diff options
61 files changed, 310 insertions, 67 deletions
diff --git a/.gitignore b/.gitignore index 1c85b2bfa..1b4ccc971 100644 --- a/.gitignore +++ b/.gitignore @@ -69,9 +69,10 @@ stamp-h1 /src/lib/libndpi.a /src/lib/libndpi.so* /src/lib/libndpi -/src/lib/libndpi-4.1.0.dll +/src/lib/libndpi-*.dll /src/lib/libndpi.4 /tests/dga/dga_evaluate +/tests/dga/dga_evaluate.exe /tests/unit/unit /tags /rrdtool/Makefile diff --git a/example/reader_util.c b/example/reader_util.c index 7ccaba1fc..a7c970de7 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1085,6 +1085,13 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl ndpi_snprintf(flow->softether.fqdn, sizeof(flow->softether.fqdn), "%s", flow->ndpi_flow->protos.softether.fqdn); } + /* DISCORD */ + else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DISCORD) && !is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) && + flow->ndpi_flow->protos.discord.client_ip[0] != '\0') { + flow->info_type = INFO_GENERIC; + ndpi_snprintf(flow->info, sizeof(flow->info), "Client IP: %s", + flow->ndpi_flow->protos.discord.client_ip); + } /* DNS */ else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DNS)) { if(flow->ndpi_flow->protos.dns.rsp_type == 0x1) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 1402e4022..7087b0231 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -236,6 +236,7 @@ void init_alicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u void init_avast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_softether_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_activision_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_discord_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); /* ndpi_main.c */ extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 5583590b7..efea443d6 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1422,6 +1422,10 @@ struct ndpi_flow_struct { } collectd; struct { + char client_ip[16]; + } discord; + + struct { char version[32]; } ubntac2; diff --git a/src/lib/inc_generated/ndpi_asn_discord.c.inc b/src/lib/inc_generated/ndpi_asn_discord.c.inc new file mode 100644 index 000000000..bd7f6df32 --- /dev/null +++ b/src/lib/inc_generated/ndpi_asn_discord.c.inc @@ -0,0 +1,96 @@ +/* + * + * This file is generated automatically and part of nDPI + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/* ****************************************************** */ + + +static ndpi_network ndpi_protocol_discord_protocol_list[] = { + { 0x05C80000 /* 5.200.0.0/19 */, 19, NDPI_PROTOCOL_DISCORD }, + { 0x1FCC8000 /* 31.204.128.0/19 */, 19, NDPI_PROTOCOL_DISCORD }, + { 0x2BEF8800 /* 43.239.136.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0x2D53C800 /* 45.83.200.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0x2D7C8400 /* 45.124.132.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0x4216C400 /* 66.22.196.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0x4216C800 /* 66.22.200.0/21 */, 21, NDPI_PROTOCOL_DISCORD }, + { 0x4216D000 /* 66.22.208.0/20 */, 20, NDPI_PROTOCOL_DISCORD }, + { 0x4216E000 /* 66.22.224.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0x4216E600 /* 66.22.230.0/23 */, 23, NDPI_PROTOCOL_DISCORD }, + { 0x4216E800 /* 66.22.232.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0x4216EC00 /* 66.22.236.0/23 */, 23, NDPI_PROTOCOL_DISCORD }, + { 0x4216EE00 /* 66.22.238.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0x4216F000 /* 66.22.240.0/23 */, 23, NDPI_PROTOCOL_DISCORD }, + { 0x4216F200 /* 66.22.242.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0x4216F400 /* 66.22.244.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0x4216F800 /* 66.22.248.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0x45A8EA00 /* 69.168.234.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0x559F7200 /* 85.159.114.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0x5968A000 /* 89.104.160.0/21 */, 21, NDPI_PROTOCOL_DISCORD }, + { 0x5BC3EA00 /* 91.195.234.0/23 */, 23, NDPI_PROTOCOL_DISCORD }, + { 0x5BC69800 /* 91.198.152.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0x5BD8CF00 /* 91.216.207.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0x677DD800 /* 103.125.216.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0x677DDB00 /* 103.125.219.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0x679F7A00 /* 103.159.122.0/23 */, 23, NDPI_PROTOCOL_DISCORD }, + { 0x67C2A400 /* 103.194.164.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0x68995400 /* 104.153.84.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0x6DC8C000 /* 109.200.192.0/19 */, 19, NDPI_PROTOCOL_DISCORD }, + { 0x8A808800 /* 138.128.136.0/21 */, 21, NDPI_PROTOCOL_DISCORD }, + { 0x92F74C00 /* 146.247.76.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xA2F43400 /* 162.244.52.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xA2F5CC00 /* 162.245.204.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB2F89B00 /* 178.248.155.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xB9298C00 /* 185.41.140.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9326800 /* 185.50.104.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9340C00 /* 185.52.12.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9462F00 /* 185.70.47.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xB94DD000 /* 185.77.208.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9729C00 /* 185.114.156.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9782300 /* 185.120.35.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xB9A23800 /* 185.162.56.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9A53000 /* 185.165.48.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xB9ABF000 /* 185.171.240.