where monitoring is enabled. It is reset after each packet! */
struct ndpi_metadata_monitoring *monit;
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index c29ec6ebf..904d1d971 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -11791,7 +11791,8 @@ static const struct cfg_param {
{ "zoom", "max_packets_extra_dissection", "4", "0", "255", CFG_PARAM_INT, __OFF(zoom_max_packets_extra_dissection), NULL },
{ "rtp", "search_for_stun", "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(rtp_search_for_stun), NULL },
-
+ { "rtp", "max_packets_extra_dissection", "32", "0", "255", CFG_PARAM_INT, __OFF(rtp_max_packets_extra_dissection), NULL },
+
{ "openvpn", "dpi.heuristics", "0x00", "0", "0x01", CFG_PARAM_INT, __OFF(openvpn_heuristics), NULL },
{ "openvpn", "dpi.heuristics.num_messages", "10", "0", "255", CFG_PARAM_INT, __OFF(openvpn_heuristics_num_msgs), NULL },
{ "openvpn", "subclassification_by_ip", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(openvpn_subclassification_by_ip), NULL },
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 63effab29..69eaeb052 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -4236,7 +4236,8 @@ ndpi_protocol_qoe_category_t ndpi_find_protocol_qoe(struct ndpi_detection_module
/* ************************************************************** */
-const char* ndpi_rtp_payload_type2str(u_int8_t payload_type) {
+/* https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-rtp.c */
+const char* ndpi_rtp_payload_type2str(u_int8_t payload_type, u_int32_t evs_payload_type) {
switch(payload_type) {
case 0: return("ITU-T G.711 PCMU");
case 1: return("USA Federal Standard FS-1016");
@@ -4265,7 +4266,62 @@ const char* ndpi_rtp_payload_type2str(u_int8_t payload_type) {
case 33: return("MPEG-II transport streams");
case 34: return("ITU-T H.263");
case 98: return("AMR-WB");
- case 127: return("EVS");
+ case 118: return("AMR"); /* Adptive Multirate */
+ case 126: /* Enhanced Voice Services */
+ case 127: /* Enhanced Voice Services */
+ {
+ switch(evs_payload_type) {
+ /* https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-evs.c */
+
+ case 0x0: return("AMR-WB IO 6.6 kbps");
+ case 0x1: return("AMR-WB IO 8.85 kbps");
+ case 0x2: return("AMR-WB IO 12.65 kbps");
+ case 0x3: return("AMR-WB IO 14.24 kbps");
+ case 0x4: return("AMR-WB IO 15.85 kbps");
+ case 0x5: return("AMR-WB IO 18.25 kbps");
+ case 0x6: return("AMR-WB IO 19.85 kbps");
+ case 0x7: return("AMR-WB IO 23.05 kbps");
+ case 0x8: return("AMR-WB IO 23.85 kbps");
+ case 0x9: return("AMR-WB IO 2.0 kbps SID");
+
+ /* ** */
+ /* Dummy SWB 30 offset */
+ case 0x3+30: return("SWB 9.6 kbps");
+ case 0x4+30: return("SWB 13.2 kbps");
+ case 0x5+30: return("SWB 16.4 kbps");
+ case 0x6+30: return("SWB 24.4 kbps");
+ case 0x7+30: return("SWB 32 kbps");
+ case 0x8+30: return("SWB 48 kbps");
+ case 0x9+30: return("SWB 64 kbps");
+ case 0xa+30: return("SWB 96 kbps");
+ case 0xb+30: return("SWB 128 kbps");
+
+
+ case 48: return("EVS Primary SID 2.4");
+ case 136: return("EVS AMR-WB IO 6.6");
+ case 144: return("EVS Primary 7.2");
+ case 160: return("EVS Primary 8.0");
+ case 184: return("EVS AMR-WB IO 8.85");
+ case 192: return("EVS Primary 9.6");
+ case 256: return("EVS AMR-WB IO 12.65");
+ case 264: return("EVS Primary 13.2");
+ case 288: return("EVS AMR-WB IO 14.25");
+ case 320: return("EVS AMR-WB IO 15.85");
+ case 328: return("EVS Primary 16.4");
+ case 368: return("EVS AMR-WB IO 18.25");
+ case 400: return("EVS AMR-WB IO 19.85");
+ case 464: return("EVS AMR-WB IO 23.05");
+ case 480: return("EVS AMR-WB IO 23.85");
+ case 488: return("EVS Primary 24.4");
+ case 640: return("EVS Primary 32.0");
+ case 960: return("EVS Primary 48.0");
+ case 1280: return("EVS Primary 64.0");
+ case 1920: return("EVS Primary 96.0");
+ case 2560: return("EVS Primary 128.0");
+ default: return("EVS 13.2");
+ }
+ }
+ break;
default: return("Unknown");
}
}
diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c
index ffd2049d6..8e216bde6 100644
--- a/src/lib/protocols/rtp.c
+++ b/src/lib/protocols/rtp.c
@@ -32,6 +32,11 @@
#define RTP_MIN_HEADER 12
#define RTCP_MIN_HEADER 8
+static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow);
