From 277b4a060acda6f0f20b3df03c4c099df6c7b3a9 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Fri, 27 Sep 2019 10:15:20 +0200 Subject: Add categories test PCAP --- example/categories.txt | 3 +++ example/ndpiReader.c | 2 +- tests/do.sh | 2 +- tests/pcap/malware.pcap | Bin 0 -> 468 bytes tests/result/malware.pcap.out | 7 +++++++ 5 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 example/categories.txt create mode 100644 tests/pcap/malware.pcap create mode 100644 tests/result/malware.pcap.out diff --git a/example/categories.txt b/example/categories.txt new file mode 100644 index 000000000..6c5171c53 --- /dev/null +++ b/example/categories.txt @@ -0,0 +1,3 @@ +# Format: name\tcategory_id +internetbadguys.com 100 +144.139.247.220 100 diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 90e1b0d4f..f3e26b799 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1897,7 +1897,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { int fields[4]; - if(verbose) printf("[Category] Loading %s\t%s\n", name, category); + if(verbose && !quiet_mode) printf("[Category] Loading %s\t%s\n", name, category); if(sscanf(name, "%d.%d.%d.%d", &fields[0], &fields[1], &fields[2], &fields[3]) == 4) ndpi_load_ip_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, diff --git a/tests/do.sh b/tests/do.sh index 62b51288e..805437846 100755 --- a/tests/do.sh +++ b/tests/do.sh @@ -1,4 +1,4 @@ -READER="../example/ndpiReader -p ../example/protos.txt" +READER="../example/ndpiReader -p ../example/protos.txt -c ../example/categories.txt" RC=0 PCAPS=`cd pcap; /bin/ls *.pcap` diff --git a/tests/pcap/malware.pcap b/tests/pcap/malware.pcap new file mode 100644 index 000000000..c63389f04 Binary files /dev/null and b/tests/pcap/malware.pcap differ diff --git a/tests/result/malware.pcap.out b/tests/result/malware.pcap.out new file mode 100644 index 000000000..448633b3e --- /dev/null +++ b/tests/result/malware.pcap.out @@ -0,0 +1,7 @@ +DNS 2 216 1 +HTTP 1 66 1 +ICMP 1 98 1 + + 1 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Host: www.internetbadguys.com][PLAIN TEXT (internetbadguys)] + 2 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes] + 3 TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3