diff options
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 9 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 6 | ||||
| -rw-r--r-- | src/lib/Makefile.am | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 16 | ||||
| -rw-r--r-- | src/lib/protocols/mssql.c | 68 | ||||
| -rw-r--r-- | src/lib/protocols/mssql_tds.c | 82 | ||||
| -rw-r--r-- | src/lib/protocols/mysql.c | 41 | ||||
| -rw-r--r-- | src/lib/protocols/ubntac2.c | 18 | ||||
| -rw-r--r-- | tests/pcap/mssql_tds.pcap | bin | 0 -> 16892 bytes | |||
| -rw-r--r-- | tests/result/mssql_tds.pcap.out | 14 |
10 files changed, 138 insertions, 119 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index e4d40e9bb..e79325325 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -1,7 +1,7 @@ /* * ndpi_protocol_ids.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2016 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -76,7 +76,7 @@ #define NDPI_PROTOCOL_DHCP 18 #define NDPI_PROTOCOL_POSTGRES 19 #define NDPI_PROTOCOL_MYSQL 20 -#define NDPI_PROTOCOL_TDS 21 +#define NDPI_SERVICE_HOTMAIL 21 #define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 #define NDPI_PROTOCOL_MAIL_POPS 23 #define NDPI_PROTOCOL_APPLEJUICE 24 @@ -147,7 +147,7 @@ #define NDPI_PROTOCOL_KERBEROS 111 #define NDPI_PROTOCOL_LDAP 112 #define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL 114 +#define NDPI_PROTOCOL_MSSQL_TDS 114 #define NDPI_PROTOCOL_PPTP 115 #define NDPI_PROTOCOL_WARCRAFT3 116 #define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 @@ -264,10 +264,9 @@ #define NDPI_SERVICE_WEIBO 210 #define NDPI_SERVICE_HANGOUT 215 #define NDPI_SERVICE_SLACK 216 -#define NDPI_SERVICE_HOTMAIL 217 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_SERVICE_HOTMAIL +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_SERVICE_SLACK #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 12f3a0dbd..becc90c05 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -126,7 +126,6 @@ void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, struct nd void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_syslog(struct ndpi_detection_module_struct*ndpi_struct, struct ndpi_flow_struct *flow); -void ndpi_search_tds_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -135,7 +134,7 @@ void ndpi_search_warcraft3(struct ndpi_detection_module_struct *ndpi_struct, str void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_xdmcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_tftp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); -void ndpi_search_mssql(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_pptp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_stealthnet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -255,7 +254,7 @@ void init_mgpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); -void init_mssql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_mssql_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -305,7 +304,6 @@ void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); -void init_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index b920d4d67..21615d61d 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -80,7 +80,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/mpegts.c \ protocols/mqtt.c \ protocols/msn.c \ - protocols/mssql.c \ + protocols/mssql_tds.c \ protocols/mysql.c \ protocols/netbios.c \ protocols/netflow.c \ @@ -131,7 +131,6 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/stun.c \ protocols/syslog.c \ protocols/tcp_udp.c \ - protocols/tds.c \ protocols/teamspeak.c \ protocols/teamviewer.c \ protocols/telegram.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 4224dd2d6..8eef5a210 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -813,11 +813,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MySQL", ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_TDS, - no_master, - no_master, "TDS", - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, no_master, no_master, "Direct_Download_Link", @@ -1261,9 +1256,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MapleStory", ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS, no_master, - no_master, "MsSQL", + no_master, "MsSQL-TDS", ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, @@ -2410,9 +2405,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* SYSLOG */ init_syslog_dissector(ndpi_struct, &a, detection_bitmask); - /* TDS */ - init_tds_dissector(ndpi_struct, &a, detection_bitmask); - /* DIRECT_DOWNLOAD_LINK */ init_directdownloadlink_dissector(ndpi_struct, &a, detection_bitmask); @@ -2437,8 +2429,8 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* TFTP */ init_tftp_dissector(ndpi_struct, &a, detection_bitmask); - /* MSSQL */ - init_mssql_dissector(ndpi_struct, &a, detection_bitmask); + /* MSSQL_TDS */ + init_mssql_tds_dissector(ndpi_struct, &a, detection_bitmask); /* PPTP */ init_pptp_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/mssql.c b/src/lib/protocols/mssql.c deleted file mode 100644 index 51f44df6d..000000000 --- a/src/lib/protocols/mssql.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * mssql.c - * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * - */ - - -#include "ndpi_protocols.h" - -#ifdef NDPI_PROTOCOL_MSSQL - -static void ndpi_int_mssql_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MSSQL, NDPI_PROTOCOL_UNKNOWN); -} - -void ndpi_search_mssql(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - NDPI_LOG(NDPI_PROTOCOL_MSSQL, ndpi_struct, NDPI_LOG_DEBUG, "search mssql.\n"); - - if (packet->payload_packet_len > 51 && ntohs(get_u_int32_t(packet->payload, 0)) == 0x1201 - && ntohs(get_u_int16_t(packet->payload, 2)) == packet->payload_packet_len - && ntohl(get_u_int32_t(packet->payload, 4)) == 0x00000100 && memcmp(&packet->payload[41], "sqlexpress", 10) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSSQL, ndpi_struct, NDPI_LOG_DEBUG, "found mssql.\n"); - ndpi_int_mssql_add_connection(ndpi_struct, flow); - return; - } - - NDPI_LOG(NDPI_PROTOCOL_MSSQL, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL); -} - - -void init_mssql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("MsSQL", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_MSSQL, - ndpi_search_mssql, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} - -#endif diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c new file mode 100644 index 000000000..73dfe29a0 --- /dev/null +++ b/src/lib/protocols/mssql_tds.c @@ -0,0 +1,82 @@ +/* + * mssql.c + * + * Copyright (C) 2016 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +#include "ndpi_protocols.h" + +#ifdef NDPI_PROTOCOL_MSSQL_TDS + +struct tds_packet_header { + u_int8_t type; + u_int8_t status; + u_int16_t length; + u_int16_t channel; + u_int8_t number; + u_int8_t window; +}; + +static void ndpi_int_mssql_tds_add_connection(struct ndpi_detection_module_struct + *ndpi_struct, struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MSSQL_TDS, NDPI_PROTOCOL_UNKNOWN); +} + +void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + struct tds_packet_header *h = (struct tds_packet_header*) packet->payload; + + if (packet->payload_packet_len < sizeof(struct tds_packet_header)) { + NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); + return; + } + + if((h->type >= 1 && h->type <= 8) || (h->type >= 14 && h->type <= 18)) { + if(h->status == 0x00 || h->status == 0x01 || h->status == 0x02 || h->status == 0x04 || h->status == 0x08 || h->status == 0x09 || h->status == 0x10) { + if(ntohs(h->length) == packet->payload_packet_len && h->window == 0x00) { + NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "found mssql_tds\n"); + ndpi_int_mssql_tds_add_connection(ndpi_struct, flow); + return; + } + } + } + + NDPI_LOG(NDPI_PROTOCOL_MSSQL, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); +} + + +void init_mssql_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("MsSQL_TDS", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_MSSQL_TDS, + ndpi_search_mssql_tds, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index 3cf191744..e500b2976 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -39,27 +39,28 @@ void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, str // struct ndpi_id_struct *src=ndpi_struct->src; // struct ndpi_id_struct *dst=ndpi_struct->dst; - - if (packet->payload_packet_len > 38 //min length - && get_u_int16_t(packet->payload, 0) == packet->payload_packet_len - 4 //first 3 bytes are length - && get_u_int8_t(packet->payload, 2) == 0x00 //3rd byte of packet length - && get_u_int8_t(packet->payload, 