+
+/* *************************************************************** */
+
/* https://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml */
int is_valid_rtp_payload_type(uint8_t type)
{
@@ -40,6 +45,8 @@ int is_valid_rtp_payload_type(uint8_t type)
return 1;
}
+/* *************************************************************** */
+
u_int8_t rtp_get_stream_type(u_int8_t payloadType, u_int8_t *s_type, u_int16_t sub_proto)
{
/* General, from IANA */
@@ -201,10 +208,14 @@ u_int8_t rtp_get_stream_type(u_int8_t payloadType, u_int8_t *s_type, u_int16_t s
return(0);
}
+/* *************************************************************** */
+
static int is_valid_rtcp_payload_type(uint8_t type) {
return (type >= 192 && type <= 213);
}
+/* *************************************************************** */
+
int is_rtp_or_rtcp(struct ndpi_detection_module_struct *ndpi_struct,
const u_int8_t *payload, u_int16_t payload_len, u_int16_t *seq)
{
@@ -214,7 +225,7 @@ int is_rtp_or_rtcp(struct ndpi_detection_module_struct *ndpi_struct,
if(payload_len < 2)
return NO_RTP_RTCP;
-
+
if((payload[0] & 0xC0) != 0x80) { /* Version 2 */
NDPI_LOG_DBG(ndpi_struct, "Not version 2\n");
return NO_RTP_RTCP;
@@ -239,8 +250,8 @@ int is_rtp_or_rtcp(struct ndpi_detection_module_struct *ndpi_struct,
return NO_RTP_RTCP;
}
/* Check on padding doesn't work because:
- * we may have multiple RTP packets in the same TCP/UDP datagram
- * with SRTP, padding_length field is encrypted */
+ * we may have multiple RTP packets in the same TCP/UDP datagram
+ * with SRTP, padding_length field is encrypted */
if(seq)
*seq = ntohs(*(unsigned short *)&payload[2]);
return IS_RTP;
@@ -257,6 +268,17 @@ int is_rtp_or_rtcp(struct ndpi_detection_module_struct *ndpi_struct,
return NO_RTP_RTCP;
}
+/* ************************************************************ */
+
+static int rtp_search_again(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow) {
+ /* printf("***** AGAIN *****\n"); */
+ ndpi_rtp_search(ndpi_struct, flow);
+
+ return(((flow->protos.rtp[0].payload_detected && flow->protos.rtp[1].payload_detected)) ? false :true);
+}
+
+/* *************************************************************** */
static void ndpi_int_rtp_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
@@ -272,6 +294,16 @@ static void ndpi_int_rtp_add_connection(struct ndpi_detection_module_struct *ndp
NDPI_LOG_DBG(ndpi_struct, "Enabling (STUN) extra dissection\n");
switch_extra_dissection_to_stun(ndpi_struct, flow, 1);
}
+ } else if(proto == NDPI_PROTOCOL_RTP) {
+ if(flow->protos.rtp[0].payload_detected && flow->protos.rtp[1].payload_detected)
+ ; /* Nothing to do */
+ else {
+ if(!flow->extra_packets_func) {
+ NDPI_LOG_DBG(ndpi_struct, "Enabling extra dissection\n");
+ flow->max_extra_packets_to_check = ndpi_struct->cfg.rtp_max_packets_extra_dissection;
+ flow->extra_packets_func = rtp_search_again;
+ }
+ }
}
}
@@ -286,15 +318,15 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
u_int16_t seq;
if(packet->tcp != NULL) {
- payload += 2; /* Skip the length field */
- payload_len -= 2;
+ payload += 2; /* Skip the length field */
+ payload_len -= 2;
}
NDPI_LOG_DBG(ndpi_struct, "search RTP (stage %d/%d)\n", flow->rtp_stage, flow->rtcp_stage);
/* * Let some "unknown" packets at the beginning:
- * search for 3/4 consecutive RTP/RTCP packets.
- * Wait a little longer (4 vs 3 pkts) for RTCP to try to tell if there are only
- * RTCP packets in the flow or if RTP/RTCP are multiplexed together */
+ * search for 3/4 consecutive RTP/RTCP packets.
+ * Wait a little longer (4 vs 3 pkts) for RTCP to try to tell if there are only
+ * RTCP packets in the flow or if RTP/RTCP are multiplexed together */
if(flow->packet_counter > 3 &&
flow->rtp_stage == 0 &&
@@ -307,8 +339,75 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
is_rtp = is_rtp_or_rtcp(ndpi_struct, payload, payload_len, &seq);
if(is_rtp == IS_RTP) {
- flow->protos.rtp.payload_type = payload[1] & 0x7F;
+ u_int8_t packet_direction = current_pkt_from_client_to_server(ndpi_struct, flow) ? 0 : 1;
+ if(flow->protos.rtp[packet_direction].payload_type == 0x0) {
+ flow->protos.rtp[packet_direction].payload_type = payload[1] & 0x7F;