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9AC8400 /* 185.172.132.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9B3C800 /* 185.179.200.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9B9D400 /* 185.185.212.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9BDB400 /* 185.189.180.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9BFF000 /* 185.191.240.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9C51800 /* 185.197.24.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9C91100 /* 185.201.17.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xB9DAA400 /* 185.218.164.0/23 */, 23, NDPI_PROTOCOL_DISCORD }, + { 0xB9DAA600 /* 185.218.166.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xB9E28A00 /* 185.226.138.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xB9E52000 /* 185.229.32.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xB9F1D100 /* 185.241.209.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xBC7A4000 /* 188.122.64.0/19 */, 19, NDPI_PROTOCOL_DISCORD }, + { 0xC12BDA00 /* 193.43.218.0/23 */, 23, NDPI_PROTOCOL_DISCORD }, + { 0xC12E5000 /* 193.46.80.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xC23D3B00 /* 194.61.59.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xC71BD400 /* 199.27.212.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + { 0xCB841800 /* 203.132.24.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xD412E600 /* 212.18.230.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xD468C800 /* 212.104.200.0/23 */, 23, NDPI_PROTOCOL_DISCORD }, + { 0xD468CA00 /* 212.104.202.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xD468CD00 /* 212.104.205.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xD5A34000 /* 213.163.64.0/19 */, 19, NDPI_PROTOCOL_DISCORD }, + { 0xD5B3C000 /* 213.179.192.0/19 */, 19, NDPI_PROTOCOL_DISCORD }, + { 0xD5BE1600 /* 213.190.22.0/24 */, 24, NDPI_PROTOCOL_DISCORD }, + { 0xDC9ED800 /* 220.158.216.0/22 */, 22, NDPI_PROTOCOL_DISCORD }, + /* End */ + { 0x0, 0, 0 } +}; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2911ad752..7929b3b88 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -88,6 +88,7 @@ #include "inc_generated/ndpi_asn_threema.c.inc" #include "inc_generated/ndpi_asn_alibaba.c.inc" #include "inc_generated/ndpi_asn_avast.c.inc" +#include "inc_generated/ndpi_asn_discord.c.inc" /* Third party libraries */ #include "third_party/include/ndpi_patricia.h" @@ -2652,6 +2653,7 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_threema_protocol_list); ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_alibaba_protocol_list); ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_avast_protocol_list); + ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_discord_protocol_list); } } @@ -4542,6 +4544,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* Activision */ init_activision_dissector(ndpi_str, &a, detection_bitmask); + /* Discord */ + init_discord_dissector(ndpi_str, &a, detection_bitmask); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index d33d6477e..2653a8f83 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1499,6 +1499,14 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, ndpi_serialize_end_of_block(serializer); break; + case NDPI_PROTOCOL_DISCORD: + if (l7_protocol.master_protocol != NDPI_PROTOCOL_TLS) { + ndpi_serialize_start_of_block(serializer, "discord"); + ndpi_serialize_string_string(serializer, "client_ip", flow->protos.discord.client_ip); + ndpi_serialize_end_of_block(serializer); + } + break; + case NDPI_PROTOCOL_SSH: ndpi_serialize_start_of_block(serializer, "ssh"); ndpi_serialize_string_string(serializer, "client_signature", flow->protos.ssh.client_signature); diff --git a/src/lib/protocols/discord.c b/src/lib/protocols/discord.c new file mode 100644 index 000000000..59355b00a --- /dev/null +++ b/src/lib/protocols/discord.c @@ -0,0 +1,89 @@ +/* + * discord.c + * + * Copyright (C) 2022 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DISCORD + +#include "ndpi_api.h" + +static void ndpi_int_discord_add_connection(struct ndpi_detection_module_struct * const ndpi_struct, + struct ndpi_flow_struct * const flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found discord\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_DISCORD, + NDPI_PROTOCOL_UNKNOWN, + NDPI_CONFIDENCE_DPI); +} + +void ndpi_search_discord(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; + + NDPI_LOG_DBG(ndpi_struct, "search discord\n"); + + if (packet->payload_packet_len == 8 && + ntohl(get_u_int32_t(packet->payload, 0)) == 0x1337cafe) + { + ndpi_int_discord_add_connection(ndpi_struct, flow); + return; + } + + if (packet->payload_packet_len == 74 && + ntohs(get_u_int16_t(packet->payload, 6)) == 0xace3) + { + if (flow->packet_counter == 1 && + ntohl(get_u_int32_t(packet->payload, 0)) == 0x00010046) + { + /* Wait for the next packet, hopefully beeing able to dissect the client IP. */ + return; + } + + if (flow->packet_counter == 2 && + ntohl(get_u_int32_t(packet->payload, 0)) == 0x00020046) + { + /* Dissect client IP. */ + size_t len = sizeof(flow->protos.discord.client_ip) - 1; + strncpy(flow->protos.discord.client_ip, (char const *)&packet->payload[8], len); + flow->protos.discord.client_ip[len] = '\0'; + ndpi_int_discord_add_connection(ndpi_struct, flow); + return; + } + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +void init_discord_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("Discord", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_DISCORD, + ndpi_search_discord, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK + ); + + *id += 1; +} diff --git a/src/lib/protocols/riotgames.c b/src/lib/protocols/riotgames.c index 40dddd7b6..d73af8276 100644 --- a/src/lib/protocols/riotgames.c +++ b/src/lib/protocols/riotgames.c @@ -42,13 +42,6 @@ void ndpi_search_riotgames(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "searching RiotGames\n"); - if (packet->payload_packet_len == 8 && - ntohl(get_u_int32_t(packet->payload, 0)) == 0x1337cafe) - { - ndpi_int_riotgames_add_connection(ndpi_struct, flow); - return; - } - if (packet->payload_packet_len > 8 && ntohl(get_u_int32_t(packet->payload, packet->payload_packet_len - 8)) == 0xaaaaaaaa && ntohl(get_u_int32_t(packet->payload, packet->payload_packet_len - 4)) == 0xbbbbbbbb) diff --git a/tests/pcap/discord.pcap b/tests/pcap/discord.pcap Binary files differindex 83ecb5763..7f61ae3d9 100644 --- a/tests/pcap/discord.pcap +++ b/tests/pcap/discord.pcap diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 01f7550e6..c56475681 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -6,7 +6,7 @@ Confidence Unknown : 14 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4658 (23.64 diss/flow) +Num dissector calls: 4672 (23.72 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/4in4tunnel.pcap.out b/tests/result/4in4tunnel.pcap.out index 8ca75bf25..c0241b3aa 100644 --- a/tests/result/4in4tunnel.pcap.out +++ b/tests/result/4in4tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 5 (5.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 169 (169.00 diss/flow) +Num dissector calls: 170 (170.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/6in6tunnel.pcap.out b/tests/result/6in6tunnel.pcap.out index 39dfc5d92..32aaa6822 100644 --- a/tests/result/6in6tunnel.pcap.out +++ b/tests/result/6in6tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 113 (113.00 diss/flow) +Num dissector calls: 114 (114.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index 3af0de07e..2e8b0e18f 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 116 (4.00 pkts/flow) Confidence DPI : 31 (flows) -Num dissector calls: 4074 (131.42 diss/flow) +Num dissector calls: 4103 (132.35 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 267a8b8f0..83580058b 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 2 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 61 (flows) -Num dissector calls: 919 (13.32 diss/flow) +Num dissector calls: 920 (13.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/collectd.pcap.out b/tests/result/collectd.pcap.out index 7ab432816..4caf5bce9 100644 --- a/tests/result/collectd.pcap.out +++ b/tests/result/collectd.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 13 (1.62 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 379 (47.38 diss/flow) +Num dissector calls: 382 (47.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dhcp-fuzz.pcapng.out b/tests/result/dhcp-fuzz.pcapng.out index f6a4d8e1d..7d13f0860 100644 --- a/tests/result/dhcp-fuzz.pcapng.out +++ b/tests/result/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 101 (101.00 diss/flow) +Num dissector calls: 102 (102.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/discord.pcap.out b/tests/result/discord.pcap.out index 816719df8..a4cbaa0d6 100644 --- a/tests/result/discord.pcap.out +++ b/tests/result/discord.pcap.out @@ -1,8 +1,9 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) -Confidence DPI : 1 (flows) -Num dissector calls: 1 (1.00 diss/flow) +DPI Packets (UDP): 58 (1.81 pkts/flow) +Confidence DPI : 33 (flows) +Num dissector calls: 3759 (113.91 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -15,15 +16,47 @@ Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) Automa common alpns: 2/2 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 66/0 (search/found) Patricia risk: 0/0 (search/found) -Patricia protocols: 2/2 (search/found) +Patricia protocols: 118/92 (search/found) -Discord 7 3708 1 +Discord 396 90294 33 JA3 Host Stats: IP Address # JA3C 1 10.0.2.15 1 - 1 TCP 10.0.2.15:42834 <-> 162.159.128.233:443 [proto: 91.58/TLS.Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/451 bytes <-> 4 pkts/3257 bytes][Goodput ratio: 60/93][0.05 sec][Hostname/SNI: discord.com][ALPN: h2;http/1.1][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 16/0 20/13 23/22 4/9][Pkt Len c2s/s2c min/avg/max/stddev: 74/58 150/814 230/1506 64/609][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 19/Jan/2021 00:00:00 - 18/Jan/2022 23:59:59][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][ServerNames: discord.com,sni.cloudflaressl.com,*.discord.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: 31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D][Safari][Validity: 2021-01-19 00:00:00 - 2022-01-18 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0] + 1 UDP 192.168.2.100:61985 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][8 pkts/2413 bytes <-> 7 pkts/2054 bytes][Goodput ratio: 86/86][0.16 sec][Client IP: 84.59.132.100][bytes ratio: 0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 18/13 21/23 33/33 6/7][Pkt Len c2s/s2c min/avg/max/stddev: 116/116 302/293 348/323 71/72][PLAIN TEXT (84.59.132.100)][Plen Bins: 0,0,13,0,0,0,0,0,66,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.2.100:63893 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][14 pkts/3884 bytes <-> 1 pkts/116 bytes][Goodput ratio: 85/63][0.23 sec][Client IP: 84.59.132.100][bytes ratio: 0.942 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/0 19/0 33/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 50/116 277/116 341/116 101/0][PLAIN TEXT (84.59.132.100)][Plen Bins: 6,6,13,0,0,0,0,0,26,47,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.2.100:61435 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][13 pkts/3767 bytes <-> 2 pkts/176 bytes][Goodput ratio: 85/46][0.26 sec][Client IP: 84.59.132.100][bytes ratio: 0.911 (Upload)][IAT