From 281ba768ec76a5e2823d20a8264a4e0537548fc2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 1 Apr 2017 21:33:15 +0200 Subject: Added Ookla (SpeedTest) protocol detection --- example/ndpi_util.c | 14 +- src/include/ndpi_protocol_ids.h | 4 +- src/lib/ndpi_main.c | 6 +- src/lib/protocols/http.c | 277 +++++++--------------------------------- 4 files changed, 60 insertions(+), 241 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 3ab6d8da4..d2f002270 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -62,6 +62,10 @@ #define GTP_U_V1_PORT 2152 #define TZSP_PORT 37008 +#ifndef DLT_LINUX_SLL +#define DLT_LINUX_SLL 113 +#endif + #include "ndpi_main.h" #include "ndpi_util.h" @@ -629,7 +633,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, datalink_check: switch(datalink_type) { - case DLT_NULL : + case DLT_NULL: if(ntohl(*((u_int32_t*)&packet[eth_offset])) == 2) type = ETH_P_IP; else @@ -653,7 +657,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* IEEE 802.3 Ethernet - 1 */ - case DLT_EN10MB : + case DLT_EN10MB: ethernet = (struct ndpi_ethhdr *) &packet[eth_offset]; ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset; check = ntohs(ethernet->h_proto); @@ -674,15 +678,13 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* Linux Cooked Capture - 113 */ -#ifdef __linux__ - case DLT_LINUX_SLL : + case DLT_LINUX_SLL: type = (packet[eth_offset+14] << 8) + packet[eth_offset+15]; ip_offset = 16 + eth_offset; break; -#endif /* Radiotap link-layer - 127 */ - case DLT_IEEE802_11_RADIO : + case DLT_IEEE802_11_RADIO: radiotap = (struct ndpi_radiotap_header *) &packet[eth_offset]; radio_len = radiotap->len; diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 7eada61e2..5afa63c92 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -227,9 +227,9 @@ #define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 #define NDPI_PROTOCOL_EAQ 190 +#define NDPI_PROTOCOL_OOKLA 191 -/* 191, 192 are free */ -#define NDPI_PROTOCOL_FREE_191 191 +/* 192 is free */ #define NDPI_PROTOCOL_FREE_192 192 #define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0c5c0f0ff..2250928c4 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1606,9 +1606,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OOKLA, + no_master, + no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 1bef7f8f5..61d59f856 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -63,7 +63,6 @@ static void flash_check_http_payload(struct ndpi_detection_module_struct pos = &packet->payload[packet->empty_line_position] + 2; - if(memcmp(pos, "FLV", 3) == 0 && pos[3] == 0x01 && (pos[4] == 0x01 || pos[4] == 0x04 || pos[4] == 0x05) && pos[5] == 0x00 && pos[6] == 0x00 && pos[7] == 0x00 && pos[8] == 0x09) { @@ -330,7 +329,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ return; } } - + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); } @@ -341,7 +340,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST Line found %.*s\n", packet->host_line.len, packet->host_line.ptr); - + /* call ndpi_match_host_subprotocol to see if there is a match with known-host http subprotocol */ if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) ndpi_match_host_subprotocol(ndpi_struct, flow, @@ -357,13 +356,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ len = ndpi_min(packet->forwarded_line.len, sizeof(flow->nat_ip)-1); strncpy((char*)flow->nat_ip, (char*)packet->forwarded_line.ptr, len); flow->nat_ip[len] = '\0'; - + if(ndpi_struct->http_dont_dissect_response) parseHttpSubprotocol(ndpi_struct, flow); /** check result of host subprotocol detection - + if "detected" in flow == 0 then "detected" = "guess" else "guess" = "detected" **/ @@ -386,7 +385,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ (char *)packet->http_origin.ptr, packet->http_origin.len, NDPI_PROTOCOL_HTTP); - + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { ndpi_int_http_add_connection(ndpi_struct, flow, packet->detected_protocol_stack[0]); @@ -534,225 +533,6 @@ static void http_bitmask_exclude(struct ndpi_flow_struct *flow) #endif } -void _org_ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - u_int16_t filename_start; - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "search http\n"); - - /* set client-server_direction */ - if(flow->l4.tcp.http_setup_dir == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "initializes http to stage: 1 \n"); - flow->l4.tcp.http_setup_dir = 1 + packet->packet_direction; - } - - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK - (ndpi_struct->generic_http_packet_bitmask, packet->detected_protocol_stack[0]) != 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "protocol might be detected earlier as http jump to payload type detection\n"); - goto http_parse_detection; - } - - if(flow->l4.tcp.http_setup_dir == 1 + packet->packet_direction) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "http stage: 1\n"); - - if(flow->l4.tcp.http_wait_for_retransmission) { - if(!packet->tcp_retransmission) { - if(flow->packet_counter <= 5) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "still waiting for retransmission\n"); - return; - } else { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "retransmission not found, exclude\n"); - http_bitmask_exclude(flow); - return; - } - } - } - - if(flow->l4.tcp.http_stage == 0) { - filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start == 0) { - if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response found (truncated flow ?)\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - return; - } - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "filename not found, exclude\n"); - http_bitmask_exclude(flow); - return; - } - // parse packet - ndpi_parse_packet_line_info(ndpi_struct, flow); - - if(packet->parsed_lines <= 1) { - /* parse one more packet .. */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "just one line, search next packet\n"); - - packet->http_method.ptr = packet->line[0].ptr; - packet->http_method.len = filename_start - 1; - flow->l4.tcp.http_stage = 1; - return; - } - // parsed_lines > 1 here - if(packet->line[0].len >= (9 + filename_start) - && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - u_int16_t proto_id; - - packet->http_url_name.ptr = &packet->payload[filename_start]; - packet->http_url_name.len = packet->line[0].len - (filename_start + 9); - - packet->http_method.ptr = packet->line[0].ptr; - packet->http_method.len = filename_start - 1; - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "http structure detected, adding\n"); - - if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) /* nathan@getoffmalawn.com */ - proto_id = NDPI_PROTOCOL_HTTP_CONNECT; - else { - if((packet->http_url_name.len > 7) && (!strncmp((const char*)packet->http_url_name.ptr, "http://", 7))) - proto_id = NDPI_PROTOCOL_HTTP_PROXY; - else { - proto_id = NDPI_PROTOCOL_HTTP; - } - } - - ndpi_int_http_add_connection(ndpi_struct, flow, proto_id); - check_content_type_and_change_protocol(ndpi_struct, flow); - /* HTTP found, look for host... */ - if(packet->host_line.ptr != NULL) { - /* aaahh, skip this direction and wait for a server reply here */ - flow->l4.tcp.http_stage = 2; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP START HOST found\n"); - return; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP START HOST found\n"); - - /* host not found, check in next packet after */ - flow->l4.tcp.http_stage = 1; - return; - } - } else if(flow->l4.tcp.http_stage == 1) { - /* SECOND PAYLOAD TRAFFIC FROM CLIENT, FIRST PACKET MIGHT HAVE BEEN HTTP... */ - /* UNKNOWN TRAFFIC, HERE FOR HTTP again.. */ - // parse packet - ndpi_parse_packet_line_info(ndpi_struct, flow); - - if(packet->parsed_lines <= 1) { - /* wait some packets in case request is split over more than 2 packets */ - if(flow->packet_counter < 5) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "line still not finished, search next packet\n"); - return; - } else { - /* stop parsing here */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP: PACKET DOES NOT HAVE A LINE STRUCTURE\n"); - http_bitmask_exclude(flow); - return; - } - } - // http://www.slideshare.net/DSPIP/rtsp-analysis-wireshark - if(packet->line[0].len >= 9 && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - check_content_type_and_change_protocol(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP START HTTP found in 2. packet, check host here...\n"); - /* HTTP found, look for host... */ - flow->l4.tcp.http_stage = 2; - - return; - } - } - } else { - /* We have received a response for a previously identified partial HTTP request */ - - if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { - /* - In apache if you do "GET /\n\n" the response comes without any header so we can assume that - this can be the case - */ - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - return; - } - - } - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n"); - http_bitmask_exclude(flow); - return; - - http_parse_detection: - if(flow->l4.tcp.http_setup_dir == 1 + packet->packet_direction) { - /* we have something like http here, so check for host and content type if possible */ - if(flow->l4.tcp.http_stage == 0 || flow->l4.tcp.http_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP RUN MAYBE NEXT GET/POST...\n"); - // parse packet - ndpi_parse_packet_line_info(ndpi_struct, flow); - /* check for url here */ - filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start != 0 && packet->parsed_lines > 1 && packet->line[0].len >= (9 + filename_start) - && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - packet->http_url_name.ptr = &packet->payload[filename_start]; - packet->http_url_name.len = packet->line[0].len - (filename_start + 9); - - packet->http_method.ptr = packet->line[0].ptr; - packet->http_method.len = filename_start - 1; - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "next http action, " - "resetting to http and search for other protocols later.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - } - check_content_type_and_change_protocol(ndpi_struct, flow); - /* HTTP found, look for host... */ - if(packet->host_line.ptr != NULL) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP RUN MAYBE NEXT HOST found, skipping all packets from this direction\n"); - /* aaahh, skip this direction and wait for a server reply here */ - flow->l4.tcp.http_stage = 2; - return; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP RUN MAYBE NEXT HOST NOT found, scanning one more packet from this direction\n"); - flow->l4.tcp.http_stage = 1; - } else if(flow->l4.tcp.http_stage == 1) { - // parse packet and maybe find a packet info with host ptr,... - ndpi_parse_packet_line_info(ndpi_struct, flow); - check_content_type_and_change_protocol(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP RUN second packet scanned\n"); - /* HTTP found, look for host... */ - flow->l4.tcp.http_stage = 2; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP skipping client packets after second packet\n"); - return; - } - /* server response */ - if(flow->l4.tcp.http_stage > 0) { - /* first packet from server direction, might have a content line */ - ndpi_parse_packet_line_info(ndpi_struct, flow); - check_content_type_and_change_protocol(ndpi_struct, flow); - - if(packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "empty line. check_http_payload.\n"); - check_http_payload(ndpi_struct, flow); - } - - if(flow->l4.tcp.http_stage == 2) { - flow->l4.tcp.http_stage = 3; - } else { - flow->l4.tcp.http_stage = 0; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP response first or second packet scanned,new stage is: %u\n", flow->l4.tcp.http_stage); - return; - } else { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response next packet skipped\n"); - } -} - /*************************************************************************************************/ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, @@ -771,10 +551,10 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start == 0) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Filename HTTP not found, we look for possible truncate flow...\n"); + if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response found (truncated flow ?)\n"); @@ -783,6 +563,24 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } + if((packet->payload_packet_len == 3) && memcmp(packet->payload, "HI\n", 3) == 0) { + /* This looks like Ookla: we don't give up with HTTP yet */ + flow->l4.tcp.http_stage = 1; + return; + } + + if((packet->payload_packet_len == 23) && (memcmp(packet->payload, "", 23) == 0)) { + /* + + + + + + */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; + } + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP\n"); http_bitmask_exclude(flow); return; @@ -817,6 +615,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct packet->http_method.ptr = packet->line[0].ptr; packet->http_method.len = filename_start - 1; + /* Check for Ookla */ + if((packet->referer_line.len > 0) + && strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); + return; + } + /* Check for additional field introduced by Steam */ int x = 1; if((memcmp(packet->line[x].ptr, "x-steam-sid", 11)) == 0) { @@ -824,7 +629,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct check_content_type_and_change_protocol(ndpi_struct, flow); return; } - + /* Check for additional field introduced by Facebook */ x = 1; while(packet->line[x].len != 0) { @@ -881,8 +686,8 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct check_content_type_and_change_protocol(ndpi_struct, flow); } - if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) /* nathan@getoffmalawn.com */ - { + if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) { + /* nathan@getoffmalawn.com */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_CONNECT Found.\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT); check_content_type_and_change_protocol(ndpi_struct, flow); @@ -892,14 +697,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct "HTTP START Found, we will look for sub-protocols (content and host)...\n"); if(packet->host_line.ptr != NULL) { - /** nDPI is pretty scrupulous about HTTP so it waits until the HTTP response is received just to check that it conforms with the HTTP specs. However this might be a waste of time as in 99.99% of the cases is like that. */ - + if(ndpi_struct->http_dont_dissect_response) { if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); @@ -911,7 +715,6 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } check_content_type_and_change_protocol(ndpi_struct, flow); - return; } } @@ -922,6 +725,16 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", flow->l4.tcp.http_stage); + + if(flow->l4.tcp.http_stage == 1) { + if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { + /* This looks like Ookla */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; + } else + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + } + /** At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return, otherwise check the second packet for the http request -- cgit v1.2.3 From 0390c8ccfb7f3908cd3867262d3121c461fea9e7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 1 Apr 2017 21:39:47 +0200 Subject: Added Ookla test pcap Updated results --- tests/pcap/ookla.pcap | Bin 0 -> 4862840 bytes tests/result/KakaoTalk_chat.pcap.out | 47 +++++++++++++++++++++++++++++++++++ tests/result/KakaoTalk_talk.pcap.out | 31 +++++++++++++++++++++++ tests/result/ookla.pcap.out | 4 +++ tests/result/quickplay.pcap.out | 26 +++++++++++++++++++ 5 files changed, 108 insertions(+) create mode 100644 tests/pcap/ookla.pcap create mode 100644 tests/result/ookla.pcap.out diff --git a/tests/pcap/ookla.pcap b/tests/pcap/ookla.pcap new file mode 100644 index 000000000..a5fb5f72a Binary files /dev/null and b/tests/pcap/ookla.pcap differ diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 8b1378917..fa510f8ba 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1 +1,48 @@ +DNS 2 217 1 +HTTP 1 56 1 +ICMP 1 147 1 +SSL 29 4579 3 +Facebook 215 51809 12 +Google 16 1031 3 +HTTP_Proxy 26 3926 1 +Amazon 2 181 1 +KakaoTalk 55 9990 15 + 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] + 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] + 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] + 4 TCP 10.24.82.188:34503 <-> 120.28.26.242:80 [proto: 7/HTTP][1 pkts/56 bytes] + 5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes] + 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] + 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] + 8 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] + 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] + 10 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] + 11 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] + 12 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] + 13 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] + 14 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] + 15 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] + 16 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] + 17 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] + 18 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 19 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] + 21 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] + 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] + 23 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] + 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] + 25 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] + 26 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] + 27 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] + 28 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] + 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] + 30 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] + 31 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] + 32 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 33 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] + 34 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] + 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] + 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] + 37 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] + 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 8b1378917..97b69377c 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1 +1,32 @@ +HTTP 5 280 1 +QQ 15 1727 1 +SSL_No_Cert 74 14132 2 +RTP 2991 398751 2 +SSL 5 1198 1 +Facebook 5 377 3 +Google 4 359 4 +HTTP_Proxy 16 1838 2 +Tor 40 10538 1 +Amazon 4 396 1 +KakaoTalk_Voice 44 6196 2 + 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] + 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] + 3 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes] + 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] + 5 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] + 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] + 7 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] + 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] + 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] + 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] + 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] + 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] + 