+ flow->protos.rtp[packet_direction].payload_detected = true;
+
+ /* printf("********* [direction: %d] payload_type=%u\n", packet_direction, flow->protos.rtp[packet_direction].payload_type); */
+
+ if(((flow->protos.rtp[packet_direction].payload_type == 126 /* Enhanced Voice Services (EVS) */)
+ || (flow->protos.rtp[packet_direction].payload_type == 127 /* Enhanced Voice Services (EVS) */))
+ && (payload_len > 12 /* RTP header */)) {
+ const u_int8_t *evs = &payload[12];
+ u_int packet_len = payload_len - 12;
+ u_int num_bits = packet_len * 8;
+
+ flow->flow_multimedia_types = ndpi_multimedia_audio_flow;
+ /* printf("********* %02X [bits %u]\n", evs[0], num_bits); */
+
+ if(num_bits == 56) {
+ /* A.2.1.3 Special case for 56 bit payload size (EVS Primary or EVS AMR-WB IO SID) */
+
+ if((evs[0] & 0x80) == 0)
+ flow->protos.rtp[packet_direction].evs_subtype = evs[0] & 0xF;
+ else
+ flow->protos.rtp[packet_direction].evs_subtype = evs[1] & 0xF;
+ } else {
+
+ /* See ndpi_rtp_payload_type2str() */
+ switch(num_bits) {
+ case 48:
+ case 136:
+ case 144:
+ case 160:
+ case 184:
+ case 192:
+ case 256:
+ case 264:
+ case 288:
+ case 320:
+ case 328:
+ case 368:
+ case 400:
+ case 464:
+ case 480:
+ case 488:
+ case 640:
+ case 960:
+ case 1280:
+ case 1920:
+ case 2560:
+ flow->protos.rtp[packet_direction].evs_subtype = num_bits;
+ break;
+
+ default:
+ if((evs[0] >> 7) == 1) {
+ /* EVS Codec Mode Request (EVS-CMR) */
+ u_int8_t d_bits = evs[0] & 0X0F;
+
+ flow->protos.rtp[packet_direction].evs_subtype = d_bits + 30 /* dummy offset */;
+ }
+ break;
+ }
+ }
+
+ if(flow->protos.rtp[0].payload_detected && flow->protos.rtp[1].payload_detected)
+ flow->extra_packets_func = NULL; /* Nothing to do */
+ }
+ }
+
if(flow->rtp_stage == 2) {
if(flow->l4_proto == IPPROTO_UDP &&
flow->l4.udp.line_pkts[0] >= 2 && flow->l4.udp.line_pkts[1] >= 2) {
@@ -318,15 +417,16 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
} else if(flow->rtp_seq_set[packet->packet_direction] &&
flow->rtp_seq[packet->packet_direction] == seq) {
/* Simple heuristic to avoid false positives. tradeoff between:
- * consecutive RTP packets should have different sequence number
- * we should handle duplicated traffic */
+ * consecutive RTP packets should have different sequence number
+ * we should handle duplicated traffic */
NDPI_LOG_DBG(ndpi_struct, "Same seq on consecutive pkts\n");
flow->rtp_stage = 0;
flow->rtcp_stage = 0;
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
NDPI_EXCLUDE_PROTO_EXT(ndpi_struct, flow, NDPI_PROTOCOL_RTCP);
} else {
- rtp_get_stream_type(flow->protos.rtp.payload_type, &flow->flow_multimedia_types, NDPI_PROTOCOL_UNKNOWN);
+ rtp_get_stream_type(flow->protos.rtp[packet->packet_direction].payload_type,
+ &flow->flow_multimedia_types, NDPI_PROTOCOL_UNKNOWN);
NDPI_LOG_INFO(ndpi_struct, "Found RTP\n");
ndpi_int_rtp_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTP);
@@ -360,7 +460,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
NDPI_EXCLUDE_PROTO_EXT(ndpi_struct, flow, NDPI_PROTOCOL_RTCP);
}
- }
+ }
}
}
@@ -374,11 +474,11 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
* ---------------------------------------------------------------
*/
static void ndpi_search_rtp_tcp(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow)
+ struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
const u_int8_t *payload = packet->payload;
-
+
if(packet->payload_packet_len < 4){ /* (2) len field + (2) min rtp/rtcp*/
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
NDPI_EXCLUDE_PROTO_EXT(ndpi_struct, flow, NDPI_PROTOCOL_RTCP);
@@ -397,12 +497,12 @@ static void ndpi_search_rtp_tcp(struct ndpi_detection_module_struct *ndpi_struct
/* *************************************************************** */
static void ndpi_search_rtp_udp(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow)
+ struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int16_t source = ntohs(packet->udp->source);
u_int16_t dest = ntohs(packet->udp->dest);
- /*
+ /*
* XXX: not sure if rtp/rtcp over tcp will also mix with Ethereum
* for now, will not add it unitl we have a false positive.