c2s/s2c min/avg/max/stddev: 9/0 21/0 57/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 290/88 340/116 89/28][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,0,0,0,0,40,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.2.100:52283 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][8 pkts/2134 bytes <-> 7 pkts/1791 bytes][Goodput ratio: 84/83][0.15 sec][Client IP: 84.59.132.100][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 16/7 22/19 37/38 7/11][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 267/256 334/323 107/107][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,0,0,0,0,53,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.2.100:55432 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][13 pkts/3740 bytes <-> 2 pkts/176 bytes][Goodput ratio: 85/46][0.24 sec][Client IP: 84.59.132.100][bytes ratio: 0.910 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/0 28/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 288/88 344/116 89/28][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,0,0,0,0,53,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.2.100:50199 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][8 pkts/2097 bytes <-> 7 pkts/1791 bytes][Goodput ratio: 84/83][0.15 sec][Client IP: 84.59.132.100][bytes ratio: 0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 18/3 23/21 42/42 9/13][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 262/256 333/323 105/107][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,0,0,0,0,60,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.2.100:63362 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][12 pkts/3349 bytes <-> 3 pkts/499 bytes][Goodput ratio: 85/73][0.23 sec][Client IP: 84.59.132.100][bytes ratio: 0.741 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 21/31 53/31 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 279/166 340/323 90/113][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,0,0,0,6,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 10.0.2.15:42834 <-> 162.159.128.233:443 [proto: 91.58/TLS.Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/451 bytes <-> 4 pkts/3257 bytes][Goodput ratio: 60/93][0.05 sec][Hostname/SNI: discord.com][ALPN: h2;http/1.1][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 16/0 20/13 23/22 4/9][Pkt Len c2s/s2c min/avg/max/stddev: 74/58 150/814 230/1506 64/609][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 19/Jan/2021 00:00:00 - 18/Jan/2022 23:59:59][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][ServerNames: discord.com,sni.cloudflaressl.com,*.discord.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: 31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D][Safari][Validity: 2021-01-19 00:00:00 - 2022-01-18 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0] + 9 UDP 192.168.2.100:65053 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/236 bytes <-> 12 pkts/3448 bytes][Goodput ratio: 46/85][0.61 sec][Client IP: 84.59.132.100][bytes ratio: -0.872 (Download)][IAT c2s/s2c min/avg/max/stddev: 151/14 196/56 242/241 46/75][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 79/287 116/448 28/97][PLAIN TEXT (84.59.132.100)][Plen Bins: 20,0,13,0,0,0,0,0,60,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.2.100:52323 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/260 bytes <-> 12 pkts/3416 bytes][Goodput ratio: 51/85][0.90 sec][Client IP: 84.59.132.100][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/11 341/84 453/463 112/140][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 87/285 116/343 27/89][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,6,13,0,0,0,0,0,61,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.2.100:53459 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/268 bytes <-> 12 pkts/3406 bytes][Goodput ratio: 53/85][1.83 sec][Client IP: 84.59.132.100][bytes ratio: -0.854 (Download)][IAT c2s/s2c min/avg/max/stddev: 125/13 806/177 1486/1498 680/441][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 89/284 116/323 28/88][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,6,13,0,0,0,0,0,67,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.2.100:59240 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/268 bytes <-> 12 pkts/3406 bytes][Goodput ratio: 53/85][1.71 sec][Client IP: 84.59.132.100][bytes ratio: -0.854 (Download)][IAT c2s/s2c min/avg/max/stddev: 254/16 744/165 1235/1246 490/366][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 89/284 116/323 28/88][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,6,13,0,0,0,0,0,67,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.2.100:61392 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/268 bytes <-> 12 pkts/3406 bytes][Goodput ratio: 53/85][0.54 sec][Client IP: 84.59.132.100][bytes ratio: -0.854 (Download)][IAT c2s/s2c min/avg/max/stddev: 146/1 199/49 252/269 53/84][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 89/284 116/323 28/88][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,6,13,0,0,0,0,0,67,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.2.100:50335 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/236 bytes <-> 12 pkts/3406 bytes][Goodput ratio: 46/85][0.57 sec][Client IP: 84.59.132.100][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 165/10 170/51 175/185 5/61][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 79/284 116/323 28/88][PLAIN TEXT (84.59.132.100)][Plen Bins: 20,0,13,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 192.168.2.100:62379 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][9 pkts/2171 bytes <-> 6 pkts/1468 bytes][Goodput ratio: 83/82][1.24 sec][Client IP: 84.59.132.100][bytes ratio: 