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] + 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] + 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] + 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] + 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] + 18 UDP 1.201.1.174:23044 <-> 10.24.82.188:11320 [proto: 87/RTP][1503 pkts/200241 bytes] + 19 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 20 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out new file mode 100644 index 000000000..8064e5dfb --- /dev/null +++ b/tests/result/ookla.pcap.out @@ -0,0 +1,4 @@ +Ookla 5086 4689745 2 + + 1 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][20 pkts/4320 bytes] + 2 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][5066 pkts/4685425 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 8b1378917..277e25fc8 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1 +1,27 @@ +QQ 12 4781 5 +Facebook 6 1740 3 +Google 2 378 1 +Amazon 2 1469 1 +QuickPlay 133 96179 11 + 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] + 2 TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] + 3 TCP 120.28.35.40:80 <-> 10.54.169.250:52007 [proto: 7.196/HTTP.QuickPlay][4 pkts/2735 bytes][Host: vod-singtelhawk.quickplay.com] + 4 TCP 120.28.35.40:80 <-> 10.54.169.250:52009 [proto: 7.196/HTTP.QuickPlay][65 pkts/45902 bytes][Host: vod-singtelhawk.quickplay.com] + 5 TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] + 6 TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] + 7 TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] + 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.48/HTTP.QQ][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.48/HTTP.QQ][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] + 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] + 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] + 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] + 13 TCP 54.179.140.65:80 <-> 10.54.169.250:56381 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] + 14 TCP 120.28.5.41:80 <-> 10.54.169.250:44256 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] + 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] + 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] + 17 TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] + 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.48/HTTP.QQ][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] + 19 TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] + 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.48/HTTP.QQ][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.48/HTTP.QQ][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] -- cgit v1.2.3 From 0659f9b592cff1718ae1b74060a573f4cbe9a6d5 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Sun, 2 Apr 2017 11:17:57 +0200 Subject: Replace BSD dependent strnstr with ndpi portable one --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 61d59f856..0b734fa84 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -617,7 +617,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for Ookla */ if((packet->referer_line.len > 0) - && strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { + && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); return; } -- cgit v1.2.3 From e4ef2d81401bb45b88e4021bcf5bf13e280ba57e Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 4 Apr 2017 14:42:45 +0200 Subject: Improved Ookla protocol --- src/lib/ndpi_content_match.c.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 1ad13fbd2..2b7164932 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7961,6 +7961,7 @@ ndpi_protocol_match host_match[] = { { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From bc68949c769150c8a708505398168afa394ba27a Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 7 Apr 2017 08:05:39 +0200 Subject: Added AMQP (Advanced Message Queueing Protocol) --- src/include/ndpi_protocol_ids.h | 7 +--- src/include/ndpi_protocols.h | 1 + src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 9 ++++- src/lib/protocols/amqp.c | 83 ++++++++++++++++++++++++++++++++++++++++ tests/pcap/amqp.pcap | Bin 0 -> 26098 bytes tests/result/amqp.pcap.out | 5 +++ 7 files changed, 100 insertions(+), 6 deletions(-) create mode 100644 src/lib/protocols/amqp.c create mode 100644 tests/pcap/amqp.pcap create mode 100644 tests/result/amqp.pcap.out diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 5afa63c92..dfb39af8d 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -1,7 +1,7 @@ /* * ndpi_protocol_ids.h * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -228,10 +228,7 @@ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 #define NDPI_PROTOCOL_EAQ 190 #define NDPI_PROTOCOL_OOKLA 191 - -/* 192 is free */ -#define NDPI_PROTOCOL_FREE_192 192 - +#define NDPI_PROTOCOL_AMQP 192 #define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ #define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index edf4ca3dc..b3b4092b4 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -202,6 +202,7 @@ void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 987975c47..3770c9cfc 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -21,6 +21,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/applejuice.c \ protocols/armagetron.c \ protocols/ayiya.c \ + protocols/amqp.c \ protocols/battlefield.c \ protocols/bgp.c \ protocols/bittorrent.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2250928c4..9a2c5d7a5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1611,9 +1611,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP, + no_master, + no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); @@ -2687,6 +2691,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* BITTORRENT */ init_bittorrent_dissector(ndpi_struct, &a, detection_bitmask); + /* AMQP */ + init_amqp_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c new file mode 100644 index 000000000..72bbc0a38 --- /dev/null +++ b/src/lib/protocols/amqp.c @@ -0,0 +1,83 @@ +/* + * amqp.c + * + * Copyright (C) 2011-17 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_protocols.h" +#ifdef NDPI_PROTOCOL_AMQP + +PACK_ON +struct amqp_header { + u_int8_t ptype; + u_int16_t channel; + u_int32_t length; + u_int16_t class_id, method; +} PACK_OFF; + +static void ndpi_int_amqp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow/* , */ + /* ndpi_protocol_type_t protocol_type */) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMQP, NDPI_PROTOCOL_UNKNOWN); +} + +void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "search amqp. \n"); + + if (packet->tcp != NULL) { + if(packet->payload_packet_len > sizeof(struct amqp_header)) { + struct amqp_header *h = (struct amqp_header*)packet->payload; + + if(h->ptype <= 3) { + u_int32_t length = htonl(h->length); + + if(((length+8) >= packet->payload_packet_len) + && (length < 32768) /* Upper bound */) { + u_int16_t class_id = htons(h->class_id); + + if((class_id >= 10) /* Connection */ + && (class_id <= 110) /* Tunnel */) { + u_int16_t method = htons(h->method); + + if(method <= 120 /* Method basic NACK */) { + NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "found amqp over tcp. \n"); + ndpi_int_amqp_add_connection(ndpi_struct, flow); + return; + } + } + } + } + } + } +} + + +void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { + ndpi_set_bitmask_protocol_detection("AMQP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_AMQP, + ndpi_search_amqp, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif diff --git a/tests/pcap/amqp.pcap b/tests/pcap/amqp.pcap new file mode 100644 index 000000000..30633f1ed Binary files /dev/null and b/tests/pcap/amqp.pcap differ diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out new file mode 100644 index 000000000..200394193 --- /dev/null +++ b/tests/result/amqp.pcap.out @@ -0,0 +1,5 @@ +AMQP 160 23514 3 + + 1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][108 pkts/14423 bytes] + 2 TCP 127.0.0.1:44204 <-> 127.0.1.1:5672 [proto: 192/AMQP][22 pkts/5026 bytes] + 3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][30 pkts/4065 bytes] -- cgit v1.2.3 From eed3ba5d1e81680414dd8e28ccdad1567500ec2a Mon Sep 17 00:00:00 2001 From: Jasper van den Berg Date: Fri, 7 Apr 2017 11:47:44 +0200 Subject: unified HTTPDownload name with other HTTP protocols (as HTTP_Download) for consistency --- src/lib/ndpi_main.c | 30 +++++++++++++++--------------- tests/result/starcraft_battle.pcap.out | 4 ++-- tests/result/waze.pcap.out | 4 ++-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9a2c5d7a5..e2685908a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -187,7 +187,7 @@ static void ndpi_tdestroy_recurse(ndpi_node* root, void (*free_action)(void *)) void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) { ndpi_node *root = (ndpi_node *) vrootp; - + if(root != NULL) ndpi_tdestroy_recurse(root, freefct); } @@ -338,7 +338,7 @@ void ndpi_flow_free(void *ptr) { if(_ndpi_flow_free) _ndpi_flow_free(ptr); else void * ndpi_realloc(void *ptr, size_t old_size, size_t new_size) { void *ret = ndpi_malloc(new_size); - + if(!ret) return(ret); else { @@ -477,9 +477,9 @@ static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) { ndpi_default_ports_tree_node_t *fa = (ndpi_default_ports_tree_node_t*)a; ndpi_default_ports_tree_node_t *fb = (ndpi_default_ports_tree_node_t*)b; - + //printf("[NDPI] %s(%d, %d)\n", __FUNCTION__, fa->default_port, fb->default_port); - + return((fa->default_port == fb->default_port) ? 0 : ((fa->default_port < fb->default_port) ? -1 : 1)); } @@ -488,7 +488,7 @@ static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT which, const int depth) { ndpi_default_ports_tree_node_t *f = *(ndpi_default_ports_tree_node_t **)node; - + printf("<%d>Walk on node %s (%u)\n", depth, @@ -1016,7 +1016,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD, no_master, - no_master, "HTTPDownload", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, @@ -3281,8 +3281,8 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_payload[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_tcp_payload[a].func(ndpi_struct, flow); - - + + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ } @@ -3347,7 +3347,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(flow->protos.ssl.client_certificate[0] != '\0') { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN); - } else { + } else { if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) @@ -3485,9 +3485,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct /* guess protocol */ flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); - + if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { - + if(flow->packet.iph) { /* guess host protocol */ flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr); @@ -3496,7 +3496,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */ ret = ndpi_detection_giveup(ndpi_struct, flow); - + return(ret); } } else { @@ -3508,7 +3508,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } } } - + check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; @@ -4111,7 +4111,7 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, /* flow->packet.detected_protocol_stack[0] = flow->guessed_host_protocol_id; */ /* /\* master proto for packet *\/ */ /* flow->packet.detected_protocol_stack[1] = flow->guessed_protocol_id; */ - + /* } */ /* } */ @@ -4346,7 +4346,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct if(rc != NDPI_PROTOCOL_UNKNOWN) { ret.app_protocol = rc, ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); - + if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 2056ea4f4..97c178b41 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -1,7 +1,7 @@ DNS 26 2848 7 HTTP 271 160676 18 SSDP 11 4984 1 -HTTPDownload 179 134204 1 +HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 SSL 38 2548 11 @@ -40,7 +40,7 @@ Starcraft 236 51494 6 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] 30 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/121 bytes] - 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTPDownload][179 pkts/134204 bytes][Host: llnw.blizzard.com] + 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][179 pkts/134204 bytes][Host: llnw.blizzard.com] 32 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][6 pkts/475 bytes] 33 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net] 34 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index b74ec7a15..2d0d2f207 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -1,7 +1,7 @@ Unknown 10 786 1 HTTP 28 1572 7 NTP 2 180 1 -HTTPDownload 37 63205 1 +HTTP_Download 37 63205 1 SSL_No_Cert 13 2142 1 SSL 8 432 2 Waze 484 289335 19 @@ -27,7 +27,7 @@ WhatsApp 15 1341 1 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1328 bytes][Host: cres.waze.com] 19 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1323 bytes][Host: cres.waze.com] 20 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1319 bytes][Host: cres.waze.com] - 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTPDownload][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] + 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][13 pkts/2142 bytes] 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][4 pkts/216 bytes] 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][server: *.waze.com] -- cgit v1.2.3 From d8b2189cc30f675fba46b072d162dc5943b1c362 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 14 Apr 2017 00:07:46 +0200 Subject: Initial wireshark integration via extcap interface --- example/ndpiReader.c | 242 ++++++++++++++++++++++++++++++++++++++++++++++++--- example/ndpi_util.c | 42 ++++----- example/ndpi_util.h | 6 +- 3 files changed, 255 insertions(+), 35 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index dda137df9..0852777c8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -24,11 +24,11 @@ #endif #include #include +#include #ifdef WIN32 #include /* winsock.h is included automatically */ #include #include -#include #define getopt getopt____ #else #include @@ -81,6 +81,10 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +static pcap_dumper_t *extcap_dumper = NULL; +static char *extcap_capture_fifo = NULL; +static u_int16_t extcap_packet_filter = (u_int16_t)-1; + // struct associated to a workflow for a thread struct reader_thread { struct ndpi_workflow * workflow; @@ -104,8 +108,15 @@ typedef struct ndpi_id { u_int32_t current_ndpi_memory = 0, max_ndpi_memory = 0; -/********************** FUNCTIONS ********************* */ +void test_lib(); /* Forward */ + +/* ********************************** */ + +#ifdef DEBUG_TRACE +FILE *trace = NULL; +#endif +/********************** FUNCTIONS ********************* */ /** * @brief Set main components necessary to the detection @@ -142,6 +153,20 @@ static void help(u_int long_help) { " -h | This help\n" " -v <1|2> | Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose\n"); + #ifndef WIN32 + printf("\nExcap (wireshark) options:\n" + " --extcap-interfaces\n" + " --extcap-version\n" + " --extcap-dlts\n" + " --extcap-interface \n" + " --extcap-config\n" + " --capture\n" + " --extcap-capture-filter\n" + " --fifo \n" + " --debug\n" + ); + #endif + if(long_help) { printf("\n\nSupported protocols:\n"); num_threads = 1; @@ -152,28 +177,153 @@ static void help(u_int long_help) { } +static struct option longopts[] = { + /* mandatory extcap options */ + { "extcap-interfaces", no_argument, NULL, '0'}, + { "extcap-version", optional_argument, NULL, '1'}, + { "extcap-dlts", no_argument, NULL, '2'}, + { "extcap-interface", required_argument, NULL, '3'}, + { "extcap-config", no_argument, NULL, '4'}, + { "capture", no_argument, NULL, '5'}, + { "extcap-capture-filter", required_argument, NULL, '6'}, + { "fifo", required_argument, NULL, '7'}, + { "debug", optional_argument, NULL, '8'}, + { "ndpi-proto-filter", required_argument, NULL, '9'}, + + /* ndpiReader options */ + { "enable-protocol-guess", no_argument, NULL, 'd'}, + { "interface", required_argument, NULL, 'i'}, + { "filter", required_argument, NULL, 'f'}, + { "cpu-bind", required_argument, NULL, 'g'}, + { "loops", required_argument, NULL, 'l'}, + { "num-threads", required_argument, NULL, 'n'}, + + { "protos", required_argument, NULL, 'p'}, + { "capture-duration", required_argument, NULL, 's'}, + { "decode-tunnels", no_argument, NULL, 't'}, + { "revision", no_argument, NULL, 'r'}, + { "verbose", no_argument, NULL, 'v'}, + { "version", no_argument, NULL, 'V'}, + { "help", no_argument, NULL, 'h'}, + { "json", required_argument, NULL, 'j'}, + { "result-path", required_argument, NULL, 'w'}, + { "quiet", no_argument, NULL, 'q'}, + + {0, 0, 0, 0} +}; + +/* ********************************** */ + +void extcap_interfaces() { + printf("extcap {version=%s}\n", ndpi_revision()); + printf("interface {value=ndpi}{display=nDPI interface}\n"); + exit(0); +} + +/* ********************************** */ + +void extcap_dlts() { + u_int dlts_number = DLT_EN10MB; + printf("dlt {number=%u}{name=%s}{display=%s}\n", dlts_number, "ndpi", "nDPI interface"); + exit(0); +} + +/* ********************************** */ + +void extcap_config() { + int i, argidx = 0; + struct ndpi_detection_module_struct *ndpi_mod; + +#if 1 + printf("arg {number=%u}{call=-i}{display=Capture Interface Name}{type=string}" + "{tooltip=The interface name}\n", argidx++); +#else + + printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" + "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); +#endif + + printf("arg {number=%u}{call=-9}{display=nDPI Protocol}{type=selector}" + "{tooltip=nDPI Protocol to be filtered}\n", argidx); + + setupDetection(0, NULL); + ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; + + printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); + + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) + printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, i, + ndpi_mod->proto_defaults[i].protoName, i); + + exit(0); +} + +/* ********************************** */ + +void extcap_capture() { +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); +#endif + + if((extcap_dumper = pcap_dump_open(pcap_open_dead(DLT_EN10MB, 16384 /* MTU */), + extcap_capture_fifo)) == NULL) { + fprintf(stderr, "Unable to open the pcap dumper on %s", extcap_capture_fifo); + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Unable to open the pcap dumper on %s\n", + extcap_capture_fifo); +#endif + return; + } + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Starting packet capture [%p]\n", extcap_dumper); +#endif + + test_lib(); + pcap_dump_close(extcap_dumper); + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "End of packet capture [%p]\n", extcap_dumper); +#endif +} + +/* ********************************** */ + /** * @brief Option parser */ static void parseOptions(int argc, char **argv) { - + int option_idx = 0, do_capture = 0; char *__pcap_file = NULL, *bind_mask = NULL; int thread_id, opt; #ifdef linux u_int num_cores = sysconf(_SC_NPROCESSORS_ONLN); #endif - while ((opt = getopt(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q")) != EOF) { +#ifdef DEBUG_TRACE + trace = fopen("/tmp/ndpiReader.log", "a"); + + if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); +#endif + + while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:", longopts, &option_idx)) != EOF) { +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); +#endif + switch (opt) { case 'd': enable_protocol_guess = 0; break; case 'i': + case '3': _pcap_file[0] = optarg; break; case 'f': + case '6': _bpf_filter = optarg; break; @@ -240,12 +390,47 @@ static void parseOptions(int argc, char **argv) { quiet_mode = 1; break; + /* Extcap */ + case '0': + extcap_interfaces(); + break; + + case '1': + printf("extcap {version=%s}\n", ndpi_revision()); + break; + + case '2': + extcap_dlts(); + break; + + case '4': + extcap_config(); + break; + + case '5': + do_capture = 1; + break; + + case '7': + extcap_capture_fifo = strdup(optarg); + break; + + case '8': + nDPI_traceLevel = 9; + break; + + case '9': + extcap_packet_filter = atoi(optarg); + break; + default: help(0); break; } } + if(do_capture) extcap_capture(); + // check parameters if(_pcap_file[0] == NULL || strcmp(_pcap_file[0], "") == 0) { help(0); @@ -277,6 +462,10 @@ static void parseOptions(int argc, char **argv) { } } #endif + +#ifdef DEBUG_TRACE + if(trace) fclose(trace); +#endif } @@ -370,7 +559,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { ntohs(flow->upper_port)); if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); - + if(flow->detected_protocol.master_protocol) { char buf[64]; @@ -388,7 +577,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info); - + if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info); if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); @@ -1138,13 +1327,14 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi static void pcap_packet_callback_checked(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { - + struct ndpi_proto p; u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ uint8_t *packet_checked = malloc(header->caplen); + memcpy(packet_checked, packet, header->caplen); - ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); + p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); if((capture_until != 0) && (header->ts.tv_sec >= capture_until)) { if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) @@ -1182,6 +1372,25 @@ static void pcap_packet_callback_checked(u_char *args, } } +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Found %u bytes packet %u.