*/
@@ -424,9 +524,9 @@ static void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, st
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->tcp != NULL) {
ndpi_search_rtp_tcp(ndpi_struct, flow);
- } else {
- ndpi_search_rtp_udp(ndpi_struct, flow);
- }
+ } else {
+ ndpi_search_rtp_udp(ndpi_struct, flow);
+ }
}
/* *************************************************************** */
@@ -434,11 +534,11 @@ static void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, st
void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct,
u_int32_t *id) {
ndpi_set_bitmask_protocol_detection("RTP", ndpi_struct, *id,
- NDPI_PROTOCOL_RTP,
- ndpi_search_rtp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
+ NDPI_PROTOCOL_RTP,
+ ndpi_search_rtp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
*id += 1;
}
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index 2fb0c89b7..683559853 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -961,12 +961,11 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct,
rtp_rtcp = is_rtp_or_rtcp(ndpi_struct, packet->payload, packet->payload_packet_len, NULL);
if(rtp_rtcp == IS_RTP) {
-
NDPI_LOG_DBG(ndpi_struct, "RTP (dir %d) [%d/%d]\n", packet->packet_direction,
flow->stun.rtp_counters[0], flow->stun.rtp_counters[1]);
flow->stun.rtp_counters[packet->packet_direction]++;
-
+ /* TODO: store RTP information in 'struct rtp_info' */
NDPI_LOG_INFO(ndpi_struct, "Found RTP over STUN\n");
rtp_get_stream_type(packet->payload[1] & 0x7F, &flow->flow_multimedia_types, flow->detected_protocol_stack[0]);
diff --git a/tests/cfgs/classification_only/result/sip.pcap.out b/tests/cfgs/classification_only/result/sip.pcap.out
index 442e60673..da20c8176 100644
--- a/tests/cfgs/classification_only/result/sip.pcap.out
+++ b/tests/cfgs/classification_only/result/sip.pcap.out
@@ -1,4 +1,4 @@
-DPI Packets (UDP): 6 (1.50 pkts/flow)
+DPI Packets (UDP): 12 (3.00 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence DPI : 3 (flows)
Num dissector calls: 310 (77.50 diss/flow)
@@ -30,7 +30,7 @@ Unrated 1 146 1
1 UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][53 pkts/21940 bytes <-> 31 pkts/15635 bytes][Goodput ratio: 90/92][1521.57 sec][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 158/13 25541/22026 150200/89874 25265/23489][Pkt Len c2s/s2c min/avg/max/stddev: 47/342 414/504 1118/711 343/85][PLAIN TEXT (REGISTER sip)][Plen Bins: 26,0,0,0,0,0,0,0,0,4,8,0,2,4,13,17,0,0,3,0,1,10,0,0,0,5,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][15 pkts/7568 bytes <-> 3 pkts/1944 bytes][Goodput ratio: 92/93][67.09 sec][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 507/34556 4746/34556 32608/34556 8188/0][Pkt Len c2s/s2c min/avg/max/stddev: 389/637 505/648 864/656 180/8][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,5,62,0,0,0,0,0,0,5,11,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 20/0 69/0 23/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (VRUDKBuYs)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 20/0 69/0 23/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (VRUDKBuYs)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Undetected flows:
diff --git a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index a1d9dc2ce..3bf52deef 100644
--- a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -1,4 +1,4 @@
-DPI Packets (UDP): 7 (1.40 pkts/flow)
+DPI Packets (UDP): 29 (5.80 pkts/flow)
Confidence DPI : 5 (flows)
Num dissector calls: 165 (33.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
@@ -26,7 +26,7 @@ Megaco 130 23570 1
Acceptable 1552 259123 5
- 1 UDP 10.35.60.100:15580 <-> 10.23.1.52:16756 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][159 pkts/33872 bytes <-> 1171 pkts/148830 bytes][Goodput ratio: 80/66][37.44 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/30 81/286 7/49][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 213/127 214/214 12/32][PLAIN TEXT (UUUUUU)][Plen Bins: 0,0,50,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 10.35.60.100:15580 <-> 10.23.1.52:16756 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 25][cat: Media/1][159 pkts/33872 bytes <-> 1171 pkts/148830 bytes][Goodput ratio: 80/66][37.44 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/30 81/286 7/49][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 213/127 214/214 12/32][PLAIN TEXT (UUUUUU)][Plen Bins: 0,0,50,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 10.35.40.25:5060 <-> 10.35.40.200:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/13254 bytes <-> 24 pkts/13218 bytes][Goodput ratio: 93/92][83.79 sec][SIP From: <sip:unavailable@hostportion>;tag=00e9d478][SIP To: <sip:061963177@italtel.it;user=phone>][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3385/1643 27628/17187 8177/4202][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 10.35.40.22:2944 <-> 10.23.1.42:2944 [proto: 181/Megaco][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 181/Megaco, Confidence: DPI][DPI packets: 1][cat: VoIP/10][65 pkts/7788 bytes <-> 65 pkts/15782 bytes][Goodput ratio: 65/83][109.25 sec][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1409/1356 4370/4370 1953/1909][Pkt Len c2s/s2c min/avg/max/stddev: 77/101 120/243 583/561 107/94][PLAIN TEXT (555282713)][Plen Bins: 0,48,0,23,0,1,1,21,0,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 10.35.60.72:5060 <-> 10.35.60.100:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][11 pkts/6627 bytes <-> 12 pkts/6609 bytes][Goodput ratio: 93/92][83.79 sec][SIP From: <sip:unavailable@hostportion>;tag=00e9d478][SIP To: <sip:061963177@italtel.it;user=phone>][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/19 7451/3699 27579/17188 10544/5458][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
index 89908d39c..c531f4423 100644
--- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
+++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
@@ -1,7 +1,7 @@
Guessed flow protos: 9
DPI Packets (TCP): 67 (4.47 pkts/flow)
-DPI Packets (UDP): 10 (2.00 pkts/flow)
+DPI Packets (UDP): 17 (3.40 pkts/flow)
Confidence Match by port : 8 (flows)
Confidence DPI : 11 (flows)
Confidence Match by IP : 1 (flows)
@@ -44,8 +44,8 @@ JA Host Stats:
1 10.24.82.188 2