0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 18/15 174/294 943/947 318/382][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 241/245 330/323 98/112][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,6,6,0,6,47,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 192.168.2.100:55085 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][8 pkts/1830 bytes <-> 7 pkts/1791 bytes][Goodput ratio: 82/83][0.15 sec][Client IP: 84.59.132.100][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/7 22/21 40/44 9/13][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 229/256 295/323 87/107][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,0,0,6,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 192.168.2.100:54950 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/268 bytes <-> 12 pkts/3176 bytes][Goodput ratio: 53/84][1.12 sec][Client IP: 84.59.132.100][bytes ratio: -0.844 (Download)][IAT c2s/s2c min/avg/max/stddev: 249/11 458/108 666/678 208/202][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 89/265 116/323 28/101][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,13,13,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 192.168.2.100:58322 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][9 pkts/1942 bytes <-> 6 pkts/1468 bytes][Goodput ratio: 80/82][1.93 sec][Client IP: 84.59.132.100][bytes ratio: 0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 18/20 273/466 1674/1677 574/701][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 216/245 331/323 92/112][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,20,0,6,0,40,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.2.100:59891 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][4 pkts/454 bytes <-> 11 pkts/2854 bytes][Goodput ratio: 63/83][2.05 sec][Client IP: 84.59.132.100][bytes ratio: -0.726 (Download)][IAT c2s/s2c min/avg/max/stddev: 187/17 921/221 1655/1665 734/513][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 114/259 186/323 49/104][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,13,13,0,6,0,0,0,54,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 192.168.2.100:61060 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][13 pkts/3073 bytes <-> 2 pkts/176 bytes][Goodput ratio: 82/46][0.37 sec][Client IP: 84.59.132.100][bytes ratio: 0.892 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/215 32/215 191/215 51/0][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 236/88 335/116 105/28][PLAIN TEXT (84.59.132.100)][Plen Bins: 20,0,13,6,6,6,0,6,13,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 192.168.2.100:57955 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][7 pkts/1071 bytes <-> 8 pkts/2114 bytes][Goodput ratio: 72/84][0.19 sec][Client IP: 84.59.132.100][bytes ratio: -0.327 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/13 31/26 96/63 33/17][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 153/264 361/323 115/103][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,20,13,0,0,0,0,0,46,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 192.168.2.100:49648 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][7 pkts/1416 bytes <-> 8 pkts/1638 bytes][Goodput ratio: 79/79][0.69 sec][Client IP: 84.59.132.100][bytes ratio: -0.073 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 18/1 134/110 362/365 144/142][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 202/205 318/323 89/119][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,13,13,0,6,13,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.168.2.100:57764 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/260 bytes <-> 12 pkts/2703 bytes][Goodput ratio: 51/81][2.36 sec][Client IP: 84.59.132.100][bytes ratio: -0.825 (Download)][IAT c2s/s2c min/avg/max/stddev: 200/14 732/231 1265/1812 532/531][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 87/225 116/517 27/147][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,34,13,0,0,0,0,0,26,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 UDP 192.168.2.100:62481 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][14 pkts/2359 bytes <-> 1 pkts/116 bytes][Goodput ratio: 75/63][0.26 sec][Client IP: 84.59.132.100][bytes ratio: 0.906 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8/0 20/0 42/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 50/116 168/116 330/116 113/0][PLAIN TEXT (84.59.132.100)][Plen Bins: 6,47,13,0,0,0,0,0,26,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 192.168.2.100:58753 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][8 pkts/1457 bytes <-> 7 pkts/601 bytes][Goodput ratio: 77/49][0.72 sec][Client IP: 84.59.132.100][bytes ratio: 0.416 (Upload)][IAT c2s/s2c min/avg/max/stddev: 17/20 115/134 372/373 139/146][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 182/86 305/116 73/15][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,34,13,0,26,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 192.168.2.100:62844 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][4 pkts/336 bytes <-> 11 pkts/941 bytes][Goodput ratio: 50/50][0.25 sec][Client IP: 84.59.132.100][bytes ratio: -0.474 (Download)][IAT c2s/s2c min/avg/max/stddev: 24/2 59/21 105/45 34/11][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 84/86 116/116 23/12][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,73,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 192.168.2.100:57956 <-> 66.22.196.173:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/116 bytes <-> 1 pkts/116 bytes][Goodput ratio: 63/63][< 1 sec][Client IP: 84.59.132.100][PLAIN TEXT (84.59.132.100)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 UDP 192.168.2.100:56271 <-> 66.22.237.11:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 UDP 