%u\n", header->caplen, p.app_protocol, p.master_protocol); +#endif + + if(extcap_dumper + && ((extcap_packet_filter == (u_int16_t)-1) + || (p.app_protocol == extcap_packet_filter) + || (p.master_protocol == extcap_packet_filter) + ) + ) { + struct pcap_pkthdr *h = (struct pcap_pkthdr*)header; + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Dumping %u bytes packet\n", header->caplen); +#endif + // h->caplen += 8, h->len += 8; + pcap_dump((u_char*)extcap_dumper, h, packet); + } + /* check for buffer changes */ if(memcmp(packet, packet_checked, header->caplen) != 0) printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu]\n", @@ -1244,7 +1453,6 @@ void * processing_thread(void *_thread_id) { * @brief Begin, process, end detection process */ void test_lib() { - struct timeval begin, end; u_int64_t tot_usec; long thread_id; @@ -1253,8 +1461,18 @@ void test_lib() { json_init(); #endif +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Num threads: %d\n", num_threads); +#endif + for(thread_id = 0; thread_id < num_threads; thread_id++) { - pcap_t * cap = openPcapFileOrDevice(thread_id, (const u_char*)_pcap_file[thread_id]); + pcap_t *cap; + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Opening %s\n", (const u_char*)_pcap_file[thread_id]); +#endif + + cap = openPcapFileOrDevice(thread_id, (const u_char*)_pcap_file[thread_id]); setupDetection(thread_id, cap); } @@ -1275,9 +1493,9 @@ void test_lib() { printResults(tot_usec); for(thread_id = 0; thread_id < num_threads; thread_id++) { - if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) { + if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) pcap_close(ndpi_thread_info[thread_id].workflow->pcap_handle); - } + terminateDetection(thread_id); } } diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d2f002270..60dc94230 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -502,13 +502,13 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl @Note: ipsize = header->len - ip_offset ; rawsize = header->len */ -static unsigned int packet_processing(struct ndpi_workflow * workflow, - const u_int64_t time, - u_int16_t vlan_id, - const struct ndpi_iphdr *iph, - struct ndpi_ipv6hdr *iph6, - u_int16_t ip_offset, - u_int16_t ipsize, u_int16_t rawsize) { +static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, + const u_int64_t time, + u_int16_t vlan_id, + const struct ndpi_iphdr *iph, + struct ndpi_ipv6hdr *iph6, + u_int16_t ip_offset, + u_int16_t ipsize, u_int16_t rawsize) { struct ndpi_id_struct *src, *dst; struct ndpi_flow_info *flow = NULL; struct ndpi_flow_struct *ndpi_flow = NULL; @@ -540,11 +540,11 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, flow->packets++, flow->bytes += rawsize; flow->last_seen = time; } else { - return(0); + return(flow->detected_protocol); } /* Protocol already detected */ - if(flow->detection_completed) return(0); + if(flow->detection_completed) return(flow->detected_protocol); flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, iph ? (uint8_t *)iph : (uint8_t *)iph6, @@ -565,14 +565,14 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } process_ndpi_collected_info(workflow, flow); - return 0; + return(flow->detected_protocol); } /* ****************************************************** */ -void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, - const struct pcap_pkthdr *header, - const u_char *packet) { +struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, + const struct pcap_pkthdr *header, + const u_char *packet) { /* * Declare pointers to packet headers */ @@ -597,6 +597,8 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /** --- IPv6 header --- **/ struct ndpi_ipv6hdr *iph6; + struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + /* lengths and offsets */ u_int16_t eth_offset = 0; u_int16_t radio_len; @@ -691,7 +693,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* Check Bad FCS presence */ if((radiotap->flags & BAD_FCS) == BAD_FCS) { workflow->stats.total_discarded_bytes += header->len; - return; + return(nproto); } /* Calculate 802.11 header length (variable) */ @@ -721,7 +723,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, default: /* printf("Unknown datalink %d\n", datalink_type); */ - return; + return(nproto); } /* check ether type */ @@ -802,7 +804,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, } workflow->stats.total_discarded_bytes += header->len; - return; + return(nproto); } } else if(iph->version == 6) { iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; @@ -827,7 +829,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, ipv4_warning_used = 1; } workflow->stats.total_discarded_bytes += header->len; - return; + return(nproto); } if(workflow->prefs.decode_tunnels && (proto == IPPROTO_UDP)) { @@ -886,7 +888,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, offset += tag_len; if(offset >= header->caplen) - return; /* Invalid packet */ + return(nproto); /* Invalid packet */ else { eth_offset = offset; goto datalink_check; @@ -897,6 +899,6 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, } /* process the packet */ - packet_processing(workflow, time, vlan_id, iph, iph6, - ip_offset, header->len - ip_offset, header->len); + return(packet_processing(workflow, time, vlan_id, iph, iph6, + ip_offset, header->len - ip_offset, header->len)); } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 1c092cbfa..4895cdcb1 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -138,9 +138,9 @@ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow); /* Process a packet and update the workflow */ -void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, - const struct pcap_pkthdr *header, - const u_char *packet); +struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, + const struct pcap_pkthdr *header, + const u_char *packet); /* flow callbacks for complete detected flow -- cgit v1.2.3 From 29cd6ef9942188633b79b5c1fe62360f048a6450 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 00:29:53 +0200 Subject: fix segmentation fault caused by missing spanning tree check - add control for threads return values --- example/ndpiReader.c | 32 +++++++++++++++++++++++++------- example/ndpi_util.c | 13 ++++++++++--- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 0852777c8..3df43a9fe 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1331,7 +1331,7 @@ static void pcap_packet_callback_checked(u_char *args, u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ - uint8_t *packet_checked = malloc(header->caplen); + uint8_t *packet_checked = malloc(header->caplen); /* HEAP OVERFLOW !!! */ memcpy(packet_checked, packet, header->caplen); p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); @@ -1478,14 +1478,32 @@ void test_lib() { gettimeofday(&begin, NULL); - /* Running processing threads */ - for(thread_id = 0; thread_id < num_threads; thread_id++) - pthread_create(&ndpi_thread_info[thread_id].pthread, NULL, processing_thread, (void *) thread_id); + int status; + void * thd_res; + /* Running processing threads */ + for(thread_id = 0; thread_id < num_threads; thread_id++) { + status = pthread_create(&ndpi_thread_info[thread_id].pthread, NULL, processing_thread, (void *) thread_id); + /* check pthreade_create return value */ + if(status != 0) { + fprintf(stderr, "error on create %ld thread\n", thread_id); + exit(-1); + } + } /* Waiting for completion */ - for(thread_id = 0; thread_id < num_threads; thread_id++) - pthread_join(ndpi_thread_info[thread_id].pthread, NULL); - + for(thread_id = 0; thread_id < num_threads; thread_id++) { + status = pthread_join(ndpi_thread_info[thread_id].pthread, thd_res); + /* check pthreade_join return value */ + if(status != 0) { + fprintf(stderr, "error on join %ld thread\n", thread_id); + exit(-1); + } + if(thd_res != NULL) { + fprintf(stderr, "error on returned value of %ld joined thread\n", thread_id); + exit(-1); + } + } + gettimeofday(&end, NULL); tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 60dc94230..a5d9d300d 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -48,6 +48,7 @@ #define MPLS_MULTI 0x8848 #define PPPoE 0x8864 #define SNAP 0xaa +#define BSTP 0x42 /* Bridge Spanning Tree Protocol */ /* mask for FCF */ #define WIFI_DATA 0x2 /* 0000 0010 */ @@ -286,8 +287,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len); *payload = &l4[tcp_len]; *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); - } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { + // udp + } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { + workflow->stats.udp_count++; *udph = (struct ndpi_udphdr *)l4; @@ -670,12 +673,16 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = check; if(pyld_eth_len != 0) { + llc = (struct ndpi_llc_header *)(&packet[ip_offset]); /* check for LLC layer with SNAP extension */ - if(packet[ip_offset] == SNAP) { - llc = (struct ndpi_llc_header *)(&packet[ip_offset]); + if(llc->dsap == SNAP || llc->ssap == SNAP) { +#define SNAP_EXT type = llc->snap.proto_ID; ip_offset += + 8; } + else if(llc->dsap == BSTP || llc->ssap == BSTP) { + goto v4_warning; + } } break; -- cgit v1.2.3 From 2b0809f3dc297289f9413db4dde2eaa109a3603e Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 00:40:01 +0200 Subject: name correction for llc_snap header and minor fix --- example/ndpiReader.c | 2 +- example/ndpi_util.c | 10 +++++----- src/include/ndpi_typedefs.h | 4 +--- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 3df43a9fe..b32650871 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1331,7 +1331,7 @@ static void pcap_packet_callback_checked(u_char *args, u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ - uint8_t *packet_checked = malloc(header->caplen); /* HEAP OVERFLOW !!! */ + uint8_t *packet_checked = malloc(header->caplen); memcpy(packet_checked, packet, header->caplen); p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index a5d9d300d..8fe80111a 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -582,7 +582,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* --- Ethernet header --- */ const struct ndpi_ethhdr *ethernet; /* --- LLC header --- */ - const struct ndpi_llc_header *llc; + const struct ndpi_llc_header_snap *llc; /* --- Cisco HDLC header --- */ const struct ndpi_chdlc *chdlc; @@ -673,13 +673,13 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = check; if(pyld_eth_len != 0) { - llc = (struct ndpi_llc_header *)(&packet[ip_offset]); + llc = (struct ndpi_llc_header_snap *)(&packet[ip_offset]); /* check for LLC layer with SNAP extension */ if(llc->dsap == SNAP || llc->ssap == SNAP) { -#define SNAP_EXT type = llc->snap.proto_ID; ip_offset += + 8; } + /* No SNAP extension - Spanning Tree pkt must be discarted */ else if(llc->dsap == BSTP || llc->ssap == BSTP) { goto v4_warning; } @@ -716,12 +716,12 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* Check ether_type from LLC */ - llc = (struct ndpi_llc_header*)(packet + eth_offset + wifi_len + radio_len); + llc = (struct ndpi_llc_header_snap*)(packet + eth_offset + wifi_len + radio_len); if(llc->dsap == SNAP) type = ntohs(llc->snap.proto_ID); /* Set IP header offset */ - ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header) + eth_offset; + ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header_snap) + eth_offset; break; case DLT_RAW: diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 490098086..e1fbeb71c 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -138,14 +138,12 @@ struct ndpi_snap_extension } PACK_OFF; PACK_ON -struct ndpi_llc_header +struct ndpi_llc_header_snap { u_int8_t dsap; u_int8_t ssap; u_int8_t ctrl; -#ifdef SNAP_EXT struct ndpi_snap_extension snap; -#endif } PACK_OFF; /* ++++++++++ RADIO TAP header (for IEEE 802.11) +++++++++++++ */ -- cgit v1.2.3 From b97e3ee51a9a17b837a2ed8c30e5ddabbf2d7140 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 11:23:03 +0200 Subject: add initial detection for WeChat --- src/include/ndpi_protocol_ids.h | 54 ++++++++++++++++++++-------------------- src/lib/ndpi_content_match.c.inc | 18 +++++--------- src/lib/ndpi_main.c | 1 - 3 files changed, 33 insertions(+), 40 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index dfb39af8d..2c318b341 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -224,46 +224,46 @@ #define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ #define NDPI_PROTOCOL_VEVO 186 #define NDPI_PROTOCOL_PANDORA 187 -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ +#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_OOKLA 191 -#define NDPI_PROTOCOL_AMQP 192 +#define NDPI_PROTOCOL_EAQ 190 +#define NDPI_PROTOCOL_OOKLA 191 +#define NDPI_PROTOCOL_AMQP 192 #define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ +#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ #define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ /* 197 is free */ -#define NDPI_PROTOCOL_FREE_197 197 +#define NDPI_PROTOCOL_WECHAT 197 -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_PROTOCOL_SNAPCHAT 199 -#define NDPI_PROTOCOL_SINA 200 -#define NDPI_PROTOCOL_HANGOUT 201 -#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ -#define NDPI_PROTOCOL_GITHUB 203 -#define NDPI_PROTOCOL_BJNP 204 -#define NDPI_PROTOCOL_1KXUN 205 -#define NDPI_PROTOCOL_IQIYI 206 -#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ +#define NDPI_PROTOCOL_MPEGTS 198 +#define NDPI_PROTOCOL_SNAPCHAT 199 +#define NDPI_PROTOCOL_SINA 200 +#define NDPI_PROTOCOL_HANGOUT 201 +#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ +#define NDPI_PROTOCOL_GITHUB 203 +#define NDPI_PROTOCOL_BJNP 204 +#define NDPI_PROTOCOL_1KXUN 205 +#define NDPI_PROTOCOL_IQIYI 206 +#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ /* 208 - 209 free */ -#define NDPI_PROTOCOL_FREE_208 208 -#define NDPI_PROTOCOL_FREE_209 209 +#define NDPI_PROTOCOL_FREE_208 208 +#define NDPI_PROTOCOL_FREE_209 209 -#define NDPI_PROTOCOL_DEEZER 210 +#define NDPI_PROTOCOL_DEEZER 210 #define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ #define NDPI_PROTOCOL_MICROSOFT 212 #define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ -#define NDPI_PROTOCOL_TEREDO 214 +#define NDPI_PROTOCOL_TEREDO 214 #define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 -#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ +#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ /* 217 is free */ -#define NDPI_PROTOCOL_FREE_217 217 +#define NDPI_PROTOCOL_FREE_217 217 -#define NDPI_PROTOCOL_OCS 218 +#define NDPI_PROTOCOL_OCS 218 #define NDPI_PROTOCOL_OFFICE_365 219 #define NDPI_PROTOCOL_CLOUDFLARE 220 #define NDPI_PROTOCOL_MS_ONE_DRIVE 221 @@ -271,11 +271,11 @@ #define NDPI_PROTOCOL_RX 223 /* 224 is free */ -#define NDPI_PROTOCOL_FREE_224 224 +#define NDPI_PROTOCOL_FREE_224 224 -#define NDPI_PROTOCOL_OPENDNS 225 -#define NDPI_PROTOCOL_GIT 226 -#define NDPI_PROTOCOL_DRDA 227 +#define NDPI_PROTOCOL_OPENDNS 225 +#define NDPI_PROTOCOL_GIT 226 +#define NDPI_PROTOCOL_DRDA 227 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DRDA diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 2b7164932..df3426129 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8083,16 +8083,6 @@ ndpi_protocol_match host_match[] = { { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, -#if 0 - /* The lines below are not just for Office 365 so they cannot be used for this purpose */ - { ".verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcb.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcd.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".verisign.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".geotrust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".entrust.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".public-trust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, -#endif /* http://www.urlquery.net/report.php?id=1453233646161 */ { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8123,16 +8113,20 @@ ndpi_protocol_match host_match[] = { { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".steamcontent.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e2685908a..b07557b5a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1618,7 +1618,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); -- cgit v1.2.3 From 3a21152f4c7b1783a0cd6671af405d0014cf9b4b Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 21:18:50 +0200 Subject: improved wechat detection --- src/lib/ndpi_content_match.c.inc | 21 +++++- tests/pcap/wechat.pcap | Bin 0 -> 694086 bytes tests/result/KakaoTalk_talk.pcap.out | 4 +- tests/result/quickplay.pcap.out | 12 ++-- tests/result/wechat.pcap.out | 120 +++++++++++++++++++++++++++++++++++ 5 files changed, 147 insertions(+), 10 deletions(-) create mode 100644 tests/pcap/wechat.pcap create mode 100644 tests/result/wechat.pcap.out diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index df3426129..d9ceb77a4 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -79,6 +79,17 @@ static ndpi_network host_protocol_list[] = { { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + /* + WeChat + 203.205.147.171 + 203.205.147.173 + 203.205.151.162 + */ + + { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT }, + /* OpenDNS, LLC origin AS36692, AS30607 @@ -8126,8 +8137,14 @@ ndpi_protocol_match host_match[] = { { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - + { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechatapp.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".we.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { NULL, 0 } }; diff --git a/tests/pcap/wechat.pcap b/tests/pcap/wechat.pcap new file mode 100644 index 000000000..f731d9925 Binary files /dev/null and b/tests/pcap/wechat.pcap differ diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 97b69377c..96d39ede2 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,5 +1,4 @@ HTTP 5 280 1 -QQ 15 1727 1 SSL_No_Cert 74 14132 2 RTP 2991 398751 2 SSL 5 1198 1 @@ -9,6 +8,7 @@ HTTP_Proxy 16 1838 2 Tor 40 10538 1 Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 +WeChat 15 1727 1 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] @@ -23,7 +23,7 @@ KakaoTalk_Voice 44 6196 2 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] - 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] + 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 277e25fc8..8c6781221 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,8 +1,8 @@ -QQ 12 4781 5 Facebook 6 1740 3 Google 2 378 1 Amazon 2 1469 1 QuickPlay 133 96179 11 +WeChat 12 4781 5 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] 2 TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] @@ -11,8 +11,8 @@ QuickPlay 133 96179 11 5 TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] 6 TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] 7 TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.48/HTTP.QQ][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.48/HTTP.QQ][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] + 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.197/HTTP.WeChat][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.197/HTTP.WeChat][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] @@ -21,7 +21,7 @@ QuickPlay 133 96179 11 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] 17 TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.48/HTTP.QQ][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] + 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.197/HTTP.WeChat][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] 19 TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.48/HTTP.QQ][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.48/HTTP.QQ][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] + 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.197/HTTP.WeChat][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.197/HTTP.WeChat][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out new file mode 100644 index 000000000..b81a52377 --- /dev/null +++ b/tests/result/wechat.pcap.out @@ -0,0 +1,120 @@ +Unknown 1 110 1 +DNS 6 494 3 +HTTP 70 4620 8 +MDNS 116 10672 4 +NTP 1 90 1 +NetBIOS 12 1579 2 +DHCP 1 342 1 +IGMP 24 1280 4 +SSL 21 1209 3 +ICMPV6 3 218 2 +Google 128 29925 17 +LLMNR 12 944 6 +WeChat 1277 615827 51 + + 1 UDP 192.168.1.103:33915 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][8 pkts/469 bytes] + 3 UDP 192.168.1.103:41759 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 2.debian.pool.ntp.org] + 4 UDP 192.168.1.103:42589 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes][Host: ssl.gstatic.com] + 5 UDP 192.168.1.103:43317 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 6 UDP 192.168.1.103:43705 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes][Host: webpush.web.wechat.com.lan] + 7 TCP 203.205.158.34:443 <-> 192.168.1.103:43850 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com] + 8 UDP 192.168.1.103:44063 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 1.debian.pool.ntp.org] + 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes] + 10 TCP 172.217.23.78:443 <-> 192.168.1.103:53220 [proto: 91.126/SSL.Google][8 pkts/583 bytes] + 11 TCP 216.58.205.78:443 <-> 192.168.1.103:47627 [proto: 91.126/SSL.Google][7 pkts/517 bytes] + 12 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][6 pkts/396 bytes] + 13 UDP 192.168.1.103:53515 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] + 14 TCP 192.168.1.103:54084 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes] + 15 TCP 192.168.1.103:54058 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes] + 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] + 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/11506 bytes][client: web.wechat.com] + 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][40 pkts/18455 bytes][client: web.wechat.com] + 19 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] + 20 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/15082 bytes][client: web.wechat.com] + 21 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][27 pkts/10532 bytes][client: web.wechat.com] + 22 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][28 pkts/18041 bytes][client: web.wechat.com] + 23 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] + 24 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 25 TCP 192.168.1.103:54106 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 26 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] + 27 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] + 28 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4735 bytes][client: web.wechat.com] + 29 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com] + 30 UDP 192.168.1.103:56367 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] + 31 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][26 pkts/11518 bytes][client: web.wechat.com] + 32 UDP 192.168.1.103:58165 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 33 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][59 pkts/29728 bytes][client: web.wechat.com] + 34 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][49 pkts/24468 bytes][client: web.wechat.com] + 35 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][22 pkts/9520 bytes][client: web.wechat.com] + 36 TCP 192.168.1.103:58226 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes] + 37 UDP 192.168.1.103:59567 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes][Host: ssl.gstatic.com.lan] + 38 TCP 192.168.1.103:58143 <-> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes] + 39 UDP 216.58.198.46:443 <-> 192.168.1.103:57591 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com] + 40 UDP 192.168.1.100:57401 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: mcztmpkc] + 41 TCP 95.101.34.33:80 <-> 192.168.1.103:34996 [proto: 7/HTTP][9 pkts/594 bytes] + 42 TCP 95.101.34.33:80 <-> 192.168.1.103:35000 [proto: 7/HTTP][9 pkts/594 bytes] + 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes] + 44 TCP 192.168.1.103:54205 <-> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] + 46 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50440 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] + 47 TCP 192.168.1.103:52020 <-> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes] + 48 UDP 172.217.23.67:443 <-> 192.168.1.103:35601 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] + 49 TCP 172.217.22.14:443 <-> 192.168.1.103:38657 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com] + 50 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: iphonedimonica] + 51 UDP 192.168.1.103:37578 <-> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes] + 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes] + 53 UDP 192.168.1.103:42074 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes][Host: ssl.gstatic.com.lan] + 54 UDP 192.168.1.103:42856 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes][Host: 1.debian.pool.ntp.org.lan] + 55 ICMPV6 [::]:0 <-> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes] + 56 TCP 203.205.158.34:443 <-> 192.168.1.103:43851 [proto: 91/SSL][9 pkts/524 bytes] + 57 UDP 192.168.1.103:44346 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] + 58 UDP 192.168.1.103:45366 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] + 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] + 60 UDP 172.217.23.67:443 <-> 192.168.1.103:51507 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com] + 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/366 bytes][Host: safebrowsing.googleusercontent.com] + 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][3 pkts/198 bytes] + 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][41 pkts/26587 bytes][client: web.wechat.com] + 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4537 bytes][client: web.wechat.com] + 65 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes] + 66 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][39 pkts/25723 bytes][client: web.wechat.com] + 67 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][44 pkts/19995 bytes][client: web.wechat.com] + 68 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][54 pkts/36453 bytes][client: web.wechat.com] + 69 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][86 pkts/65999 bytes][client: web.wechat.com] + 70 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][96 pkts/63642 bytes][client: web.wechat.com] + 71 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 72 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/9761 bytes][client: web.wechat.com] + 73 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][73 pkts/44045 bytes][client: web.wechat.com] + 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][36 pkts/14963 bytes][client: web.wechat.com] + 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/30965 bytes][client: web.wechat.com] + 76 TCP 192.168.1.103:54183 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes] + 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/302 bytes][Host: docs.google.com] + 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes] + 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][17 pkts/1146 bytes] + 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com] + 81 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/354 bytes] + 82 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/465 bytes][Host: web.wechat.com] + 83 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] + 84 UDP 192.168.1.100:49832 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: cansaqcq] + 85 UDP 192.168.1.100:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes] + 86 UDP 192.168.1.100:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes] + 87 UDP 192.168.1.100:54124 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: lbjamwptxz] + 88 IGMP 224.0.0.1:0 <-> 192.168.1.254:0 [proto: 82/IGMP][4 pkts/200 bytes] + 89 IGMP 224.0.0.22:0 <-> 192.168.1.100:0 [proto: 82/IGMP][15 pkts/810 bytes] + 90 IGMP 224.0.0.22:0 <-> 192.168.1.103:0 [proto: 82/IGMP][4 pkts/216 bytes] + 91 IGMP 224.0.0.22:0 <-> 192.168.1.108:0 [proto: 82/IGMP][1 pkts/54 bytes] + 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][20 pkts/1320 bytes] + 93 TCP 95.101.34.33:80 <-> 192.168.1.103:34999 [proto: 7/HTTP][9 pkts/594 bytes] + 94 TCP 95.101.34.33:80 <-> 192.168.1.103:34981 [proto: 7/HTTP][9 pkts/594 bytes] + 95 TCP 95.101.34.34:80 <-> 192.168.1.103:39207 [proto: 7/HTTP][9 pkts/594 bytes] + 96 TCP 95.101.34.34:80 <-> 192.168.1.103:39195 [proto: 7/HTTP][8 pkts/528 bytes] + 97 TCP 95.101.34.34:80 <-> 192.168.1.103:39231 [proto: 7/HTTP][9 pkts/594 bytes] + 98 UDP 192.168.1.103:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes] + 99 UDP 192.168.1.100:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes] + 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/610 bytes][Host: res.wx.qq.com] + 101 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:49195 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] + 102 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50577 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] + + +Undetected flows: + 1 0 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::16]:0 [proto: 0/Unknown][1 pkts/110 bytes] -- cgit v1.2.3 From 4c5de9ef8e9e14289ce9024349390fe06b59c769 Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 17 Apr 2017 09:38:30 +0200 Subject: Added ethernet checksum reforging and nDPI protocol export in nDPI-extcap reader --- example/ndpiReader.c | 26 +++++++++++++++++++++----- example/ndpi_util.c | 40 ++++++++++++++++++++++++++++++++++++++++ example/ndpi_util.h | 2 +- 3 files changed, 62 insertions(+), 6 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index b32650871..9eab4500f 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -81,7 +81,13 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +struct ndpi_packet_trailer { + u_int32_t magic; /* 0x19682017 */ + u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; +}; + static pcap_dumper_t *extcap_dumper = NULL; +static char extcap_buf[2048]; static char *extcap_capture_fifo = NULL; static u_int16_t extcap_packet_filter = (u_int16_t)-1; @@ -422,7 +428,7 @@ static void parseOptions(int argc, char **argv) { case '9': extcap_packet_filter = atoi(optarg); break; - + default: help(0); break; @@ -1383,12 +1389,22 @@ static void pcap_packet_callback_checked(u_char *args, ) ) { struct pcap_pkthdr *h = (struct pcap_pkthdr*)header; - + uint32_t *crc, delta = sizeof(struct ndpi_packet_trailer) + 4 /* ethernet trailer */; + struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; + + memcpy(extcap_buf, packet, h->caplen); + trailer->magic = 0x19682017; + trailer->master_protocol = p.master_protocol, trailer->app_protocol = p.app_protocol; + crc = (uint32_t*)&extcap_buf[h->caplen+sizeof(struct ndpi_packet_trailer)]; + *crc = 0; + ethernet_crc32((const void*)extcap_buf, h->caplen+sizeof(struct ndpi_packet_trailer), crc); + h->caplen += delta, h->len += delta; + #ifdef DEBUG_TRACE if(trace) fprintf(trace, "Dumping %u bytes packet\n", header->caplen); #endif - // h->caplen += 8, h->len += 8; - pcap_dump((u_char*)extcap_dumper, h, packet); + + pcap_dump((u_char*)extcap_dumper, h, (const u_char *)extcap_buf); } /* check for buffer changes */ @@ -1503,7 +1519,7 @@ void test_lib() { exit(-1); } } - + gettimeofday(&end, NULL); tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 8fe80111a..cd3c8a1e3 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -909,3 +909,43 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, return(packet_processing(workflow, time, vlan_id, iph, iph6, ip_offset, header->len - ip_offset, header->len)); } + +/* ********************************************************** */ +/* http://home.thep.lu.se/~bjorn/crc/crc32_fast.c */ +/* ********************************************************** */ + +static uint32_t crc32_for_byte(uint32_t r) { + for(int j = 0; j < 8; ++j) + r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; + return r ^ (uint32_t)0xFF000000L; +} + +/* Any unsigned integer type with at least 32 bits may be used as + * accumulator type for fast crc32-calulation, but unsigned long is + * probably the optimal choice for most systems. */ +typedef unsigned long accum_t; + +static void init_tables(uint32_t* table, uint32_t* wtable) { + for(size_t i = 0; i < 0x100; ++i) + table[i] = crc32_for_byte(i); + for(size_t k = 0; k < sizeof(accum_t); ++k) + for(size_t w, i = 0; i < 0x100; ++i) { + for(size_t j = w = 0; j < sizeof(accum_t); ++j) + w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; + wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); + } +} + +void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { + static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; + size_t n_accum = n_bytes/sizeof(accum_t); + if(!*table) + init_tables(table, wtable); + for(size_t i = 0; i < n_accum; ++i) { + accum_t a = *crc ^ ((accum_t*)data)[i]; + for(size_t j = *crc = 0; j < sizeof(accum_t); ++j) + *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; + } + for(size_t i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; +} diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 4895cdcb1..a8e21d673 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -160,5 +160,5 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow * /* compare two nodes in workflow */ int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); - +void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc); #endif -- cgit v1.2.3 From c1db9a830d84281c146d9628c10620d7425ee009 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 18 Apr 2017 17:20:43 +0200 Subject: Compilation fix for old compilers --- example/ndpi_util.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index cd3c8a1e3..783f05c86 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -915,7 +915,9 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* ********************************************************** */ static uint32_t crc32_for_byte(uint32_t r) { - for(int j = 0; j < 8; ++j) + int j; + + for(j = 0; j < 8; ++j) r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; return r ^ (uint32_t)0xFF000000L; } @@ -926,11 +928,13 @@ static uint32_t crc32_for_byte(uint32_t r) { typedef unsigned long accum_t; static void init_tables(uint32_t* table, uint32_t* wtable) { - for(size_t i = 0; i < 0x100; ++i) + size_t i, k, w, j; + + for(i = 0; i < 0x100; ++i) table[i] = crc32_for_byte(i); - for(size_t k = 0; k < sizeof(accum_t); ++k) - for(size_t w, i = 0; i < 0x100; ++i) { - for(size_t j = w = 0; j < sizeof(accum_t); ++j) + for(k = 0; k < sizeof(accum_t); ++k) + for(i = 0; i < 0x100; ++i) { + for(j = w = 0; j < sizeof(accum_t); ++j) w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); } @@ -939,13 +943,16 @@ static void init_tables(uint32_t* table, uint32_t* wtable) { void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; size_t n_accum = n_bytes/sizeof(accum_t); + size_t i, k, j; + if(!