- 1 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][IP: 0/Unknown][Payload Type: Unknown (108)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][757 pkts/106335 bytes <-> 746 pkts/93906 bytes][Goodput ratio: 69/65][45.42 sec][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/48 202/340 49/48][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 140/126 234/236 43/33][PLAIN TEXT (46yOXQ)][Plen Bins: 0,60,19,16,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][IP: 0/Unknown][Payload Type: Unknown (108)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][746 pkts/93906 bytes <-> 742 pkts/104604 bytes][Goodput ratio: 65/69][45.02 sec][bytes ratio: -0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/0 58/49 112/476 23/54][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 126/141 236/234 33/43][PLAIN TEXT (46yOXQ)][Plen Bins: 0,61,18,16,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: DynamicRTP-Type-108 (108.0) / DynamicRTP-Type-108 (108.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Media/1][757 pkts/106335 bytes <-> 746 pkts/93906 bytes][Goodput ratio: 69/65][45.42 sec][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/48 202/340 49/48][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 140/126 234/236 43/33][PLAIN TEXT (46yOXQ)][Plen Bins: 0,60,19,16,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: DynamicRTP-Type-108 (108.0) / DynamicRTP-Type-108 (108.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Media/1][746 pkts/93906 bytes <-> 742 pkts/104604 bytes][Goodput ratio: 65/69][45.02 sec][bytes ratio: -0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/0 58/49 112/476 23/54][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 126/141 236/234 33/43][PLAIN TEXT (46yOXQ)][Plen Bins: 0,61,18,16,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 91.193/TLS.KakaoTalk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Chat/9][22 pkts/5326 bytes <-> 18 pkts/5212 bytes][Goodput ratio: 72/76][51.59 sec][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 14/0 2358/3528 20472/21237 5098/5912][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 242/290 878/920 254/276][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 350][Risk Info: TLSv1 / Expected on port 443 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA / C=KR, L=Seoul, O=Kakao, CN=Kakao.com][TCP Fingerprint: 2_64_14000_078416dac97d/Unknown][TLSv1][JA4: t10d120300_b275ccc1cd51_a875e5012fde][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26][Issuer: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Subject: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Certificate SHA-1: 65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9][Validity: 2011-12-05 09:19:25 - 2021-12-02 09:19:25][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,0,0,0,5,35,0,5,0,15,5,5,0,0,0,0,0,0,0,0,5,5,0,0,10,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 91.193/TLS.KakaoTalk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Chat/9][23 pkts/4380 bytes <-> 22 pkts/5728 bytes][Goodput ratio: 64/73][52.84 sec][bytes ratio: -0.133 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 691/1317 6069/10226 1399/2632][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 190/260 814/920 164/241][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 350][Risk Info: TLSv1 / Expected on port 443 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA / C=KR, L=Seoul, O=Kakao, CN=Kakao.com][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1][JA4: t10d120300_b275ccc1cd51_a875e5012fde][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26][Issuer: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Subject: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Certificate SHA-1: 65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9][Validity: 2011-12-05 09:19:25 - 2021-12-02 09:19:25][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,0,0,0,4,48,0,4,0,17,4,4,0,0,0,4,0,0,0,0,0,0,4,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 7][cat: Web/5][15 pkts/2932 bytes <-> 14 pkts/1092 bytes][Goodput ratio: 71/27][1.96 sec][bytes ratio: 0.457 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 141/117 494/295 163/92][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 195/78 735/189 228/35][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14000_078416dac97d/Unknown][TLSv1][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 07dddc59e60135c7b479d39c3ae686af][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 30,23,0,0,15,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/false_positives.pcapng.out b/tests/cfgs/default/result/false_positives.pcapng.out
index 400875f80..0bae12682 100644
--- a/tests/cfgs/default/result/false_positives.pcapng.out
+++ b/tests/cfgs/default/result/false_positives.pcapng.out
@@ -1,5 +1,5 @@
DPI Packets (TCP): 4 (4.00 pkts/flow)
-DPI Packets (UDP): 18 (3.60 pkts/flow)
+DPI Packets (UDP): 53 (10.60 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence DPI : 5 (flows)
Num dissector calls: 864 (144.00 diss/flow)
@@ -29,10 +29,10 @@ WebSocket 4 973 1
Acceptable 114 20282 5
Unrated 6 460 1
- 1 UDP 10.192.92.81:52070 <-> 10.136.43.69:21048 [VLAN: 20][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][15 pkts/3330 bytes <-> 15 pkts/3330 bytes][Goodput ratio: 77/77][0.30 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/19 19/19 20/20 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 222/222 222/222 222/222 0/0][PLAIN TEXT (UUUUUUUUUUUUU)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 10.126.70.67:23784 <-> 10.236.7.225:50160 [VLAN: 107][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][18 pkts/3924 bytes <-> 12 pkts/2616 bytes][Goodput ratio: 79/79][0.34 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/19 20/20 20/20 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 218/218 218/218 218/218 0/0][PLAIN TEXT (UUUUUUUUU)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 10.102.45.249:31046 <-> 10.133.48.100:21176 [VLAN: 10][proto: GTP:87/RTP][IP: 0/Unknown][Payload Type: Unknown (102)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][22 pkts/2860 bytes <-> 8 pkts/989 bytes][Goodput ratio: 34/30][0.44 sec][bytes ratio: 0.486 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/19 22/19 44/20 15/0][Pkt Len c2s/s2c min/avg/max/stddev: 130/113 130/124 130/130 0/8][Plen Bins: 10,90,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 10.133.32.101:36408 -> 10.110.31.25:1272 [VLAN: 10][proto: GTP:87/RTP][IP: 0/Unknown][Payload Type: Unknown (118)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][20 pkts/2260 bytes -> 0 pkts/0 bytes][Goodput ratio: 24/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 21/0 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 113/0 113/0 113/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 10.192.92.81:52070 <-> 10.136.43.69:21048 [VLAN: 20][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8.0) / ITU-T G.711 PCMA (8.