192.168.2.100:56271 <-> 66.22.237.138:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][0.00 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 UDP 192.168.2.100:56271 <-> 66.22.241.5:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 UDP 192.168.2.100:56271 <-> 66.22.241.7:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][0.01 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 UDP 192.168.2.100:56271 <-> 66.22.244.139:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 UDP 192.168.2.100:56271 <-> 66.22.244.154:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out index 94251753a..37e6eccc8 100644 --- a/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 256 (1.04 pkts/flow) Confidence DPI : 245 (flows) -Num dissector calls: 21896 (89.37 diss/flow) +Num dissector calls: 21907 (89.42 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dnscrypt-v2.pcap.out b/tests/result/dnscrypt-v2.pcap.out index 46cb7170f..4728ac3fa 100644 --- a/tests/result/dnscrypt-v2.pcap.out +++ b/tests/result/dnscrypt-v2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 354 (118.00 diss/flow) +Num dissector calls: 357 (119.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dnscrypt_skype_false_positive.pcapng.out b/tests/result/dnscrypt_skype_false_positive.pcapng.out index c6b6e4d04..7617d0662 100644 --- a/tests/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/result/dnscrypt_skype_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 119 (119.00 diss/flow) +Num dissector calls: 120 (120.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out index 867438178..dda8e84e7 100644 --- a/tests/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5284 (21.05 diss/flow) +Num dissector calls: 5317 (21.18 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2020-02-16-11740.pcap.out b/tests/result/fuzz-2020-02-16-11740.pcap.out index 155d3af85..8c76eda26 100644 --- a/tests/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/result/fuzz-2020-02-16-11740.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Unknown : 19 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 55 (flows) -Num dissector calls: 1677 (21.78 diss/flow) +Num dissector calls: 1693 (21.99 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/gnutella.pcap.out b/tests/result/gnutella.pcap.out index 2c6a6183c..79f871d2a 100644 --- a/tests/result/gnutella.pcap.out +++ b/tests/result/gnutella.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 595 (flows) Confidence Match by port : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 163 (flows) -Num dissector calls: 63737 (83.86 diss/flow) +Num dissector calls: 64253 (84.54 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/gtp_false_positive.pcapng.out b/tests/result/gtp_false_positive.pcapng.out index 3a7cf4c67..f4b9a0f6e 100644 --- a/tests/result/gtp_false_positive.pcapng.out +++ b/tests/result/gtp_false_positive.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 7 (2.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) -Num dissector calls: 375 (125.00 diss/flow) +Num dissector calls: 378 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 237ed4c51..61e0efbd8 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 132 (8.80 diss/flow) +Num dissector calls: 133 (8.87 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/i3d.pcap.out b/tests/result/i3d.pcap.out index 73b811a2e..2847acf65 100644 --- a/tests/result/i3d.pcap.out +++ b/tests/result/i3d.pcap.out @@ -17,7 +17,7 @@ Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) Patricia risk mask: 8/0 (search/found) Patricia risk: 0/0 (search/found) -Patricia protocols: 24/0 (search/found) +Patricia protocols: 16/12 (search/found) i3D 60 36502 4 diff --git a/tests/result/imo.pcap.out b/tests/result/imo.pcap.out index 5c4515731..e21173c06 100644 --- a/tests/result/imo.pcap.out +++ b/tests/result/imo.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 273 (136.50 diss/flow) +Num dissector calls: 275 (137.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index 3d567aa23..d4864c3ec 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1822 (47.95 diss/flow) +Num dissector calls: 1823 (47.97 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/iphone.pcap.out b/tests/result/iphone.pcap.out index 2ea83bbc9..5ae95d554 100644 --- a/tests/result/iphone.pcap.out +++ b/tests/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 354 (6.94 diss/flow) +Num dissector calls: 355 (6.96 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/kontiki.pcap.out b/tests/result/kontiki.pcap.out index 5c6bdc0b5..e7ddcae10 100644 --- a/tests/result/kontiki.pcap.out +++ b/tests/result/kontiki.pcap.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 310 (38.75 diss/flow) +Num dissector calls: 312 (39.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 77b1b833e..836de059a 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 35 (2.33 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 6 (flows) Confidence DPI : 15 (flows) -Num dissector calls: 1267 (60.33 diss/flow) +Num dissector calls: 1272 (60.57 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index 3d296bcb3..2b1dc87d4 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 384 (128.00 diss/flow) +Num dissector calls: 386 (128.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index c51717653..845a49279 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 201 (4.57 pkts/flow) Confidence Unknown : 34 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 71 (flows) -Num dissector calls: 6322 (59.08 diss/flow) +Num dissector calls: 6356 (59.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index a308560f1..0e32b6151 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 208 (20.80 diss/flow) +Num dissector calls: 209 (20.