*table) init_tables(table, wtable); - for(size_t i = 0; i < n_accum; ++i) { + for(i = 0; i < n_accum; ++i) { accum_t a = *crc ^ ((accum_t*)data)[i]; - for(size_t j = *crc = 0; j < sizeof(accum_t); ++j) + for(j = *crc = 0; j < sizeof(accum_t); ++j) *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; } - for(size_t i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + + for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; } -- cgit v1.2.3 From 56b6c7ed93b7fbdc1963200c208437c16fe5437f Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 19 Apr 2017 09:50:54 +0200 Subject: Fixed thread crash caused by commit 29cd6ef9942188633b79b5c1fe62360f048a6450 --- example/ndpiReader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9eab4500f..b0b21b2b3 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1508,7 +1508,7 @@ void test_lib() { } /* Waiting for completion */ for(thread_id = 0; thread_id < num_threads; thread_id++) { - status = pthread_join(ndpi_thread_info[thread_id].pthread, thd_res); + status = pthread_join(ndpi_thread_info[thread_id].pthread, &thd_res); /* check pthreade_join return value */ if(status != 0) { fprintf(stderr, "error on join %ld thread\n", thread_id); -- cgit v1.2.3 From 45582194cf0fa64160530e8dac1e6fb4410e95a2 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 19 Apr 2017 09:56:51 +0200 Subject: Added DNScrypt detection --- src/include/ndpi_protocol_ids.h | 7 +++---- src/lib/ndpi_content_match.c.inc | 4 +++- src/lib/ndpi_main.c | 10 +++++++--- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 2c318b341..726736a06 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -233,8 +233,6 @@ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ #define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ #define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ - -/* 197 is free */ #define NDPI_PROTOCOL_WECHAT 197 #define NDPI_PROTOCOL_MPEGTS 198 @@ -248,8 +246,9 @@ #define NDPI_PROTOCOL_IQIYI 206 #define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ -/* 208 - 209 free */ -#define NDPI_PROTOCOL_FREE_208 208 +#define NDPI_PROTOCOL_DNSCRYPT 208 + +/* 209 free */ #define NDPI_PROTOCOL_FREE_209 209 #define NDPI_PROTOCOL_DEEZER 210 diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d9ceb77a4..6bf18ffbc 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8144,7 +8144,7 @@ ndpi_protocol_match host_match[] = { { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - + { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; @@ -8217,6 +8217,8 @@ ndpi_protocol_match content_match[] = { - www.qbtxzhetq4s2f.com - www.fgd2iwya7vinfutj5wq5we.net + See also DGA (Domain Generation Algorithm) + In essence www..com|net To do things properly we should check if host name in the certificate diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b07557b5a..5e864383a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1616,9 +1616,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - - /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNSCRYPT, + no_master, + no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + +/* To be removed as soon as we define new protocols */ ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); -- cgit v1.2.3 From cbc08f7e5045c3b0f49eccc1e071663e163bbf91 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 19 Apr 2017 09:58:35 +0200 Subject: Added DNScrypt test files --- tests/pcap/dnscrypt.pcap | Bin 0 -> 46476 bytes tests/result/dnscrypt.pcap.out | 6 ++++++ 2 files changed, 6 insertions(+) create mode 100644 tests/pcap/dnscrypt.pcap create mode 100644 tests/result/dnscrypt.pcap.out diff --git a/tests/pcap/dnscrypt.pcap b/tests/pcap/dnscrypt.pcap new file mode 100644 index 000000000..44c588705 Binary files /dev/null and b/tests/pcap/dnscrypt.pcap differ diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out new file mode 100644 index 000000000..db567cb70 --- /dev/null +++ b/tests/result/dnscrypt.pcap.out @@ -0,0 +1,6 @@ +DNScrypt 111 44676 4 + + 1 TCP 134.119.26.24:443 <-> 192.168.43.167:50258 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] + 2 TCP 134.119.26.24:443 <-> 192.168.43.167:50233 [proto: 91.208/SSL.DNScrypt][39 pkts/16368 bytes][client: simplednscrypt.org] + 3 TCP 134.119.26.24:443 <-> 192.168.43.167:50253 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] + 4 TCP 134.119.26.24:443 <-> 192.168.43.167:50259 [proto: 91.208/SSL.DNScrypt][36 pkts/11278 bytes][client: simplednscrypt.org] -- cgit v1.2.3 From a9c01ded174ed380a2d135cfb9b903f616b0e175 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 19 Apr 2017 21:55:49 +0200 Subject: ndpiReader now prints (-v) the flows with the correct direction --- example/ndpiReader.c | 28 +++++++++++++++++----------- example/ndpi_util.c | 22 ++++++++++------------ example/ndpi_util.h | 2 +- 3 files changed, 28 insertions(+), 24 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index b0b21b2b3..ca06e98b8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -553,17 +553,23 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if(!json_flag) { fprintf(out, "\t%u", ++num_flows); - fprintf(out, "\t%s %s%s%s:%u <-> %s%s%s:%u ", - ipProto2Name(flow->protocol), - (flow->ip_version == 6) ? "[" : "", - flow->lower_name, - (flow->ip_version == 6) ? "]" : "", - ntohs(flow->lower_port), - (flow->ip_version == 6) ? "[" : "", - flow->upper_name, - (flow->ip_version == 6) ? "]" : "", - ntohs(flow->upper_port)); - + fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); + + if(flow->src_to_dst_direction == 1) + fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", + (flow->ip_version == 6) ? "[" : "", + flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port), + (flow->ip_version == 6) ? "[" : "", + flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port) + ); + else + fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", + (flow->ip_version == 6) ? "[" : "", + flow->upper_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->upper_port), + (flow->ip_version == 6) ? "[" : "", + flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port) + ); + if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); if(flow->detected_protocol.master_protocol) { diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 783f05c86..445ade1ac 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -260,9 +260,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) { u_int tcp_len; + // tcp workflow->stats.tcp_count++; - - // tcp *tcph = (struct ndpi_tcphdr *)l4; *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest); @@ -287,12 +286,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len); *payload = &l4[tcp_len]; *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); - - // udp } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { + // udp workflow->stats.udp_count++; - *udph = (struct ndpi_udphdr *)l4; *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest); *payload = &l4[sizeof(struct ndpi_udphdr)]; @@ -335,7 +332,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(ret == NULL) { if(workflow->stats.ndpi_flow_count == workflow->prefs.max_ndpi_flows) { - NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, "maximum flow count (%u) has been exceeded\n", workflow->prefs.max_ndpi_flows); + NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, + "maximum flow count (%u) has been exceeded\n", + workflow->prefs.max_ndpi_flows); exit(-1); } else { struct ndpi_flow_info *newflow = (struct ndpi_flow_info*)malloc(sizeof(struct ndpi_flow_info)); @@ -350,7 +349,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow newflow->lower_ip = lower_ip, newflow->upper_ip = upper_ip; newflow->lower_port = lower_port, newflow->upper_port = upper_port; newflow->ip_version = version; - + newflow->src_to_dst_direction = *src_to_dst_direction; + if(version == IPVERSION) { inet_ntop(AF_INET, &lower_ip, newflow->lower_name, sizeof(newflow->lower_name)); inet_ntop(AF_INET, &upper_ip, newflow->upper_name, sizeof(newflow->upper_name)); @@ -520,7 +520,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, struct ndpi_udphdr *udph = NULL; u_int16_t sport, dport, payload_len; u_int8_t *payload; - u_int8_t src_to_dst_direction= 1; + u_int8_t src_to_dst_direction = 1; if(iph) flow = get_ndpi_flow_info(workflow, IPVERSION, vlan_id, iph, NULL, @@ -542,9 +542,8 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, ndpi_flow = flow->ndpi_flow; flow->packets++, flow->bytes += rawsize; flow->last_seen = time; - } else { + } else return(flow->detected_protocol); - } /* Protocol already detected */ if(flow->detection_completed) return(flow->detected_protocol); @@ -556,8 +555,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { - /* New protocol detected or give up */ - + /* New protocol detected or give up */ flow->detection_completed = 1; } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index a8e21d673..335c94ddf 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -46,7 +46,7 @@ typedef struct ndpi_flow_info { u_int32_t upper_ip; u_int16_t lower_port; u_int16_t upper_port; - u_int8_t detection_completed, protocol; + u_int8_t detection_completed, protocol, src_to_dst_direction; u_int16_t vlan_id; struct ndpi_flow_struct *ndpi_flow; char lower_name[48], upper_name[48]; -- cgit v1.2.3 From 4cc54cceb5514acce67bf577f2116ee97505d805 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 19 Apr 2017 23:31:45 +0200 Subject: Added port stats when verbose mode (-v) is used --- example/ndpiReader.c | 113 +++++- example/uthash.h | 1096 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1200 insertions(+), 9 deletions(-) create mode 100644 example/uthash.h diff --git a/example/ndpiReader.c b/example/ndpiReader.c index ca06e98b8..2b02093cb 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -44,6 +44,7 @@ #include #include "../config.h" #include "ndpi_api.h" +#include "uthash.h" #ifdef HAVE_JSON_C #include @@ -81,9 +82,17 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +struct port_stats { + u_int32_t port; /* we'll use this field as the key */ + u_int32_t num_pkts, num_bytes; + UT_hash_handle hh; /* makes this structure hashable */ +}; + +struct port_stats *srcStats = NULL, *dstStats = NULL; + struct ndpi_packet_trailer { - u_int32_t magic; /* 0x19682017 */ - u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; + u_int32_t magic; /* 0x19682017 */ + u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; }; static pcap_dumper_t *extcap_dumper = NULL; @@ -554,7 +563,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { fprintf(out, "\t%u", ++num_flows); fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); - + if(flow->src_to_dst_direction == 1) fprintf(out, "%s%s%s:%u <-> %s%s%s:%u ", (flow->ip_version == 6) ? "[" : "", @@ -569,7 +578,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { (flow->ip_version == 6) ? "[" : "", flow->lower_name, (flow->ip_version == 6) ? "]" : "", ntohs(flow->lower_port) ); - + if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); if(flow->detected_protocol.master_protocol) { @@ -703,7 +712,6 @@ static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi * @brief Proto Guess Walker */ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t thread_id = *((u_int16_t *) user_data); @@ -725,6 +733,53 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } } +/* *********************************************** */ + +static void updatePortStats(struct port_stats **stats, u_int32_t port, u_int32_t num_pkts, u_int32_t num_bytes) { + struct port_stats *s; + + HASH_FIND_INT(*stats, &port, s); + if(s == NULL) { + s = (struct port_stats*)malloc(sizeof(struct port_stats)); + if(!s) return; + + s->port = port, s->num_pkts = 0, s->num_bytes = 0; + HASH_ADD_INT(*stats, port, s); + } + + s->num_pkts += num_pkts, s->num_bytes += num_bytes; +} + +/* *********************************************** */ + +static void deletePortsStats(struct port_stats *stats) { + struct port_stats *current_port, *tmp; + + HASH_ITER(hh, stats, current_port, tmp) { + HASH_DEL(stats, current_port); + free(current_port); + } +} + +/* *********************************************** */ + +/** + * @brief Ports stats + */ +static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { + struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; + u_int16_t sport, dport; + + if(flow->src_to_dst_direction == 1) + sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); + else + sport = ntohs(flow->upper_port), dport = ntohs(flow->lower_port); + + updatePortStats(&srcStats, sport, flow->packets, flow->bytes); + updatePortStats(&dstStats, dport, flow->packets, flow->bytes); +} + +/* *********************************************** */ /** * @brief Idle Scan Walker @@ -929,12 +984,12 @@ static void json_init() { } #endif +/* *********************************************** */ /** * @brief Bytes stats format */ char* formatBytes(u_int32_t howMuch, char *buf, u_int buf_len) { - char unit = 'B'; if(howMuch < 1024) { @@ -956,6 +1011,29 @@ char* formatBytes(u_int32_t howMuch, char *buf, u_int buf_len) { return(buf); } +/* *********************************************** */ + +static int port_stats_sort(void *_a, void *_b) { + struct port_stats *a = (struct port_stats*)_a; + struct port_stats *b = (struct port_stats*)_b; + + return(b->num_pkts - a->num_pkts); +} + +/* *********************************************** */ + +void printPortStats(struct port_stats *stats) { + struct port_stats *s, *tmp; + int i = 0; + + HASH_ITER(hh, stats, s, tmp) { + i++; + printf("\t%2d\tPort %5u\t[%u pkts/%u bytes]\n", i, s->port, s->num_pkts, s->num_bytes); + if(i >= 10) break; + } +} + +/* *********************************************** */ /** * @brief Print result @@ -973,17 +1051,24 @@ static void printResults(u_int64_t tot_usec) { json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; - + memset(&cumulative_stats, 0, sizeof(cumulative_stats)); - for(thread_id = 0; thread_id < num_threads; thread_id++) { + for(thread_id = 0; thread_id < num_threads; thread_id++) { if((ndpi_thread_info[thread_id].workflow->stats.total_wire_bytes == 0) && (ndpi_thread_info[thread_id].workflow->stats.raw_packet_count == 0)) continue; - for(i=0; indpi_flows_root[i], node_proto_guess_walker, &thread_id); + if(verbose) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); + } + if(verbose) { + HASH_SORT(srcStats, port_stats_sort); + HASH_SORT(dstStats, port_stats_sort); + } + /* Stats aggregation */ cumulative_stats.guessed_flow_protocols += ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols; cumulative_stats.raw_packet_count += ndpi_thread_info[thread_id].workflow->stats.raw_packet_count; @@ -1204,6 +1289,16 @@ static void printResults(u_int64_t tot_usec) { fclose(json_fp); #endif } + + if(verbose) { + printf("\n\nSource Ports Stats:\n"); + printPortStats(srcStats); + + printf("\nDestination Ports Stats:\n"); + printPortStats(dstStats); + + deletePortsStats(srcStats), deletePortsStats(dstStats); + } } diff --git a/example/uthash.h b/example/uthash.h new file mode 100644 index 000000000..f78a73b86 --- /dev/null +++ b/example/uthash.h @@ -0,0 +1,1096 @@ +/* +Copyright (c) 2003-2017, Troy D. Hanson http://troydhanson.github.com/uthash/ +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER +OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#ifndef UTHASH_H +#define UTHASH_H + +#define UTHASH_VERSION 2.0.2 + +#include /* memcmp,strlen */ +#include /* ptrdiff_t */ +#include /* exit() */ + +/* These macros use decltype or the earlier __typeof GNU extension. + As decltype is only available in newer compilers (VS2010 or gcc 4.3+ + when compiling c++ source) this code uses whatever method is needed + or, for VS2008 where neither is available, uses casting workarounds. */ +#if !defined(DECLTYPE) && !defined(NO_DECLTYPE) +#if defined(_MSC_VER) /* MS compiler */ +#if _MSC_VER >= 1600 && defined(__cplusplus) /* VS2010 or newer in C++ mode */ +#define DECLTYPE(x) (decltype(x)) +#else /* VS2008 or older (or VS2010 in C mode) */ +#define NO_DECLTYPE +#endif +#elif defined(__BORLANDC__) || defined(__ICCARM__) || defined(__LCC__) || defined(__WATCOMC__) +#define NO_DECLTYPE +#else /* GNU, Sun and other compilers */ +#define DECLTYPE(x) (__typeof(x)) +#endif +#endif + +#ifdef NO_DECLTYPE +#define DECLTYPE(x) +#define DECLTYPE_ASSIGN(dst,src) \ +do { \ + char **_da_dst = (char**)(&(dst)); \ + *_da_dst = (char*)(src); \ +} while (0) +#else +#define DECLTYPE_ASSIGN(dst,src) \ +do { \ + (dst) = DECLTYPE(dst)(src); \ +} while (0) +#endif + +/* a number of the hash function use uint32_t which isn't defined on Pre VS2010 */ +#if defined(_WIN32) +#if defined(_MSC_VER) && _MSC_VER >= 1600 +#include +#elif defined(__WATCOMC__) || defined(__MINGW32__) || defined(__CYGWIN__) +#include +#else +typedef unsigned int uint32_t; +typedef unsigned char uint8_t; +#endif +#elif defined(__GNUC__) && !defined(__VXWORKS__) +#include +#else +typedef unsigned int uint32_t; +typedef unsigned char uint8_t; +#endif + +#ifndef uthash_fatal +#define uthash_fatal(msg) exit(-1) /* fatal error (out of memory,etc) */ +#endif +#ifndef uthash_malloc +#define uthash_malloc(sz) malloc(sz) /* malloc fcn */ +#endif +#ifndef uthash_free +#define uthash_free(ptr,sz) free(ptr) /* free fcn */ +#endif +#ifndef uthash_strlen +#define uthash_strlen(s) strlen(s) +#endif +#ifndef uthash_memcmp +#define uthash_memcmp(a,b,n) memcmp(a,b,n) +#endif + +#ifndef uthash_noexpand_fyi +#define uthash_noexpand_fyi(tbl) /* can be defined to log noexpand */ +#endif +#ifndef uthash_expand_fyi +#define uthash_expand_fyi(tbl) /* can be defined to log expands */ +#endif + +/* initial number of buckets */ +#define HASH_INITIAL_NUM_BUCKETS 32U /* initial number of buckets */ +#define HASH_INITIAL_NUM_BUCKETS_LOG2 5U /* lg2 of initial number of buckets */ +#define HASH_BKT_CAPACITY_THRESH 10U /* expand when bucket count reaches */ + +/* calculate the element whose hash handle address is hhp */ +#define ELMT_FROM_HH(tbl,hhp) ((void*)(((char*)(hhp)) - ((tbl)->hho))) +/* calculate the hash handle from element address elp */ +#define HH_FROM_ELMT(tbl,elp) ((UT_hash_handle *)(((char*)(elp)) + ((tbl)->hho))) + +#define HASH_VALUE(keyptr,keylen,hashv) \ +do { \ + HASH_FCN(keyptr, keylen, hashv); \ +} while (0) + +#define HASH_FIND_BYHASHVALUE(hh,head,keyptr,keylen,hashval,out) \ +do { \ + (out) = NULL; \ + if (head) { \ + unsigned _hf_bkt; \ + HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _hf_bkt); \ + if (HASH_BLOOM_TEST((head)->hh.tbl, hashval) != 0) { \ + HASH_FIND_IN_BKT((head)->hh.tbl, hh, (head)->hh.tbl->buckets[ _hf_bkt ], keyptr, keylen, hashval, out); \ + } \ + } \ +} while (0) + +#define HASH_FIND(hh,head,keyptr,keylen,out) \ +do { \ + unsigned _hf_hashv; \ + HASH_VALUE(keyptr, keylen, _hf_hashv); \ + HASH_FIND_BYHASHVALUE(hh, head, keyptr, keylen, _hf_hashv, out); \ +} while (0) + +#ifdef HASH_BLOOM +#define HASH_BLOOM_BITLEN (1UL << HASH_BLOOM) +#define HASH_BLOOM_BYTELEN (HASH_BLOOM_BITLEN/8UL) + (((HASH_BLOOM_BITLEN%8UL)!=0UL) ? 1UL : 0UL) +#define HASH_BLOOM_MAKE(tbl) \ +do { \ + (tbl)->bloom_nbits = HASH_BLOOM; \ + (tbl)->bloom_bv = (uint8_t*)uthash_malloc(HASH_BLOOM_BYTELEN); \ + if (!((tbl)->bloom_bv)) { uthash_fatal( "out of memory"); } \ + memset((tbl)->bloom_bv, 0, HASH_BLOOM_BYTELEN); \ + (tbl)->bloom_sig = HASH_BLOOM_SIGNATURE; \ +} while (0) + +#define HASH_BLOOM_FREE(tbl) \ +do { \ + uthash_free((tbl)->bloom_bv, HASH_BLOOM_BYTELEN); \ +} while (0) + +#define HASH_BLOOM_BITSET(bv,idx) (bv[(idx)/8U] |= (1U << ((idx)%8U))) +#define HASH_BLOOM_BITTEST(bv,idx) (bv[(idx)/8U] & (1U << ((idx)%8U))) + +#define HASH_BLOOM_ADD(tbl,hashv) \ + HASH_BLOOM_BITSET((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U))) + +#define HASH_BLOOM_TEST(tbl,hashv) \ + HASH_BLOOM_BITTEST((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1U))) + +#else +#define HASH_BLOOM_MAKE(tbl) +#define HASH_BLOOM_FREE(tbl) +#define HASH_BLOOM_ADD(tbl,hashv) +#define HASH_BLOOM_TEST(tbl,hashv) (1) +#define HASH_BLOOM_BYTELEN 0U +#endif + +#define HASH_MAKE_TABLE(hh,head) \ +do { \ + (head)->hh.tbl = (UT_hash_table*)uthash_malloc( \ + sizeof(UT_hash_table)); \ + if (!