3) == 0x00 //packet sequence number is 0 for startup packet - && get_u_int8_t(packet->payload, 5) > 0x30 //server version > 0 - && get_u_int8_t(packet->payload, 5) < 0x37 //server version < 7 - && get_u_int8_t(packet->payload, 6) == 0x2e //dot - ) { - u_int32_t a; - for (a = 7; a + 31 < packet->payload_packet_len; a++) { - if (packet->payload[a] == 0x00) { - if (get_u_int8_t(packet->payload, a + 13) == 0x00 //filler byte - && get_u_int64_t(packet->payload, a + 19) == 0x0ULL //13 more - && get_u_int32_t(packet->payload, a + 27) == 0x0 //filler bytes - && get_u_int8_t(packet->payload, a + 31) == 0x0) { - NDPI_LOG(NDPI_PROTOCOL_MYSQL, ndpi_struct, NDPI_LOG_DEBUG, "MySQL detected.\n"); - ndpi_int_mysql_add_connection(ndpi_struct, flow); - return; + if(packet->tcp) { + if (packet->payload_packet_len > 38 //min length + && get_u_int16_t(packet->payload, 0) == packet->payload_packet_len - 4 //first 3 bytes are length + && get_u_int8_t(packet->payload, 2) == 0x00 //3rd byte of packet length + && get_u_int8_t(packet->payload, 3) == 0x00 //packet sequence number is 0 for startup packet + && get_u_int8_t(packet->payload, 5) > 0x30 //server version > 0 + && get_u_int8_t(packet->payload, 5) < 0x37 //server version < 7 + && get_u_int8_t(packet->payload, 6) == 0x2e //dot + ) { + u_int32_t a; + for (a = 7; a + 31 < packet->payload_packet_len; a++) { + if (packet->payload[a] == 0x00) { + if (get_u_int8_t(packet->payload, a + 13) == 0x00 //filler byte + && get_u_int64_t(packet->payload, a + 19) == 0x0ULL //13 more + && get_u_int32_t(packet->payload, a + 27) == 0x0 //filler bytes + && get_u_int8_t(packet->payload, a + 31) == 0x0) { + NDPI_LOG(NDPI_PROTOCOL_MYSQL, ndpi_struct, NDPI_LOG_DEBUG, "MySQL detected.\n"); + ndpi_int_mysql_add_connection(ndpi_struct, flow); + return; + } + break; } - break; } } } diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index 3015f4211..b465e0a30 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -35,14 +35,16 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_TRACE, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest)); - if (packet->udp != NULL && packet->payload_packet_len >= 135 && - (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001)) && - memcmp(&(packet->payload[36]), "UBNT", 4) == 0) { - - NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n"); - - ndpi_int_ubntac2_add_connection(ndpi_struct, flow); - return; + if(packet->udp) { + if(packet->payload_packet_len >= 135 && + (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001)) && + memcmp(&(packet->payload[36]), "UBNT", 4) == 0) { + + NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n"); + + ndpi_int_ubntac2_add_connection(ndpi_struct, flow); + return; + } } NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UBNTAC2); diff --git a/tests/pcap/mssql_tds.pcap b/tests/pcap/mssql_tds.pcap Binary files differnew file mode 100644 index 000000000..934e95599 --- /dev/null +++ b/tests/pcap/mssql_tds.pcap diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out new file mode 100644 index 000000000..28c1075ae --- /dev/null +++ b/tests/result/mssql_tds.pcap.out @@ -0,0 +1,14 @@ +MsSQL-TDS 38 16260 12 + + 1 TCP 10.0.0.1:1433 <-> 10.111.111.111:2222 [proto: 114/MsSQL-TDS][2 pkts/169 bytes] + 2 TCP 10.0.0.1:1433 <-> 10.111.111.111:4444 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes] + 3 TCP 10.0.0.1:1433 <-> 10.111.111.111:6666 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes] + 4 TCP 10.0.0.1:1433 <-> 10.111.111.111:8888 [proto: 114/MsSQL-TDS][1 pkts/142 bytes] + 5 TCP 10.0.0.1:1433 <-> 10.111.111.111:22222 [proto: 114/MsSQL-TDS][1 pkts/322 bytes] + 6 TCP 10.0.0.1:1433 <-> 10.111.111.111:1111 [proto: 114/MsSQL-TDS][4 pkts/1138 bytes] + 7 TCP 10.0.0.1:1433 <-> 10.111.111.111:3333 [proto: 114/MsSQL-TDS][1 pkts/239 bytes] + 8 TCP 10.0.0.1:1433 <-> 10.111.111.111:5555 [proto: 114/MsSQL-TDS][17 pkts/3073 bytes] + 9 TCP 10.0.0.1:1433 <-> 10.111.111.111:7777 [proto: 114/MsSQL-TDS][1 pkts/425 bytes] + 10 TCP 10.0.0.1:1433 <-> 10.111.111.111:9999 [proto: 114/MsSQL-TDS][1 pkts/272 bytes] + 11 TCP 10.0.0.1:1433 <-> 10.111.111.111:11111 [proto: 114/MsSQL-TDS][1 pkts/253 bytes] + 12 TCP 10.0.0.1:1433 <-> 10.111.111.111:33333 [proto: 114/MsSQL-TDS][1 pkts/374 bytes] |