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/radius_false_positive.pcapng.out b/tests/result/radius_false_positive.pcapng.out index 38e60079e..4a1ca981f 100644 --- a/tests/result/radius_false_positive.pcapng.out +++ b/tests/result/radius_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 10 (10.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 175 (175.00 diss/flow) +Num dissector calls: 176 (176.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/raknet.pcap.out b/tests/result/raknet.pcap.out index 95c715993..8c6c4f404 100644 --- a/tests/result/raknet.pcap.out +++ b/tests/result/raknet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1404 (117.00 diss/flow) +Num dissector calls: 1410 (117.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/riotgames.pcap.out b/tests/result/riotgames.pcap.out index 5cb45f7c5..4f81abc1b 100644 --- a/tests/result/riotgames.pcap.out +++ b/tests/result/riotgames.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 9 (1.00 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 891 (99.00 diss/flow) +Num dissector calls: 897 (99.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -17,9 +17,10 @@ Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) Patricia risk mask: 18/0 (search/found) Patricia risk: 0/0 (search/found) -Patricia protocols: 36/21 (search/found) +Patricia protocols: 32/25 (search/found) -RiotGames 44 3953 9 +Discord 4 220 2 +RiotGames 40 3733 7 1 UDP 192.168.2.100:59956 <-> 162.249.72.1:7194 [proto: 302/RiotGames][ClearText][Confidence: DPI][cat: Game/8][10 pkts/1106 bytes <-> 5 pkts/387 bytes][Goodput ratio: 62/46][5.50 sec][bytes ratio: 0.482 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/30 684/10 1033/30 438/14][Pkt Len c2s/s2c min/avg/max/stddev: 87/75 111/77 259/87 50/5][Plen Bins: 0,93,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.100:49298 <-> 162.249.72.1:7194 [proto: 302/RiotGames][ClearText][Confidence: DPI][cat: Game/8][6 pkts/712 bytes <-> 9 pkts/748 bytes][Goodput ratio: 65/49][2.43 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/31 283/132 994/203 372/82][Pkt Len c2s/s2c min/avg/max/stddev: 81/66 119/83 259/181 63/35][Plen Bins: 33,54,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -28,5 +29,5 @@ RiotGames 44 3953 9 5 UDP 192.168.2.100:58106 <-> 162.249.72.1:8181 [proto: 302/RiotGames][ClearText][Confidence: DPI][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/78 bytes][Goodput ratio: 46/46][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.2.100:62854 <-> 162.249.72.1:8181 [proto: 302/RiotGames][ClearText][Confidence: DPI][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/78 bytes][Goodput ratio: 46/46][0.02 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.2.100:63038 <-> 43.229.65.1:7998 [proto: 302/RiotGames][ClearText][Confidence: DPI][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/78 bytes][Goodput ratio: 46/46][0.27 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.2.100:48526 <-> 213.179.216.242:50004 [proto: 302/RiotGames][ClearText][Confidence: DPI][cat: Game/8][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.2.100:61099 <-> 66.22.241.8:50004 [proto: 302/RiotGames][ClearText][Confidence: DPI][cat: Game/8][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.2.100:48526 <-> 213.179.216.242:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.2.100:61099 <-> 66.22.241.8:50004 [proto: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/50 bytes <-> 1 pkts/60 bytes][Goodput ratio: 16/13][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out index 03f996ea6..a29b899df 100644 --- a/tests/result/rx.pcap.out +++ b/tests/result/rx.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 587 (117.40 diss/flow) +Num dissector calls: 592 (118.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/sflow.pcap.out b/tests/result/sflow.pcap.out index 40b6d146e..dd409cace 100644 --- a/tests/result/sflow.pcap.out +++ b/tests/result/sflow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 102 (102.00 diss/flow) +Num dissector calls: 103 (103.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/sip_hello.pcapng.out b/tests/result/sip_hello.pcapng.out index fe9a9a76e..b5a135e87 100644 --- a/tests/result/sip_hello.pcapng.out +++ b/tests/result/sip_hello.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 205 (205.00 diss/flow) +Num dissector calls: 206 (206.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 94b58ca4e..1dda19907 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 61 (flows) Confidence Match by port : 27 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 204 (flows) -Num dissector calls: 28688 (97.91 diss/flow) +Num dissector calls: 28690 (97.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index aceacd565..5a70427fd 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 45 (flows) Confidence Match by port : 22 (flows) Confidence DPI : 200 (flows) -Num dissector calls: 23830 (89.25 diss/flow) +Num dissector calls: 23831 (89.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype_udp.pcap.out b/tests/result/skype_udp.pcap.out index 8fe91fcae..304931a32 100644 --- a/tests/result/skype_udp.pcap.out +++ b/tests/result/skype_udp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 118 (118.00 diss/flow) +Num dissector calls: 119 (119.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/softether.pcap.out b/tests/result/softether.pcap.out index c66700078..348fe0734 100644 --- a/tests/result/softether.pcap.out +++ b/tests/result/softether.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 31 (10.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 363 (90.75 diss/flow) +Num dissector calls: 365 (91.