((head)->hh.tbl)) { uthash_fatal( "out of memory"); } \ + memset((head)->hh.tbl, 0, sizeof(UT_hash_table)); \ + (head)->hh.tbl->tail = &((head)->hh); \ + (head)->hh.tbl->num_buckets = HASH_INITIAL_NUM_BUCKETS; \ + (head)->hh.tbl->log2_num_buckets = HASH_INITIAL_NUM_BUCKETS_LOG2; \ + (head)->hh.tbl->hho = (char*)(&(head)->hh) - (char*)(head); \ + (head)->hh.tbl->buckets = (UT_hash_bucket*)uthash_malloc( \ + HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket)); \ + if (! (head)->hh.tbl->buckets) { uthash_fatal( "out of memory"); } \ + memset((head)->hh.tbl->buckets, 0, \ + HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket)); \ + HASH_BLOOM_MAKE((head)->hh.tbl); \ + (head)->hh.tbl->signature = HASH_SIGNATURE; \ +} while (0) + +#define HASH_REPLACE_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,replaced,cmpfcn) \ +do { \ + (replaced) = NULL; \ + HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \ + if (replaced) { \ + HASH_DELETE(hh, head, replaced); \ + } \ + HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn); \ +} while (0) + +#define HASH_REPLACE_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add,replaced) \ +do { \ + (replaced) = NULL; \ + HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \ + if (replaced) { \ + HASH_DELETE(hh, head, replaced); \ + } \ + HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add); \ +} while (0) + +#define HASH_REPLACE(hh,head,fieldname,keylen_in,add,replaced) \ +do { \ + unsigned _hr_hashv; \ + HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv); \ + HASH_REPLACE_BYHASHVALUE(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced); \ +} while (0) + +#define HASH_REPLACE_INORDER(hh,head,fieldname,keylen_in,add,replaced,cmpfcn) \ +do { \ + unsigned _hr_hashv; \ + HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv); \ + HASH_REPLACE_BYHASHVALUE_INORDER(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced, cmpfcn); \ +} while (0) + +#define HASH_APPEND_LIST(hh, head, add) \ +do { \ + (add)->hh.next = NULL; \ + (add)->hh.prev = ELMT_FROM_HH((head)->hh.tbl, (head)->hh.tbl->tail); \ + (head)->hh.tbl->tail->next = (add); \ + (head)->hh.tbl->tail = &((add)->hh); \ +} while (0) + +#define HASH_AKBI_INNER_LOOP(hh,head,add,cmpfcn) \ +do { \ + do { \ + if (cmpfcn(DECLTYPE(head)(_hs_iter), add) > 0) \ + break; \ + } while ((_hs_iter = HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->next)); \ +} while (0) + +#ifdef NO_DECLTYPE +#undef HASH_AKBI_INNER_LOOP +#define HASH_AKBI_INNER_LOOP(hh,head,add,cmpfcn) \ +do { \ + char *_hs_saved_head = (char*)(head); \ + do { \ + DECLTYPE_ASSIGN(head, _hs_iter); \ + if (cmpfcn(head, add) > 0) { \ + DECLTYPE_ASSIGN(head, _hs_saved_head); \ + break; \ + } \ + DECLTYPE_ASSIGN(head, _hs_saved_head); \ + } while ((_hs_iter = HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->next)); \ +} while (0) +#endif + +#define HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh,head,keyptr,keylen_in,hashval,add,cmpfcn) \ +do { \ + unsigned _ha_bkt; \ + (add)->hh.hashv = (hashval); \ + (add)->hh.key = (char*) (keyptr); \ + (add)->hh.keylen = (unsigned) (keylen_in); \ + if (!(head)) { \ + (add)->hh.next = NULL; \ + (add)->hh.prev = NULL; \ + (head) = (add); \ + HASH_MAKE_TABLE(hh, head); \ + } else { \ + void *_hs_iter = (head); \ + (add)->hh.tbl = (head)->hh.tbl; \ + HASH_AKBI_INNER_LOOP(hh, head, add, cmpfcn); \ + if (_hs_iter) { \ + (add)->hh.next = _hs_iter; \ + if (((add)->hh.prev = HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->prev)) { \ + HH_FROM_ELMT((head)->hh.tbl, (add)->hh.prev)->next = (add); \ + } else { \ + (head) = (add); \ + } \ + HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->prev = (add); \ + } else { \ + HASH_APPEND_LIST(hh, head, add); \ + } \ + } \ + (head)->hh.tbl->num_items++; \ + HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt); \ + HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh); \ + HASH_BLOOM_ADD((head)->hh.tbl, hashval); \ + HASH_EMIT_KEY(hh, head, keyptr, keylen_in); \ + HASH_FSCK(hh, head); \ +} while (0) + +#define HASH_ADD_KEYPTR_INORDER(hh,head,keyptr,keylen_in,add,cmpfcn) \ +do { \ + unsigned _hs_hashv; \ + HASH_VALUE(keyptr, keylen_in, _hs_hashv); \ + HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, keyptr, keylen_in, _hs_hashv, add, cmpfcn); \ +} while (0) + +#define HASH_ADD_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,cmpfcn) \ + HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn) + +#define HASH_ADD_INORDER(hh,head,fieldname,keylen_in,add,cmpfcn) \ + HASH_ADD_KEYPTR_INORDER(hh, head, &((add)->fieldname), keylen_in, add, cmpfcn) + +#define HASH_ADD_KEYPTR_BYHASHVALUE(hh,head,keyptr,keylen_in,hashval,add) \ +do { \ + unsigned _ha_bkt; \ + (add)->hh.hashv = (hashval); \ + (add)->hh.key = (char*) (keyptr); \ + (add)->hh.keylen = (unsigned) (keylen_in); \ + if (!(head)) { \ + (add)->hh.next = NULL; \ + (add)->hh.prev = NULL; \ + (head) = (add); \ + HASH_MAKE_TABLE(hh, head); \ + } else { \ + (add)->hh.tbl = (head)->hh.tbl; \ + HASH_APPEND_LIST(hh, head, add); \ + } \ + (head)->hh.tbl->num_items++; \ + HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt); \ + HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], &(add)->hh); \ + HASH_BLOOM_ADD((head)->hh.tbl, hashval); \ + HASH_EMIT_KEY(hh, head, keyptr, keylen_in); \ + HASH_FSCK(hh, head); \ +} while (0) + +#define HASH_ADD_KEYPTR(hh,head,keyptr,keylen_in,add) \ +do { \ + unsigned _ha_hashv; \ + HASH_VALUE(keyptr, keylen_in, _ha_hashv); \ + HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, keyptr, keylen_in, _ha_hashv, add); \ +} while (0) + +#define HASH_ADD_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add) \ + HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add) + +#define HASH_ADD(hh,head,fieldname,keylen_in,add) \ + HASH_ADD_KEYPTR(hh, head, &((add)->fieldname), keylen_in, add) + +#define HASH_TO_BKT(hashv,num_bkts,bkt) \ +do { \ + bkt = ((hashv) & ((num_bkts) - 1U)); \ +} while (0) + +/* delete "delptr" from the hash table. + * "the usual" patch-up process for the app-order doubly-linked-list. + * The use of _hd_hh_del below deserves special explanation. + * These used to be expressed using (delptr) but that led to a bug + * if someone used the same symbol for the head and deletee, like + * HASH_DELETE(hh,users,users); + * We want that to work, but by changing the head (users) below + * we were forfeiting our ability to further refer to the deletee (users) + * in the patch-up process. Solution: use scratch space to + * copy the deletee pointer, then the latter references are via that + * scratch pointer rather than through the repointed (users) symbol. + */ +#define HASH_DELETE(hh,head,delptr) \ +do { \ + struct UT_hash_handle *_hd_hh_del; \ + if ( ((delptr)->hh.prev == NULL) && ((delptr)->hh.next == NULL) ) { \ + uthash_free((head)->hh.tbl->buckets, \ + (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \ + HASH_BLOOM_FREE((head)->hh.tbl); \ + uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ + head = NULL; \ + } else { \ + unsigned _hd_bkt; \ + _hd_hh_del = &((delptr)->hh); \ + if ((delptr) == ELMT_FROM_HH((head)->hh.tbl,(head)->hh.tbl->tail)) { \ + (head)->hh.tbl->tail = \ + (UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) + \ + (head)->hh.tbl->hho); \ + } \ + if ((delptr)->hh.prev != NULL) { \ + ((UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) + \ + (head)->hh.tbl->hho))->next = (delptr)->hh.next; \ + } else { \ + DECLTYPE_ASSIGN(head,(delptr)->hh.next); \ + } \ + if (_hd_hh_del->next != NULL) { \ + ((UT_hash_handle*)((ptrdiff_t)_hd_hh_del->next + \ + (head)->hh.tbl->hho))->prev = \ + _hd_hh_del->prev; \ + } \ + HASH_TO_BKT( _hd_hh_del->hashv, (head)->hh.tbl->num_buckets, _hd_bkt); \ + HASH_DEL_IN_BKT(hh,(head)->hh.tbl->buckets[_hd_bkt], _hd_hh_del); \ + (head)->hh.tbl->num_items--; \ + } \ + HASH_FSCK(hh,head); \ +} while (0) + + +/* convenience forms of HASH_FIND/HASH_ADD/HASH_DEL */ +#define HASH_FIND_STR(head,findstr,out) \ + HASH_FIND(hh,head,findstr,(unsigned)uthash_strlen(findstr),out) +#define HASH_ADD_STR(head,strfield,add) \ + HASH_ADD(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add) +#define HASH_REPLACE_STR(head,strfield,add,replaced) \ + HASH_REPLACE(hh,head,strfield[0],(unsigned)uthash_strlen(add->strfield),add,replaced) +#define HASH_FIND_INT(head,findint,out) \ + HASH_FIND(hh,head,findint,sizeof(int),out) +#define HASH_ADD_INT(head,intfield,add) \ + HASH_ADD(hh,head,intfield,sizeof(int),add) +#define HASH_REPLACE_INT(head,intfield,add,replaced) \ + HASH_REPLACE(hh,head,intfield,sizeof(int),add,replaced) +#define HASH_FIND_PTR(head,findptr,out) \ + HASH_FIND(hh,head,findptr,sizeof(void *),out) +#define HASH_ADD_PTR(head,ptrfield,add) \ + HASH_ADD(hh,head,ptrfield,sizeof(void *),add) +#define HASH_REPLACE_PTR(head,ptrfield,add,replaced) \ + HASH_REPLACE(hh,head,ptrfield,sizeof(void *),add,replaced) +#define HASH_DEL(head,delptr) \ + HASH_DELETE(hh,head,delptr) + +/* HASH_FSCK checks hash integrity on every add/delete when HASH_DEBUG is defined. + * This is for uthash developer only; it compiles away if HASH_DEBUG isn't defined. + */ +#ifdef HASH_DEBUG +#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0) +#define HASH_FSCK(hh,head) \ +do { \ + struct UT_hash_handle *_thh; \ + if (head) { \ + unsigned _bkt_i; \ + unsigned _count; \ + char *_prev; \ + _count = 0; \ + for( _bkt_i = 0; _bkt_i < (head)->hh.tbl->num_buckets; _bkt_i++) { \ + unsigned _bkt_count = 0; \ + _thh = (head)->hh.tbl->buckets[_bkt_i].hh_head; \ + _prev = NULL; \ + while (_thh) { \ + if (_prev != (char*)(_thh->hh_prev)) { \ + HASH_OOPS("invalid hh_prev %p, actual %p\n", \ + _thh->hh_prev, _prev ); \ + } \ + _bkt_count++; \ + _prev = (char*)(_thh); \ + _thh = _thh->hh_next; \ + } \ + _count += _bkt_count; \ + if ((head)->hh.tbl->buckets[_bkt_i].count != _bkt_count) { \ + HASH_OOPS("invalid bucket count %u, actual %u\n", \ + (head)->hh.tbl->buckets[_bkt_i].count, _bkt_count); \ + } \ + } \ + if (_count != (head)->hh.tbl->num_items) { \ + HASH_OOPS("invalid hh item count %u, actual %u\n", \ + (head)->hh.tbl->num_items, _count ); \ + } \ + /* traverse hh in app order; check next/prev integrity, count */ \ + _count = 0; \ + _prev = NULL; \ + _thh = &(head)->hh; \ + while (_thh) { \ + _count++; \ + if (_prev !=(char*)(_thh->prev)) { \ + HASH_OOPS("invalid prev %p, actual %p\n", \ + _thh->prev, _prev ); \ + } \ + _prev = (char*)ELMT_FROM_HH((head)->hh.tbl, _thh); \ + _thh = ( _thh->next ? (UT_hash_handle*)((char*)(_thh->next) + \ + (head)->hh.tbl->hho) : NULL ); \ + } \ + if (_count != (head)->hh.tbl->num_items) { \ + HASH_OOPS("invalid app item count %u, actual %u\n", \ + (head)->hh.tbl->num_items, _count ); \ + } \ + } \ +} while (0) +#else +#define HASH_FSCK(hh,head) +#endif + +/* When compiled with -DHASH_EMIT_KEYS, length-prefixed keys are emitted to + * the descriptor to which this macro is defined for tuning the hash function. + * The app can #include to get the prototype for write(2). */ +#ifdef HASH_EMIT_KEYS +#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen) \ +do { \ + unsigned _klen = fieldlen; \ + write(HASH_EMIT_KEYS, &_klen, sizeof(_klen)); \ + write(HASH_EMIT_KEYS, keyptr, (unsigned long)fieldlen); \ +} while (0) +#else +#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen) +#endif + +/* default to Jenkin's hash unless overridden e.g. DHASH_FUNCTION=HASH_SAX */ +#ifdef HASH_FUNCTION +#define HASH_FCN HASH_FUNCTION +#else +#define HASH_FCN HASH_JEN +#endif + +/* The Bernstein hash function, used in Perl prior to v5.6. Note (x<<5+x)=x*33. */ +#define HASH_BER(key,keylen,hashv) \ +do { \ + unsigned _hb_keylen=(unsigned)keylen; \ + const unsigned char *_hb_key=(const unsigned char*)(key); \ + (hashv) = 0; \ + while (_hb_keylen-- != 0U) { \ + (hashv) = (((hashv) << 5) + (hashv)) + *_hb_key++; \ + } \ +} while (0) + + +/* SAX/FNV/OAT/JEN hash functions are macro variants of those listed at + * http://eternallyconfuzzled.com/tuts/algorithms/jsw_tut_hashing.aspx */ +#define HASH_SAX(key,keylen,hashv) \ +do { \ + unsigned _sx_i; \ + const unsigned char *_hs_key=(const unsigned char*)(key); \ + hashv = 0; \ + for(_sx_i=0; _sx_i < keylen; _sx_i++) { \ + hashv ^= (hashv << 5) + (hashv >> 2) + _hs_key[_sx_i]; \ + } \ +} while (0) +/* FNV-1a variation */ +#define HASH_FNV(key,keylen,hashv) \ +do { \ + unsigned _fn_i; \ + const unsigned char *_hf_key=(const unsigned char*)(key); \ + hashv = 2166136261U; \ + for(_fn_i=0; _fn_i < keylen; _fn_i++) { \ + hashv = hashv ^ _hf_key[_fn_i]; \ + hashv = hashv * 16777619U; \ + } \ +} while (0) + +#define HASH_OAT(key,keylen,hashv) \ +do { \ + unsigned _ho_i; \ + const unsigned char *_ho_key=(const unsigned char*)(key); \ + hashv = 0; \ + for(_ho_i=0; _ho_i < keylen; _ho_i++) { \ + hashv += _ho_key[_ho_i]; \ + hashv += (hashv << 10); \ + hashv ^= (hashv >> 6); \ + } \ + hashv += (hashv << 3); \ + hashv ^= (hashv >> 11); \ + hashv += (hashv << 15); \ +} while (0) + +#define HASH_JEN_MIX(a,b,c) \ +do { \ + a -= b; a -= c; a ^= ( c >> 13 ); \ + b -= c; b -= a; b ^= ( a << 8 ); \ + c -= a; c -= b; c ^= ( b >> 13 ); \ + a -= b; a -= c; a ^= ( c >> 12 ); \ + b -= c; b -= a; b ^= ( a << 16 ); \ + c -= a; c -= b; c ^= ( b >> 5 ); \ + a -= b; a -= c; a ^= ( c >> 3 ); \ + b -= c; b -= a; b ^= ( a << 10 ); \ + c -= a; c -= b; c ^= ( b >> 15 ); \ +} while (0) + +#define HASH_JEN(key,keylen,hashv) \ +do { \ + unsigned _hj_i,_hj_j,_hj_k; \ + unsigned const char *_hj_key=(unsigned const char*)(key); \ + hashv = 0xfeedbeefu; \ + _hj_i = _hj_j = 0x9e3779b9u; \ + _hj_k = (unsigned)(keylen); \ + while (_hj_k >= 12U) { \ + _hj_i += (_hj_key[0] + ( (unsigned)_hj_key[1] << 8 ) \ + + ( (unsigned)_hj_key[2] << 16 ) \ + + ( (unsigned)_hj_key[3] << 24 ) ); \ + _hj_j += (_hj_key[4] + ( (unsigned)_hj_key[5] << 8 ) \ + + ( (unsigned)_hj_key[6] << 16 ) \ + + ( (unsigned)_hj_key[7] << 24 ) ); \ + hashv += (_hj_key[8] + ( (unsigned)_hj_key[9] << 8 ) \ + + ( (unsigned)_hj_key[10] << 16 ) \ + + ( (unsigned)_hj_key[11] << 24 ) ); \ + \ + HASH_JEN_MIX(_hj_i, _hj_j, hashv); \ + \ + _hj_key += 12; \ + _hj_k -= 12U; \ + } \ + hashv += (unsigned)(keylen); \ + switch ( _hj_k ) { \ + case 11: hashv += ( (unsigned)_hj_key[10] << 24 ); /* FALLTHROUGH */ \ + case 10: hashv += ( (unsigned)_hj_key[9] << 16 ); /* FALLTHROUGH */ \ + case 9: hashv += ( (unsigned)_hj_key[8] << 8 ); /* FALLTHROUGH */ \ + case 8: _hj_j += ( (unsigned)_hj_key[7] << 24 ); /* FALLTHROUGH */ \ + case 7: _hj_j += ( (unsigned)_hj_key[6] << 16 ); /* FALLTHROUGH */ \ + case 6: _hj_j += ( (unsigned)_hj_key[5] << 8 ); /* FALLTHROUGH */ \ + case 5: _hj_j += _hj_key[4]; /* FALLTHROUGH */ \ + case 4: _hj_i += ( (unsigned)_hj_key[3] << 24 ); /* FALLTHROUGH */ \ + case 3: _hj_i += ( (unsigned)_hj_key[2] << 16 ); /* FALLTHROUGH */ \ + case 2: _hj_i += ( (unsigned)_hj_key[1] << 8 ); /* FALLTHROUGH */ \ + case 1: _hj_i += _hj_key[0]; \ + } \ + HASH_JEN_MIX(_hj_i, _hj_j, hashv); \ +} while (0) + +/* The Paul Hsieh hash function */ +#undef get16bits +#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__) \ + || defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__) +#define get16bits(d) (*((const uint16_t *) (d))) +#endif + +#if !defined (get16bits) +#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8) \ + +(uint32_t)(((const uint8_t *)(d))[0]) ) +#endif +#define HASH_SFH(key,keylen,hashv) \ +do { \ + unsigned const char *_sfh_key=(unsigned const char*)(key); \ + uint32_t _sfh_tmp, _sfh_len = (uint32_t)keylen; \ + \ + unsigned _sfh_rem = _sfh_len & 3U; \ + _sfh_len >>= 2; \ + hashv = 0xcafebabeu; \ + \ + /* Main loop */ \ + for (;_sfh_len > 0U; _sfh_len--) { \ + hashv += get16bits (_sfh_key); \ + _sfh_tmp = ((uint32_t)(get16bits (_sfh_key+2)) << 11) ^ hashv; \ + hashv = (hashv << 16) ^ _sfh_tmp; \ + _sfh_key += 2U*sizeof (uint16_t); \ + hashv += hashv >> 11; \ + } \ + \ + /* Handle end cases */ \ + switch (_sfh_rem) { \ + case 3: hashv += get16bits (_sfh_key); \ + hashv ^= hashv << 16; \ + hashv ^= (uint32_t)(_sfh_key[sizeof (uint16_t)]) << 18; \ + hashv += hashv >> 11; \ + break; \ + case 2: hashv += get16bits (_sfh_key); \ + hashv ^= hashv << 11; \ + hashv += hashv >> 17; \ + break; \ + case 1: hashv += *_sfh_key; \ + hashv ^= hashv << 10; \ + hashv += hashv >> 1; \ + } \ + \ + /* Force "avalanching" of final 127 bits */ \ + hashv ^= hashv << 3; \ + hashv += hashv >> 5; \ + hashv ^= hashv << 4; \ + hashv += hashv >> 17; \ + hashv ^= hashv << 25; \ + hashv += hashv >> 6; \ +} while (0) + +#ifdef HASH_USING_NO_STRICT_ALIASING +/* The MurmurHash exploits some CPU's (x86,x86_64) tolerance for unaligned reads. + * For other types of CPU's (e.g. Sparc) an unaligned read causes a bus error. + * MurmurHash uses the faster approach only on CPU's where we know it's safe. + * + * Note the preprocessor built-in defines can be emitted using: + * + * gcc -m64 -dM -E - < /dev/null (on gcc) + * cc -## a.c (where a.c is a simple test file) (Sun Studio) + */ +#if (defined(__i386__) || defined(__x86_64__) || defined(_M_IX86)) +#define MUR_GETBLOCK(p,i) p[i] +#else /* non intel */ +#define MUR_PLUS0_ALIGNED(p) (((unsigned long)p & 3UL) == 0UL) +#define MUR_PLUS1_ALIGNED(p) (((unsigned long)p & 3UL) == 1UL) +#define MUR_PLUS2_ALIGNED(p) (((unsigned long)p & 3UL) == 2UL) +#define MUR_PLUS3_ALIGNED(p) (((unsigned long)p & 3UL) == 3UL) +#define WP(p) ((uint32_t*)((unsigned long)(p) & ~3UL)) +#if (defined(__BIG_ENDIAN__) || defined(SPARC) || defined(__ppc__) || defined(__ppc64__)) +#define MUR_THREE_ONE(p) ((((*WP(p))&0x00ffffff) << 8) | (((*(WP(p)+1))&0xff000000) >> 24)) +#define MUR_TWO_TWO(p) ((((*WP(p))&0x0000ffff) <<16) | (((*(WP(p)+1))&0xffff0000) >> 16)) +#define MUR_ONE_THREE(p) ((((*WP(p))&0x000000ff) <<24) | (((*(WP(p)+1))&0xffffff00) >> 8)) +#else /* assume little endian non-intel */ +#define MUR_THREE_ONE(p) ((((*WP(p))&0xffffff00) >> 8) | (((*(WP(p)+1))&0x000000ff) << 24)) +#define MUR_TWO_TWO(p) ((((*WP(p))&0xffff0000) >>16) | (((*(WP(p)+1))&0x0000ffff) << 16)) +#define MUR_ONE_THREE(p) ((((*WP(p))&0xff000000) >>24) | (((*(WP(p)+1))&0x00ffffff) << 8)) +#endif +#define MUR_GETBLOCK(p,i) (MUR_PLUS0_ALIGNED(p) ? ((p)[i]) : \ + (MUR_PLUS1_ALIGNED(p) ? MUR_THREE_ONE(p) : \ + (MUR_PLUS2_ALIGNED(p) ? MUR_TWO_TWO(p) : \ + MUR_ONE_THREE(p)))) +#endif +#define MUR_ROTL32(x,r) (((x) << (r)) | ((x) >> (32 - (r)))) +#define MUR_FMIX(_h) \ +do { \ + _h ^= _h >> 16; \ + _h *= 0x85ebca6bu; \ + _h ^= _h >> 13; \ + _h *= 0xc2b2ae35u; \ + _h ^= _h >> 16; \ +} while (0) + +#define HASH_MUR(key,keylen,hashv) \ +do { \ + const uint8_t *_mur_data = (const uint8_t*)(key); \ + const int _mur_nblocks = (int)(keylen) / 4; \ + uint32_t _mur_h1 = 0xf88D5353u; \ + uint32_t _mur_c1 = 0xcc9e2d51u; \ + uint32_t _mur_c2 = 0x1b873593u; \ + uint32_t _mur_k1 = 0; \ + const uint8_t *_mur_tail; \ + const uint32_t *_mur_blocks = (const uint32_t*)(_mur_data+(_mur_nblocks*4)); \ + int _mur_i; \ + for(_mur_i = -_mur_nblocks; _mur_i!