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][15 pkts/3330 bytes <-> 15 pkts/3330 bytes][Goodput ratio: 77/77][0.30 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/19 19/19 20/20 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 222/222 222/222 222/222 0/0][PLAIN TEXT (UUUUUUUUUUUUU)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 10.126.70.67:23784 <-> 10.236.7.225:50160 [VLAN: 107][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8.0) / ITU-T G.711 PCMA (8.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Media/1][18 pkts/3924 bytes <-> 12 pkts/2616 bytes][Goodput ratio: 79/79][0.34 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/19 20/20 20/20 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 218/218 218/218 218/218 0/0][PLAIN TEXT (UUUUUUUUU)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 10.102.45.249:31046 <-> 10.133.48.100:21176 [VLAN: 10][proto: GTP:87/RTP][IP: 0/Unknown][Payload Type: Unknown (102.0) / Unknown (102.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 17][cat: Media/1][22 pkts/2860 bytes <-> 8 pkts/989 bytes][Goodput ratio: 34/30][0.44 sec][bytes ratio: 0.486 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/19 22/19 44/20 15/0][Pkt Len c2s/s2c min/avg/max/stddev: 130/113 130/124 130/130 0/8][Plen Bins: 10,90,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 10.133.32.101:36408 -> 10.110.31.25:1272 [VLAN: 10][proto: GTP:87/RTP][IP: 0/Unknown][Payload Type: AMR (118.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 20][cat: Media/1][20 pkts/2260 bytes -> 0 pkts/0 bytes][Goodput ratio: 24/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 21/0 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 113/0 113/0 113/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 10.140.231.26:61202 <-> 159.65.12.169:443 [VLAN: 113][proto: GTP:7.251/HTTP.WebSocket][IP: 442/DigitalOcean][ClearText][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Web/5][2 pkts/557 bytes <-> 2 pkts/416 bytes][Goodput ratio: 58/45][0.20 sec][Hostname/SNI: wludo.superkinglabs.com][URL: wludo.superkinglabs.com:443/ws][StatusCode: 101][Server: nginx/1.12.2][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 200][Risk Info: Empty or missing User-Agent / Expected on port 80 / Obsolete nginx server 1.12.2][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /ws HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
index 7738be305..8d0ec1ede 100644
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@@ -1,7 +1,7 @@
Guessed flow protos: 33
DPI Packets (TCP): 45 (2.14 pkts/flow)
-DPI Packets (UDP): 356 (1.62 pkts/flow)
+DPI Packets (UDP): 358 (1.63 pkts/flow)
DPI Packets (other): 5 (1.00 pkts/flow)
Confidence Unknown : 33 (flows)
Confidence Match by port : 33 (flows)
@@ -46,7 +46,7 @@ Unrated 33 4066 33
3 UDP 192.168.1.2:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][69 pkts/6348 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1527.12 sec][Hostname/SNI: eci_domain][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 741/0 21619/0 93225/0 24386/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EFEDEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.1.2:2720 <-> 147.234.1.253:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 22][cat: Download/7][11 pkts/624 bytes <-> 14 pkts/1080 bytes][Goodput ratio: 4/27][0.32 sec][Hostname/SNI: proftpd][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/7 115/18 38/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 57/77 70/113 5/19][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_16384_44bd01ba086e/Unknown][PLAIN TEXT (220 ProFTPD Server In ECI Telec)][Plen Bins: 66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.1.2:5060 -> 212.242.33.35:17860 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][1 pkts/1118 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (INVITE six)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][5 pkts/1070 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.05 sec][PLAIN TEXT (goxcffj)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: Unknown (99.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Media/1][5 pkts/1070 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (goxcffj)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.1.2:68 <-> 192.168.1.1:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/342 bytes <-> 1 pkts/590 bytes][Goodput ratio: 87/93][0.00 sec][Hostname/SNI: d002465][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,43][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (002465Q)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 192.168.1.2:5060 -> 200.68.120.81:4932 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/864 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][SIP To: <sip:97239287044@voip.brujula.net>][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 192.168.1.41:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][8.51 sec][Hostname/SNI: lab111][PLAIN TEXT ( EMEBECDBDBDBCACACACACACACACACA)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/rtp.pcapng.out b/tests/cfgs/default/result/rtp.pcapng.out
index 2a054ce02..7d6663bba 100644
--- a/tests/cfgs/default/result/rtp.pcapng.out
+++ b/tests/cfgs/default/result/rtp.pcapng.out
@@ -1,5 +1,5 @@
-DPI Packets (TCP): 8 (8.00 pkts/flow)
-DPI Packets (UDP): 9 (3.00 pkts/flow)
+DPI Packets (TCP): 32 (32.00 pkts/flow)
+DPI Packets (UDP): 42 (14.00 pkts/flow)
Confidence DPI : 4 (flows)
Num dissector calls: 675 (168.75 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
@@ -27,7 +27,7 @@ RTP 82 43715 3
Acceptable 82 43715 3
Fun 30 16092 1
- 1 TCP 172.16.168.24:40252 <-> 172.16.168.64:5000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Media/1][19 pkts/21900 bytes <-> 18 pkts/1196 bytes][Goodput ratio: 94/0][85.30 sec][bytes ratio: 0.896 (Upload)][IAT c2s/s2c min/avg/max/stddev: 93/93 5654/6060 82923/82923 20651/21318][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1153/66 1280/74 371/2][TCP Fingerprint: 2_64_5840_1596d0698b3d/Unknown][PLAIN TEXT (QQSPSSV)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 10.204.220.71:6000 -> 10.204.220.171:6000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Video][Payload Type: ITU-T H.263 (34)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][15 pkts/18438 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 25/0 77/0 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 1229/0 1486/0 467/0][Plen Bins: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,68,0,0]