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 09883a631..9365f46a6 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 8 (flows) Confidence Match by IP : 5 (flows) Confidence DPI : 39 (flows) -Num dissector calls: 1474 (28.35 diss/flow) +Num dissector calls: 1479 (28.44 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/stun_dtls.pcapng.out b/tests/result/stun_dtls.pcapng.out index c7e02d084..2ef74faf3 100644 --- a/tests/result/stun_dtls.pcapng.out +++ b/tests/result/stun_dtls.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 136 (136.00 diss/flow) +Num dissector calls: 137 (137.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/stun_facebook.pcapng.out b/tests/result/stun_facebook.pcapng.out index 0d6890147..e78ff1331 100644 --- a/tests/result/stun_facebook.pcapng.out +++ b/tests/result/stun_facebook.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 102 (102.00 diss/flow) +Num dissector calls: 103 (103.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/stun_signal.pcapng.out b/tests/result/stun_signal.pcapng.out index ff94d2827..af206a193 100644 --- a/tests/result/stun_signal.pcapng.out +++ b/tests/result/stun_signal.pcapng.out @@ -5,7 +5,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI (cache) : 2 (flows) Confidence DPI : 20 (flows) -Num dissector calls: 1844 (80.17 diss/flow) +Num dissector calls: 1857 (80.74 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index 5c679dc19..0cd1846d0 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 597 (7.19 diss/flow) +Num dissector calls: 598 (7.20 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/teamviewer.pcap.out b/tests/result/teamviewer.pcap.out index a234b44a5..3a3eac953 100644 --- a/tests/result/teamviewer.pcap.out +++ b/tests/result/teamviewer.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 144 (72.00 diss/flow) +Num dissector calls: 145 (72.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/telegram.pcap.out b/tests/result/telegram.pcap.out index 7fc82da95..bdafabe8c 100644 --- a/tests/result/telegram.pcap.out +++ b/tests/result/telegram.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 5 DPI Packets (UDP): 93 (1.94 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 46 (flows) -Num dissector calls: 1656 (34.50 diss/flow) +Num dissector calls: 1658 (34.54 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tftp.pcap.out b/tests/result/tftp.pcap.out index e1a6687f7..8b6f4f0ad 100644 --- a/tests/result/tftp.pcap.out +++ b/tests/result/tftp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 13 (1.86 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 300 (42.86 diss/flow) +Num dissector calls: 302 (43.14 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/toca-boca.pcap.out b/tests/result/toca-boca.pcap.out index 021a19f66..78ed5ee2c 100644 --- a/tests/result/toca-boca.pcap.out +++ b/tests/result/toca-boca.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (UDP): 21 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 17 (flows) -Num dissector calls: 421 (20.05 diss/flow) +Num dissector calls: 425 (20.24 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 7ac10a12b..9554fa7a9 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 520 (17.93 diss/flow) +Num dissector calls: 521 (17.97 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 9f7624fae..72d1b1cb1 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 17 (8.50 pkts/flow) Confidence Match by port : 1 (flows) Confidence Match by IP : 3 (flows) Confidence DPI : 53 (flows) -Num dissector calls: 318 (5.58 diss/flow) +Num dissector calls: 319 (5.60 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index 44de3c976..b13d5c96f 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 44 (3.14 pkts/flow) Confidence Match by port : 13 (flows) Confidence Match by IP : 8 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 584 (13.27 diss/flow) +Num dissector calls: 586 (13.32 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/wireguard.pcap.out b/tests/result/wireguard.pcap.out index af9fba895..18ca88603 100644 --- a/tests/result/wireguard.pcap.out +++ b/tests/result/wireguard.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 140 (140.00 diss/flow) +Num dissector calls: 141 (141.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index 461c08b5f..2b2a66ea4 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 25 (1.47 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 31 (flows) -Num dissector calls: 807 (24.45 diss/flow) +Num dissector calls: 808 (24.48 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 8/0/0 (insert/search/found) diff --git a/tests/result/zoom2.pcap.out b/tests/result/zoom2.pcap.out index 27b78ce90..c5693e0b8 100644 --- a/tests/result/zoom2.pcap.out +++ b/tests/result/zoom2.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 75 (25.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by IP : 3 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 863 (172.60 diss/flow) +Num dissector calls: 866 (173.20 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 1/0/0 (insert/search/found) diff --git a/utils/asn_update.sh b/utils/asn_update.sh index 9c716147c..ec2dab9d2 100755 --- a/utils/asn_update.sh +++ b/utils/asn_update.sh @@ -149,6 +149,11 @@ DEST=../src/lib/inc_generated/ndpi_asn_avast.c.inc create_list NDPI_PROTOCOL_AVAST $DEST "AS198605" echo "(3) AVAST IPs are available in $DEST" +echo "(1) Downloading Discord..." +DEST=../src/lib/inc_generated/ndpi_asn_discord.c.inc +create_list NDPI_PROTOCOL_DISCORD $DEST "AS49544" +echo "(3) Discord IPs are available in $DEST" + if [ ${TOTAL_ASN} -eq ${FAILED_ASN} ]; then printf '%s: %s\n' "${0}" "All download(s) failed, ./get_routes_by_asn.sh broken?" exit 1 |