+ 1 TCP 172.16.168.24:40252 <-> 172.16.168.64:5000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 32][cat: Media/1][19 pkts/21900 bytes <-> 18 pkts/1196 bytes][Goodput ratio: 94/0][85.30 sec][bytes ratio: 0.896 (Upload)][IAT c2s/s2c min/avg/max/stddev: 93/93 5654/6060 82923/82923 20651/21318][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1153/66 1280/74 371/2][TCP Fingerprint: 2_64_5840_1596d0698b3d/Unknown][PLAIN TEXT (QQSPSSV)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 10.204.220.71:6000 -> 10.204.220.171:6000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T H.263 (34.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: Media/1][15 pkts/18438 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 25/0 77/0 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 1229/0 1486/0 467/0][Plen Bins: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,68,0,0]
3 UDP 150.219.118.19:54234 <-> 192.113.193.227:50003 [proto: 58/Discord][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Collaborative/15][11 pkts/1455 bytes <-> 19 pkts/14637 bytes][Goodput ratio: 68/95][0.14 sec][Client IP: 85.154.2.145][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 36/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/116 132/770 207/1146 54/475][PLAIN TEXT (85.154.2.145)][Plen Bins: 0,20,6,20,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Payload Type: Unknown (111)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Payload Type: Unknown (111.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 25][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/sip.pcap.out b/tests/cfgs/default/result/sip.pcap.out
index 5533b572d..719d59531 100644
--- a/tests/cfgs/default/result/sip.pcap.out
+++ b/tests/cfgs/default/result/sip.pcap.out
@@ -1,4 +1,4 @@
-DPI Packets (UDP): 6 (1.50 pkts/flow)
+DPI Packets (UDP): 12 (3.00 pkts/flow)
Confidence Unknown : 1 (flows)
Confidence DPI : 3 (flows)
Num dissector calls: 310 (77.50 diss/flow)
@@ -30,7 +30,7 @@ Unrated 1 146 1
1 UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][53 pkts/21940 bytes <-> 31 pkts/15635 bytes][Goodput ratio: 90/92][1521.57 sec][SIP From: <sip:voi18063@sip.cybercity.dk>;tag=903df0a][SIP To: <sip:voi18063@sip.cybercity.dk>][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 158/13 25541/22026 150200/89874 25265/23489][Pkt Len c2s/s2c min/avg/max/stddev: 47/342 414/504 1118/711 343/85][PLAIN TEXT (REGISTER sip)][Plen Bins: 26,0,0,0,0,0,0,0,0,4,8,0,2,4,13,17,0,0,3,0,1,10,0,0,0,5,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][15 pkts/7568 bytes <-> 3 pkts/1944 bytes][Goodput ratio: 92/93][67.09 sec][SIP From: "arik" <sip:816666@voip.brurjula.net>;tag=6433ef9][SIP To: <sip:97239287044@voip.brujula.net>][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 507/34556 4746/34556 32608/34556 8188/0][Pkt Len c2s/s2c min/avg/max/stddev: 389/637 505/648 864/656 180/8][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,5,62,0,0,0,0,0,0,5,11,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 20/0 69/0 23/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (VRUDKBuYs)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 20/0 69/0 23/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (VRUDKBuYs)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Undetected flows:
diff --git a/tests/cfgs/default/result/skinny.pcap.out b/tests/cfgs/default/result/skinny.pcap.out
index 0929d1a92..b78717d75 100644
--- a/tests/cfgs/default/result/skinny.pcap.out
+++ b/tests/cfgs/default/result/skinny.pcap.out
@@ -1,5 +1,5 @@
DPI Packets (TCP): 2 (1.00 pkts/flow)
-DPI Packets (UDP): 15 (3.00 pkts/flow)
+DPI Packets (UDP): 71 (14.20 pkts/flow)
Confidence DPI : 7 (flows)
Num dissector calls: 807 (115.29 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
@@ -26,10 +26,10 @@ CiscoSkinny 61 6964 2
Acceptable 196 35854 7
- 1 UDP 192.168.195.58:32144 <-> 192.168.195.50:17718 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][36 pkts/7704 bytes <-> 33 pkts/7062 bytes][Goodput ratio: 80/80][0.35 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 20/20 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 214/214 214/214 214/214 0/0][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.195.58:32150 -> 192.168.193.24:9395 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][18 pkts/3852 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.195.58:32144 <-> 192.168.195.50:17718 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0.0) / ITU-T G.711 PCMU (0.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Media/1][36 pkts/7704 bytes <-> 33 pkts/7062 bytes][Goodput ratio: 80/80][0.35 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 20/20 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 214/214 214/214 214/214 0/0][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.195.58:32150 -> 192.168.193.24:9395 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 18][cat: Media/1][18 pkts/3852 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (zwwtvutz)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.195.58:49399 <-> 192.168.193.12:2000 [proto: 164/CiscoSkinny][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 164/CiscoSkinny, Confidence: DPI][DPI packets: 1][cat: VoIP/10][13 pkts/992 bytes <-> 20 pkts/2724 bytes][Goodput ratio: 25/59][3.85 sec][bytes ratio: -0.466 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 416/234 3609/3559 1129/859][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 76/136 106/378 20/85][PLAIN TEXT (RIX Meeting Room)][Plen Bins: 37,27,0,0,22,4,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 192.168.195.50:17726 -> 192.168.193.24:9399 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][17 pkts/3638 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.32 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 19/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (wskptvv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 UDP 192.168.195.58:32152 -> 192.168.193.24:9396 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][16 pkts/3424 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (wskptvv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.195.50:17726 -> 192.168.193.24:9399 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 17][cat: Media/1][17 pkts/3638 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.32 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 19/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (wskptvv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 192.168.195.58:32152 -> 192.168.193.24:9396 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Media/1][16 pkts/3424 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (wskptvv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 192.168.193.12:2000 <-> 192.168.195.50:51532 [proto: 164/CiscoSkinny][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 164/CiscoSkinny, Confidence: DPI][DPI packets: 1][cat: VoIP/10][15 pkts/2260 bytes <-> 13 pkts/988 bytes][Goodput ratio: 63/25][3.91 sec][bytes ratio: 0.392 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/13 324/385 3622/3582 995/1066][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 151/76 546/106 124/20][PLAIN TEXT (RIX Meeting Room)][Plen Bins: 33,33,0,0,22,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 UDP 192.168.195.50:17732 -> 192.168.193.24:9400 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][15 pkts/3210 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.28 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 19/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (xwwsvyux)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.195.50:17732 -> 192.168.193.24:9400 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: Media/1][15 pkts/3210 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.28 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 19/0 20/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 214/0 214/0 214/0 0/0][PLAIN TEXT (xwwsvyux)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_classic.pcap.out b/tests/cfgs/default/result/stun_classic.pcap.out
index 922452eb9..aa0f4b56e 100644
--- a/tests/cfgs/default/result/stun_classic.pcap.out
+++ b/tests/cfgs/default/result/stun_classic.pcap.out
@@ -24,4 +24,4 @@ RTP 22 1624 1
Acceptable 22 1624 1
- 1 UDP 172.16.63.224:55050 <-> 172.16.63.21:13958 [proto: 78.87/STUN.RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMU (0)][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: Media/1][9 pkts/662 bytes <-> 13 pkts/962 bytes][Goodput ratio: 43/43][0.23 sec][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 32/17 101/42 32/11][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 74/74 74/74 1/0][Mapped IP/Port: 172.16.63.224:55050][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 4,95,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 172.16.63.224:55050 <-> 172.16.63.21:13958 [proto: 78.87/STUN.RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: Media/1][9 pkts/662 bytes <-> 13 pkts/962 bytes][Goodput ratio: 43/43][0.23 sec][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 32/17 101/42 32/11][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 74/74 74/74 1/0][Mapped IP/Port: 172.16.63.224:55050][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 4,95,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/vivox.pcapng.out b/tests/cfgs/default/result/vivox.pcapng.out
index 7241fc6b8..5de2cf1af 100644
--- a/tests/cfgs/default/result/vivox.pcapng.out
+++ b/tests/cfgs/default/result/vivox.pcapng.out
@@ -33,4 +33,4 @@ JA Host Stats:
1 TCP 192.168.1.13:40434 <-> 85.236.98.21:443 [proto: 91.441/TLS.Vivox][IP: 441/Vivox][Encrypted][Confidence: DPI][FPC: 441/Vivox, Confidence: IP address][DPI packets: 4][cat: Game/8][3 pkts/435 bytes <-> 1 pkts/74 bytes][Goodput ratio: 53/0][0.12 sec][Hostname/SNI: mt1s.www.vivox.com][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d251000_7415a186c913_577ffa9d9a5c][Firefox][PLAIN TEXT (s.www.vivox.com)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.1.13:55921 -> 85.236.96.158:40354 [proto: 87/RTP][IP: 441/Vivox][Payload Type: EVS (127)][ClearText][Confidence: DPI][FPC: 441/Vivox, Confidence: IP address][DPI packets: 3][cat: Media/1][3 pkts/361 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][0.06 sec][Plen Bins: 0,33,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.1.13:55921 -> 85.236.96.158:40354 [proto: 87/RTP][IP: 441/Vivox][Stream Content: Audio][Payload Type: EVS Primary 8.0 (127.160)][ClearText][Confidence: DPI][FPC: 441/Vivox, Confidence: IP address][DPI packets: 3][cat: Media/1][3 pkts/361 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][0.06 sec][Plen Bins: 0,33,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out
index 9f9385e15..f67689805 100644
--- a/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out
+++ b/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out
@@ -33,7 +33,7 @@ JA Host Stats:
IP Address # JA4C
- 1 UDP [32fb:f967:681e:e96b:face:b00c::74fd]:3478 <-> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080]:45658 [proto: 78.87/STUN.RTP][IP: 0/Unknown][Payload Type: ITU-T G.711 PCMU (0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 30][cat: Media/1][14 pkts/1612 bytes <-> 16 pkts/1838 bytes][Goodput ratio: 46/46][2.71 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 12/1 188/155 778/396 231/147][Pkt Len c2s/s2c min/avg/max/stddev: 84/84 115/115 214/206 44/39][PLAIN TEXT (4/WtFTidwfa)][Plen Bins: 46,23,16,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP [32fb:f967:681e:e96b:face:b00c::74fd]:3478 <-> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080]:45658 [proto: 78.87/STUN.RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 30][cat: Media/1][14 pkts/1612 bytes <-> 16 pkts/1838 bytes][Goodput ratio: 46/46][2.71 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 12/1 188/155 778/396 231/147][Pkt Len c2s/s2c min/avg/max/stddev: 84/84 115/115 214/206 44/39][PLAIN TEXT (4/WtFTidwfa)][Plen Bins: 46,23,16,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44144 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.16 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
3 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44150 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
4 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44192 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.