=0; _mur_i++) { \ + _mur_k1 = MUR_GETBLOCK(_mur_blocks,_mur_i); \ + _mur_k1 *= _mur_c1; \ + _mur_k1 = MUR_ROTL32(_mur_k1,15); \ + _mur_k1 *= _mur_c2; \ + \ + _mur_h1 ^= _mur_k1; \ + _mur_h1 = MUR_ROTL32(_mur_h1,13); \ + _mur_h1 = (_mur_h1*5U) + 0xe6546b64u; \ + } \ + _mur_tail = (const uint8_t*)(_mur_data + (_mur_nblocks*4)); \ + _mur_k1=0; \ + switch((keylen) & 3U) { \ + case 3: _mur_k1 ^= (uint32_t)_mur_tail[2] << 16; /* FALLTHROUGH */ \ + case 2: _mur_k1 ^= (uint32_t)_mur_tail[1] << 8; /* FALLTHROUGH */ \ + case 1: _mur_k1 ^= (uint32_t)_mur_tail[0]; \ + _mur_k1 *= _mur_c1; \ + _mur_k1 = MUR_ROTL32(_mur_k1,15); \ + _mur_k1 *= _mur_c2; \ + _mur_h1 ^= _mur_k1; \ + } \ + _mur_h1 ^= (uint32_t)(keylen); \ + MUR_FMIX(_mur_h1); \ + hashv = _mur_h1; \ +} while (0) +#endif /* HASH_USING_NO_STRICT_ALIASING */ + +/* iterate over items in a known bucket to find desired item */ +#define HASH_FIND_IN_BKT(tbl,hh,head,keyptr,keylen_in,hashval,out) \ +do { \ + if ((head).hh_head != NULL) { \ + DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (head).hh_head)); \ + } else { \ + (out) = NULL; \ + } \ + while ((out) != NULL) { \ + if ((out)->hh.hashv == (hashval) && (out)->hh.keylen == (keylen_in)) { \ + if (uthash_memcmp((out)->hh.key, keyptr, keylen_in) == 0) { \ + break; \ + } \ + } \ + if ((out)->hh.hh_next != NULL) { \ + DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (out)->hh.hh_next)); \ + } else { \ + (out) = NULL; \ + } \ + } \ +} while (0) + +/* add an item to a bucket */ +#define HASH_ADD_TO_BKT(head,addhh) \ +do { \ + head.count++; \ + (addhh)->hh_next = head.hh_head; \ + (addhh)->hh_prev = NULL; \ + if (head.hh_head != NULL) { (head).hh_head->hh_prev = (addhh); } \ + (head).hh_head=addhh; \ + if ((head.count >= ((head.expand_mult+1U) * HASH_BKT_CAPACITY_THRESH)) \ + && ((addhh)->tbl->noexpand != 1U)) { \ + HASH_EXPAND_BUCKETS((addhh)->tbl); \ + } \ +} while (0) + +/* remove an item from a given bucket */ +#define HASH_DEL_IN_BKT(hh,head,hh_del) \ + (head).count--; \ + if ((head).hh_head == hh_del) { \ + (head).hh_head = hh_del->hh_next; \ + } \ + if (hh_del->hh_prev) { \ + hh_del->hh_prev->hh_next = hh_del->hh_next; \ + } \ + if (hh_del->hh_next) { \ + hh_del->hh_next->hh_prev = hh_del->hh_prev; \ + } + +/* Bucket expansion has the effect of doubling the number of buckets + * and redistributing the items into the new buckets. Ideally the + * items will distribute more or less evenly into the new buckets + * (the extent to which this is true is a measure of the quality of + * the hash function as it applies to the key domain). + * + * With the items distributed into more buckets, the chain length + * (item count) in each bucket is reduced. Thus by expanding buckets + * the hash keeps a bound on the chain length. This bounded chain + * length is the essence of how a hash provides constant time lookup. + * + * The calculation of tbl->ideal_chain_maxlen below deserves some + * explanation. First, keep in mind that we're calculating the ideal + * maximum chain length based on the *new* (doubled) bucket count. + * In fractions this is just n/b (n=number of items,b=new num buckets). + * Since the ideal chain length is an integer, we want to calculate + * ceil(n/b). We don't depend on floating point arithmetic in this + * hash, so to calculate ceil(n/b) with integers we could write + * + * ceil(n/b) = (n/b) + ((n%b)?1:0) + * + * and in fact a previous version of this hash did just that. + * But now we have improved things a bit by recognizing that b is + * always a power of two. We keep its base 2 log handy (call it lb), + * so now we can write this with a bit shift and logical AND: + * + * ceil(n/b) = (n>>lb) + ( (n & (b-1)) ? 1:0) + * + */ +#define HASH_EXPAND_BUCKETS(tbl) \ +do { \ + unsigned _he_bkt; \ + unsigned _he_bkt_i; \ + struct UT_hash_handle *_he_thh, *_he_hh_nxt; \ + UT_hash_bucket *_he_new_buckets, *_he_newbkt; \ + _he_new_buckets = (UT_hash_bucket*)uthash_malloc( \ + 2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket)); \ + if (!_he_new_buckets) { uthash_fatal( "out of memory"); } \ + memset(_he_new_buckets, 0, \ + 2UL * tbl->num_buckets * sizeof(struct UT_hash_bucket)); \ + tbl->ideal_chain_maxlen = \ + (tbl->num_items >> (tbl->log2_num_buckets+1U)) + \ + (((tbl->num_items & ((tbl->num_buckets*2U)-1U)) != 0U) ? 1U : 0U); \ + tbl->nonideal_items = 0; \ + for(_he_bkt_i = 0; _he_bkt_i < tbl->num_buckets; _he_bkt_i++) \ + { \ + _he_thh = tbl->buckets[ _he_bkt_i ].hh_head; \ + while (_he_thh != NULL) { \ + _he_hh_nxt = _he_thh->hh_next; \ + HASH_TO_BKT( _he_thh->hashv, tbl->num_buckets*2U, _he_bkt); \ + _he_newbkt = &(_he_new_buckets[ _he_bkt ]); \ + if (++(_he_newbkt->count) > tbl->ideal_chain_maxlen) { \ + tbl->nonideal_items++; \ + _he_newbkt->expand_mult = _he_newbkt->count / \ + tbl->ideal_chain_maxlen; \ + } \ + _he_thh->hh_prev = NULL; \ + _he_thh->hh_next = _he_newbkt->hh_head; \ + if (_he_newbkt->hh_head != NULL) { _he_newbkt->hh_head->hh_prev = \ + _he_thh; } \ + _he_newbkt->hh_head = _he_thh; \ + _he_thh = _he_hh_nxt; \ + } \ + } \ + uthash_free( tbl->buckets, tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \ + tbl->num_buckets *= 2U; \ + tbl->log2_num_buckets++; \ + tbl->buckets = _he_new_buckets; \ + tbl->ineff_expands = (tbl->nonideal_items > (tbl->num_items >> 1)) ? \ + (tbl->ineff_expands+1U) : 0U; \ + if (tbl->ineff_expands > 1U) { \ + tbl->noexpand=1; \ + uthash_noexpand_fyi(tbl); \ + } \ + uthash_expand_fyi(tbl); \ +} while (0) + + +/* This is an adaptation of Simon Tatham's O(n log(n)) mergesort */ +/* Note that HASH_SORT assumes the hash handle name to be hh. + * HASH_SRT was added to allow the hash handle name to be passed in. */ +#define HASH_SORT(head,cmpfcn) HASH_SRT(hh,head,cmpfcn) +#define HASH_SRT(hh,head,cmpfcn) \ +do { \ + unsigned _hs_i; \ + unsigned _hs_looping,_hs_nmerges,_hs_insize,_hs_psize,_hs_qsize; \ + struct UT_hash_handle *_hs_p, *_hs_q, *_hs_e, *_hs_list, *_hs_tail; \ + if (head != NULL) { \ + _hs_insize = 1; \ + _hs_looping = 1; \ + _hs_list = &((head)->hh); \ + while (_hs_looping != 0U) { \ + _hs_p = _hs_list; \ + _hs_list = NULL; \ + _hs_tail = NULL; \ + _hs_nmerges = 0; \ + while (_hs_p != NULL) { \ + _hs_nmerges++; \ + _hs_q = _hs_p; \ + _hs_psize = 0; \ + for ( _hs_i = 0; _hs_i < _hs_insize; _hs_i++ ) { \ + _hs_psize++; \ + _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ? \ + ((void*)((char*)(_hs_q->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + if (! (_hs_q) ) { break; } \ + } \ + _hs_qsize = _hs_insize; \ + while ((_hs_psize > 0U) || ((_hs_qsize > 0U) && (_hs_q != NULL))) {\ + if (_hs_psize == 0U) { \ + _hs_e = _hs_q; \ + _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ? \ + ((void*)((char*)(_hs_q->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + _hs_qsize--; \ + } else if ( (_hs_qsize == 0U) || (_hs_q == NULL) ) { \ + _hs_e = _hs_p; \ + if (_hs_p != NULL){ \ + _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ? \ + ((void*)((char*)(_hs_p->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + } \ + _hs_psize--; \ + } else if (( \ + cmpfcn(DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_p)), \ + DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_q))) \ + ) <= 0) { \ + _hs_e = _hs_p; \ + if (_hs_p != NULL){ \ + _hs_p = (UT_hash_handle*)((_hs_p->next != NULL) ? \ + ((void*)((char*)(_hs_p->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + } \ + _hs_psize--; \ + } else { \ + _hs_e = _hs_q; \ + _hs_q = (UT_hash_handle*)((_hs_q->next != NULL) ? \ + ((void*)((char*)(_hs_q->next) + \ + (head)->hh.tbl->hho)) : NULL); \ + _hs_qsize--; \ + } \ + if ( _hs_tail != NULL ) { \ + _hs_tail->next = ((_hs_e != NULL) ? \ + ELMT_FROM_HH((head)->hh.tbl,_hs_e) : NULL); \ + } else { \ + _hs_list = _hs_e; \ + } \ + if (_hs_e != NULL) { \ + _hs_e->prev = ((_hs_tail != NULL) ? \ + ELMT_FROM_HH((head)->hh.tbl,_hs_tail) : NULL); \ + } \ + _hs_tail = _hs_e; \ + } \ + _hs_p = _hs_q; \ + } \ + if (_hs_tail != NULL){ \ + _hs_tail->next = NULL; \ + } \ + if ( _hs_nmerges <= 1U ) { \ + _hs_looping=0; \ + (head)->hh.tbl->tail = _hs_tail; \ + DECLTYPE_ASSIGN(head,ELMT_FROM_HH((head)->hh.tbl, _hs_list)); \ + } \ + _hs_insize *= 2U; \ + } \ + HASH_FSCK(hh,head); \ + } \ +} while (0) + +/* This function selects items from one hash into another hash. + * The end result is that the selected items have dual presence + * in both hashes. There is no copy of the items made; rather + * they are added into the new hash through a secondary hash + * hash handle that must be present in the structure. */ +#define HASH_SELECT(hh_dst, dst, hh_src, src, cond) \ +do { \ + unsigned _src_bkt, _dst_bkt; \ + void *_last_elt=NULL, *_elt; \ + UT_hash_handle *_src_hh, *_dst_hh, *_last_elt_hh=NULL; \ + ptrdiff_t _dst_hho = ((char*)(&(dst)->hh_dst) - (char*)(dst)); \ + if (src != NULL) { \ + for(_src_bkt=0; _src_bkt < (src)->hh_src.tbl->num_buckets; _src_bkt++) { \ + for(_src_hh = (src)->hh_src.tbl->buckets[_src_bkt].hh_head; \ + _src_hh != NULL; \ + _src_hh = _src_hh->hh_next) { \ + _elt = ELMT_FROM_HH((src)->hh_src.tbl, _src_hh); \ + if (cond(_elt)) { \ + _dst_hh = (UT_hash_handle*)(((char*)_elt) + _dst_hho); \ + _dst_hh->key = _src_hh->key; \ + _dst_hh->keylen = _src_hh->keylen; \ + _dst_hh->hashv = _src_hh->hashv; \ + _dst_hh->prev = _last_elt; \ + _dst_hh->next = NULL; \ + if (_last_elt_hh != NULL) { _last_elt_hh->next = _elt; } \ + if (dst == NULL) { \ + DECLTYPE_ASSIGN(dst,_elt); \ + HASH_MAKE_TABLE(hh_dst,dst); \ + } else { \ + _dst_hh->tbl = (dst)->hh_dst.tbl; \ + } \ + HASH_TO_BKT(_dst_hh->hashv, _dst_hh->tbl->num_buckets, _dst_bkt); \ + HASH_ADD_TO_BKT(_dst_hh->tbl->buckets[_dst_bkt],_dst_hh); \ + (dst)->hh_dst.tbl->num_items++; \ + _last_elt = _elt; \ + _last_elt_hh = _dst_hh; \ + } \ + } \ + } \ + } \ + HASH_FSCK(hh_dst,dst); \ +} while (0) + +#define HASH_CLEAR(hh,head) \ +do { \ + if (head != NULL) { \ + uthash_free((head)->hh.tbl->buckets, \ + (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket)); \ + HASH_BLOOM_FREE((head)->hh.tbl); \ + uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ + (head)=NULL; \ + } \ +} while (0) + +#define HASH_OVERHEAD(hh,head) \ + ((head != NULL) ? ( \ + (size_t)(((head)->hh.tbl->num_items * sizeof(UT_hash_handle)) + \ + ((head)->hh.tbl->num_buckets * sizeof(UT_hash_bucket)) + \ + sizeof(UT_hash_table) + \ + (HASH_BLOOM_BYTELEN))) : 0U) + +#ifdef NO_DECLTYPE +#define HASH_ITER(hh,head,el,tmp) \ +for(((el)=(head)), ((*(char**)(&(tmp)))=(char*)((head!=NULL)?(head)->hh.next:NULL)); \ + (el) != NULL; ((el)=(tmp)), ((*(char**)(&(tmp)))=(char*)((tmp!=NULL)?(tmp)->hh.next:NULL))) +#else +#define HASH_ITER(hh,head,el,tmp) \ +for(((el)=(head)), ((tmp)=DECLTYPE(el)((head!=NULL)?(head)->hh.next:NULL)); \ + (el) != NULL; ((el)=(tmp)), ((tmp)=DECLTYPE(el)((tmp!=NULL)?(tmp)->hh.next:NULL))) +#endif + +/* obtain a count of items in the hash */ +#define HASH_COUNT(head) HASH_CNT(hh,head) +#define HASH_CNT(hh,head) ((head != NULL)?((head)->hh.tbl->num_items):0U) + +typedef struct UT_hash_bucket { + struct UT_hash_handle *hh_head; + unsigned count; + + /* expand_mult is normally set to 0. In this situation, the max chain length + * threshold is enforced at its default value, HASH_BKT_CAPACITY_THRESH. (If + * the bucket's chain exceeds this length, bucket expansion is triggered). + * However, setting expand_mult to a non-zero value delays bucket expansion + * (that would be triggered by additions to this particular bucket) + * until its chain length reaches a *multiple* of HASH_BKT_CAPACITY_THRESH. + * (The multiplier is simply expand_mult+1). The whole idea of this + * multiplier is to reduce bucket expansions, since they are expensive, in + * situations where we know that a particular bucket tends to be overused. + * It is better to let its chain length grow to a longer yet-still-bounded + * value, than to do an O(n) bucket expansion too often. + */ + unsigned expand_mult; + +} UT_hash_bucket; + +/* random signature used only to find hash tables in external analysis */ +#define HASH_SIGNATURE 0xa0111fe1u +#define HASH_BLOOM_SIGNATURE 0xb12220f2u + +typedef struct UT_hash_table { + UT_hash_bucket *buckets; + unsigned num_buckets, log2_num_buckets; + unsigned num_items; + struct UT_hash_handle *tail; /* tail hh in app order, for fast append */ + ptrdiff_t hho; /* hash handle offset (byte pos of hash handle in element */ + + /* in an ideal situation (all buckets used equally), no bucket would have + * more than ceil(#items/#buckets) items. that's the ideal chain length. */ + unsigned ideal_chain_maxlen; + + /* nonideal_items is the number of items in the hash whose chain position + * exceeds the ideal chain maxlen. these items pay the penalty for an uneven + * hash distribution; reaching them in a chain traversal takes >ideal steps */ + unsigned nonideal_items; + + /* ineffective expands occur when a bucket doubling was performed, but + * afterward, more than half the items in the hash had nonideal chain + * positions. If this happens on two consecutive expansions we inhibit any + * further expansion, as it's not helping; this happens when the hash + * function isn't a good fit for the key domain. When expansion is inhibited + * the hash will still work, albeit no longer in constant time. */ + unsigned ineff_expands, noexpand; + + uint32_t signature; /* used only to find hash tables in external analysis */ +#ifdef HASH_BLOOM + uint32_t bloom_sig; /* used only to test bloom exists in external analysis */ + uint8_t *bloom_bv; + uint8_t bloom_nbits; +#endif + +} UT_hash_table; + +typedef struct UT_hash_handle { + struct UT_hash_table *tbl; + void *prev; /* prev element in app order */ + void *next; /* next element in app order */ + struct UT_hash_handle *hh_prev; /* previous hh in bucket order */ + struct UT_hash_handle *hh_next; /* next hh in bucket order */ + void *key; /* ptr to enclosing struct's key */ + unsigned keylen; /* enclosing struct's key len */ + unsigned hashv; /* result of hash-fcn(key) */ +} UT_hash_handle; + +#endif /* UTHASH_H */ -- cgit v1.2.3 From 6581579d37fedcf406d8e4e02315dc020ab26da3 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 20 Apr 2017 17:57:40 +0200 Subject: update flow thanks to commit a9c01ded174ed380a2d135cfb9b903f616b0e175 --- tests/result/1kxun.pcap.out | 66 ++--- tests/result/6in4tunnel.pcap.out | 6 +- tests/result/Instagram.pcap.out | 22 +- tests/result/KakaoTalk_chat.pcap.out | 62 ++--- tests/result/KakaoTalk_talk.pcap.out | 24 +- tests/result/NTPv2.pcap.out | 2 +- tests/result/NTPv3.pcap.out | 2 +- tests/result/NTPv4.pcap.out | 2 +- tests/result/Viber_session.pcap.out | 58 ++--- tests/result/amqp.pcap.out | 2 +- tests/result/bittorrent.pcap.out | 4 +- tests/result/bittorrent_utp.pcap.out | 2 +- tests/result/coap_mqtt.pcap.out | 12 +- tests/result/dnscrypt.pcap.out | 8 +- tests/result/dropbox.pcap.out | 4 +- tests/result/git.pcap.out | 2 +- tests/result/google_ssl.pcap.out | 2 +- tests/result/hangout.pcap.out | 2 +- tests/result/http_ipv6.pcap.out | 22 +- tests/result/mpeg.pcap.out | 2 +- tests/result/mpegts.pcap.out | 2 +- tests/result/mssql_tds.pcap.out | 24 +- tests/result/netflix.pcap.out | 32 +-- tests/result/pps.pcap.out | 18 +- tests/result/quic.pcap.out | 8 +- tests/result/quickplay.pcap.out | 42 ++-- tests/result/rx.pcap.out | 8 +- tests/result/skype.pcap.out | 392 +++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 364 +++++++++++++-------------- tests/result/smpp_in_general.pcap.out | 2 +- tests/result/starcraft_battle.pcap.out | 26 +- tests/result/teredo.pcap.out | 6 +- tests/result/tor.pcap.out | 18 +- tests/result/viber_mobile.pcap.out | 124 +++++----- tests/result/vnc.pcap.out | 4 +- tests/result/waze.pcap.out | 12 +- tests/result/webex.pcap.out | 4 +- tests/result/wechat.pcap.out | 40 +-- tests/result/weibo.pcap.out | 52 ++-- tests/result/whatsapp_login_call.pcap.out | 6 +- tests/result/whatsapp_login_chat.pcap.out | 4 +- 41 files changed, 747 insertions(+), 747 deletions(-) diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 4eea2595d..f0e7365a9 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -15,38 +15,38 @@ LLMNR 89 6799 47 Lync 2 132 1 1kxun 967 535718 28 - 1 TCP 192.168.5.16:53406 <-> 119.235.235.84:443 [proto: 91/SSL][23 pkts/7434 bytes] + 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][23 pkts/7434 bytes] 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] - 3 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:53938 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] - 4 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:61548 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] - 5 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:58468 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] + 3 UDP [ff02::1:3]:53938 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] + 4 UDP [ff02::1:3]:61548 <-> [fe80::9bd:81dd:2fdc:5750]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] + 5 UDP [ff02::1:3]:58468 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] 6 UDP 192.168.2.186:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3642 bytes][client: 1] 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3638 bytes][client: 1] 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][client: 1] - 10 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:64568 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] - 11 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:61172 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] + 10 UDP [ff02::1:3]:64568 <-> [fe80::9bd:81dd:2fdc:5750]:5355 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] + 11 UDP [ff02::1:3]:61172 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] - 13 UDP [fe80::4568:efbc:40b1:1346]:5355 <-> [ff02::1:3]:50194 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] - 14 UDP 168.95.1.1:53 <-> 192.168.5.16:63372 [proto: 5/DNS][2 pkts/378 bytes][Host: dl-obs.official.line.naver.jp] + 13 UDP [ff02::1:3]:50194 <-> [fe80::4568:efbc:40b1:1346]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] + 14 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][2 pkts/378 bytes][Host: dl-obs.official.line.naver.jp] 15 UDP 192.168.5.45:59461 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] 16 UDP 192.168.5.45:59789 <-> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][13 pkts/1452 bytes][Host: 218.244.135.170:9099] 18 UDP 192.168.5.48:49701 <-> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes] - 19 UDP [fe80::4568:efbc:40b1:1346]:5355 <-> [ff02::1:3]:57148 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] + 19 UDP [ff02::1:3]:57148 <-> [fe80::4568:efbc:40b1:1346]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: kevin-pc] 20 UDP 192.168.3.95:51451 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] 21 UDP 192.168.5.44:51389 <-> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes] - 22 UDP 192.168.119.1:67 <-> 192.168.5.16:68 [proto: 18/DHCP][4 pkts/1368 bytes][Host: macbook-air] + 22 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: macbook-air] 23 UDP 192.168.5.41:55593 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: kevin-pc] 24 UDP 192.168.101.33:55485 <-> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes] 25 UDP 192.168.3.236:56043 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes][Host: isatap] - 26 UDP 8.8.8.8:53 <-> 192.168.115.8:51024 [proto: 5.205/DNS.1kxun][3 pkts/272 bytes][Host: jp.kankan.1kxun.mobi] + 26 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/272 bytes][Host: jp.kankan.1kxun.mobi] 27 UDP 192.168.5.57:55809 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes] 28 UDP 192.168.5.50:57143 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes][Host: charming-pc] 29 UDP 192.168.5.37:57325 <-> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes] 30 UDP 192.168.3.95:58779 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] 31 UDP 192.168.5.44:59571 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] - 32 UDP 8.8.8.8:53 <-> 192.168.115.8:54420 [proto: 5.48/DNS.QQ][3 pkts/266 bytes][Host: vv.video.qq.com] + 32 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][3 pkts/266 bytes][Host: vv.video.qq.com] 33 UDP 192.168.5.48:59797 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: kasper-mac] 34 UDP 192.168.5.47:60267 <-> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes] 35 UDP 192.168.10.110:60480 <-> 255.255.255.255:62976 [proto: 205/1kxun][5 pkts/1795 bytes] @@ -54,34 +54,34 @@ Lync 2 132 1 37 UDP 192.168.3.236:62069 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: wangs-ltw] 38 UDP 192.168.125.30:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] 39 UDP 192.168.10.7:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes] - 40 UDP [fe80::e034:7be:d8f9:6197]:5355 <-> [ff02::1:3]:57143 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] + 40 UDP [ff02::1:3]:57143 <-> [fe80::e034:7be:d8f9:6197]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] 41 UDP 192.168.140.140:62976 <-> 255.255.255.255:62976 [proto: 205/1kxun][1 pkts/359 bytes] - 42 UDP 8.8.8.8:53 <-> 192.168.115.8:60724 [proto: 5.205/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] - 43 UDP [fe80::edf5:240a:c8c0:8312]:5355 <-> [ff02::1:3]:61603 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] + 42 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] + 43 UDP [ff02::1:3]:61603 <-> [fe80::edf5:240a:c8c0:8312]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] 44 UDP 192.168.5.49:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes] 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][33 pkts/11721 bytes][Host: 42.120.51.152:8080] 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] - 47 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:51451 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 47 UDP [ff02::1:3]:51451 <-> [fe80::e98f:bae2:19f7:6b0f]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com] 49 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][65 pkts/48989 bytes][Host: pic.1kxun.com] 50 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][58 pkts/45577 bytes][Host: pic.1kxun.com] 51 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][50 pkts/35747 bytes][Host: jp.kankan.1kxun.mobi] - 52 UDP [fe80::f65c:89ff:fe89:e607]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][1 pkts/98 bytes] - 53 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:58779 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 52 UDP [ff02::1:2]:546 <-> [fe80::f65c:89ff:fe89:e607]:547 [proto: 103/DHCPV6][1 pkts/98 bytes] + 53 UDP [ff02::1:3]:58779 <-> [fe80::e98f:bae2:19f7:6b0f]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] 54 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes][Host: shen] 55 UDP 59.120.208.218:50151 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] - 56 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:49735 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] + 56 UDP [ff02::1:3]:49735 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][14 pkts/2295 bytes][Host: 183.131.48.145] - 58 UDP 168.95.1.1:53 <-> 192.168.115.8:52723 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] + 58 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] 59 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][25 pkts/4950 bytes][Host: vv.video.qq.com] 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][6 pkts/352 bytes] - 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 <-> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] + 61 UDP [ff02::c]:1900 <-> [fe80::9bd:81dd:2fdc:5750]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][2 pkts/120 bytes] 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][client: 1] 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][14 pkts/2386 bytes][Host: kankan.1kxun.com] - 66 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:63659 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] - 67 UDP [fe80::406:55a8:6453:25dd]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][5 pkts/490 bytes] + 66 UDP [ff02::1:3]:63659 <-> [fe80::5d92:62a8:ebde:1319]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] + 67 UDP [ff02::1:2]:546 <-> [fe80::406:55a8:6453:25dd]:547 [proto: 103/DHCPV6][5 pkts/490 bytes] 68 UDP 192.168.5.50:49766 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] 69 UDP 192.168.5.50:50030 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes][Host: charming-pc] 70 UDP 192.168.115.8:51458 <-> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes][Host: wpad] @@ -99,14 +99,14 @@ Lync 2 132 1 82 UDP 192.168.3.95:54888 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes][Host: 小佛專機] 83 UDP 192.168.5.41:55312 <-> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes] 84 UDP 192.168.5.9:55484 <-> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] - 85 UDP [fe80::e034:7be:d8f9:6197]:5355 <-> [ff02::1:3]:49766 [proto: 154/LLMNR][2 pkts/182 bytes][Host: charming-pc] + 85 UDP [ff02::1:3]:49766 <-> [fe80::e034:7be:d8f9:6197]:5355 [proto: 154/LLMNR][2 pkts/182 bytes][Host: charming-pc] 86 UDP 192.168.5.37:56366 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: notebook] - 87 UDP 8.8.8.8:53 <-> 192.168.115.8:52723 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] + 87 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][3 pkts/260 bytes][Host: kankan.1kxun.com] 88 UDP 192.168.101.33:58456 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] 89 UDP 192.168.5.9:58456 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes][Host: joanna-pc] 90 UDP 192.168.5.44:58702 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: jason-pc] 91 UDP 192.168.5.44:59062 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes][Host: jason-pc] - 92 UDP [fe80::edf5:240a:c8c0:8312]:5355 <-> [ff02::1:3]:53962 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] + 92 UDP [ff02::1:3]:53962 <-> [fe80::edf5:240a:c8c0:8312]:5355 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] 93 UDP 192.168.3.236:59730 <-> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes][Host: sonusav] 94 UDP 192.168.3.95:59468 <-> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes] 95 UDP 192.168.5.49:61548 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes][Host: caesar-thinkpad] @@ -124,8 +124,8 @@ Lync 2 132 1 107 UDP 192.168.119.1:67 <-> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes] 108 UDP 192.168.5.9:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: joanna-pc] 109 UDP 192.168.5.41:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: kevin-pc] - 110 UDP [fe80::beee:7bff:fe0c:b3de]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][4 pkts/392 bytes] - 111 UDP [fe80::e034:7be:d8f9:6197]:5355 <-> [ff02::1:3]:62756 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] + 110 UDP [ff02::1:2]:546 <-> [fe80::beee:7bff:fe0c:b3de]:547 [proto: 103/DHCPV6][4 pkts/392 bytes] + 111 UDP [ff02::1:3]:62756 <-> [fe80::e034:7be:d8f9:6197]:5355 [proto: 154/LLMNR][1 pkts/91 bytes][Host: charming-pc] 112 UDP 59.120.208.212:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][1 pkts/82 bytes] 113 UDP 192.168.5.64:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes] 114 TCP 192.168.5.16:53605 <-> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes] @@ -136,14 +136,14 @@ Lync 2 132 1 119 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][61 pkts/51677 bytes][Host: pic.1kxun.com] 120 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][34 pkts/25580 bytes][Host: pic.1kxun.com] 121 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][13 pkts/3410 bytes][Host: jp.kankan.1kxun.mobi] - 122 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:54888 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] + 122 UDP [ff02::1:3]:54888 <-> [fe80::e98f:bae2:19f7:6b0f]:5355 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] Undetected flows: 1 UDP 192.168.0.100:50925 <-> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes] - 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 <-> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes] - 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 <-> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes] + 2 UDP [ff02::1]:62976 <-> [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 [proto: 0/Unknown][2 pkts/782 bytes] + 3 UDP [ff02::1]:62976 <-> [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 [proto: 0/Unknown][2 pkts/782 bytes] 4 UDP 192.168.119.1:56861 <-> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes] - 5 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 <-> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes] - 6 UDP [fe80::4e5e:cff:feea:365]:5678 <-> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes] + 5 UDP [ff02::1]:5678 <-> [fe80::4e5e:cff:fe9a:ec54]:5678 [proto: 0/Unknown][1 pkts/185 bytes] + 6 UDP [ff02::1]:5678 <-> [fe80::4e5e:cff:feea:365]:5678 [proto: 0/Unknown][1 pkts/197 bytes] 7 UDP 192.168.119.2:43786 <-> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index bc6b7973b..60ff3e343 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,13 +4,13 @@ SSL 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c::2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] + 1 TCP [2a03:2880:1010:6f03:face:b00c::2]:53234 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] - 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] + 3 TCP [2604:a880:1:20::224:b001]:60205 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] 4 ICMPV6 [2001:470:1f16:13f::2]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] 7 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][46 pkts/6348 bytes] 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][2 pkts/258 bytes] 9 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/406 bytes][Host: star.c10r.facebook.com] - 10 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:80 <-> [2604:a880:1:20::224:b001]:41538 [proto: 7/HTTP][10 pkts/1792 bytes][Host: mail.tomasu.net] + 10 TCP [2604:a880:1:20::224:b001]:41538 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:80 [proto: 7/HTTP][10 pkts/1792 bytes][Host: mail.tomasu.net] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 0e2f4620c..edd889471 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -7,31 +7,31 @@ Dropbox 5 725 2 Instagram 363 255094 16 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] - 2 UDP 8.8.8.8:53 <-> 192.168.0.103:26540 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] - 3 UDP 8.8.8.8:53 <-> 192.168.0.103:27124 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] - 4 TCP 31.13.93.52:443 <-> 192.168.0.103:33763 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] - 5 TCP 31.13.93.52:443 <-> 192.168.0.103:33935 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] + 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] + 3 UDP 192.168.0.103:27124 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] + 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] + 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] - 8 TCP 77.67.29.17:80 <-> 192.168.0.103:33976 [proto: 7/HTTP][34 pkts/29039 bytes] + 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][34 pkts/29039 bytes] 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] - 15 TCP 173.252.107.4:443 <-> 192.168.0.103:56382 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] + 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] - 17 UDP 8.8.8.8:53 <-> 192.168.0.103:33603 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 18 TCP 31.13.93.52:443 <-> 192.168.0.103:33936 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] + 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] + 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] - 22 TCP 192.168.0.103:40855 <-> 46.33.70.150:80 [proto: 7/HTTP][2 pkts/140 bytes] - 23 UDP 8.8.8.8:53 <-> 192.168.0.103:51219 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] + 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][2 pkts/140 bytes] + 23 UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][17 pkts/6369 bytes][client: igcdn-photos-h-a.akamaihd.net] 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] - 26 TCP 192.168.0.103:41562 <-> 92.122.48.138:80 [proto: 7/HTTP][25 pkts/23525 bytes] + 26 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][25 pkts/23525 bytes] 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][81 pkts/53416 bytes][Host: photos-e.ak.instagram.com] 28 TCP 192.168.0.103:58690 <-> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes] 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][client: igcdn-photos-g-a.akamaihd.net] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index fa510f8ba..4fee1d276 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -8,41 +8,41 @@ HTTP_Proxy 26 3926 1 Amazon 2 181 1 KakaoTalk 55 9990 15 - 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] - 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] - 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] - 4 TCP 10.24.82.188:34503 <-> 120.28.26.242:80 [proto: 7/HTTP][1 pkts/56 bytes] + 1 UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] + 2 UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] + 3 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] + 4 TCP 120.28.26.242:80 <-> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes] 5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes] - 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] - 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] + 6 UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] + 7 UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] 8 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] - 10 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] - 11 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] - 12 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] - 13 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] - 14 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] - 15 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] - 16 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] - 17 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] - 18 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 19 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 10 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] + 11 UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] + 12 UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] + 13 UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] + 14 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] + 15 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] + 16 UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] + 17 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] + 18 UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] + 19 UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] - 21 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] - 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] - 23 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] + 21 UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] + 22 TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] + 23 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] - 25 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] - 26 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 27 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] - 28 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] + 25 UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] + 26 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] + 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] + 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] - 30 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] - 31 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] - 32 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 33 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] - 34 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] - 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] - 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] - 37 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] + 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] + 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][5 pkts/280 bytes] + 32 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 33 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] + 34 TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] + 35 TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] + 36 TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] + 37 TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 96d39ede2..ec1315984 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -10,23 +10,23 @@ Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 WeChat 15 1727 1 - 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] + 1 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][5 pkts/280 bytes] 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] - 3 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes] + 3 TCP 173.194.117.229:443 <-> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes] 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] - 5 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] + 5 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] - 7 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] + 7 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] - 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] + 9 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] - 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] + 11 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] + 12 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][40 pkts/10538 bytes] 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] - 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] - 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] - 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] - 18 UDP 1.201.1.174:23044 <-> 10.24.82.188:11320 [proto: 87/RTP][1503 pkts/200241 bytes] - 19 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] + 15 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] + 16 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][1488 pkts/198510 bytes] + 17 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] + 18 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][1503 pkts/200241 bytes] + 19 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] 20 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] diff --git a/tests/result/NTPv2.pcap.out b/tests/result/NTPv2.pcap.out index 960fbe062..8172344ec 100644 --- a/tests/result/NTPv2.pcap.out +++ b/tests/result/NTPv2.pcap.out @@ -1,3 +1,3 @@ NTP 1 410 1 - 1 UDP 78.46.76.2:80 <-> 208.104.95.10:123 [proto: 9/NTP][1 pkts/410 bytes] + 1 UDP 208.104.95.10:123 <-> 78.46.76.2:80 [proto: 9/NTP][1 pkts/410 bytes] diff --git a/tests/result/NTPv3.pcap.out b/tests/result/NTPv3.pcap.out index 91d817e5e..54953afda 100644 --- a/tests/result/NTPv3.pcap.out +++ b/tests/result/NTPv3.pcap.out @@ -1,3 +1,3 @@ NTP 1 90 1 - 1 UDP 78.46.76.2:80 <-> 175.144.140.29:123 [proto: 9/NTP][1 pkts/90 bytes] + 1 UDP 175.144.140.29:123 <-> 78.46.76.2:80 [proto: 9/NTP][1 pkts/90 bytes] diff --git a/tests/result/NTPv4.pcap.out b/tests/result/NTPv4.pcap.out index fba0fd419..3794393bf 100644 --- a/tests/result/NTPv4.pcap.out +++ b/tests/result/NTPv4.pcap.out @@ -1,3 +1,3 @@ NTP 1 90 1 - 1 UDP 78.46.76.11:123 <-> 85.22.62.120:123 [proto: 9/NTP][1 pkts/90 bytes] + 1 UDP 85.22.62.120:123 <-> 78.46.76.11:123 [proto: 9/NTP][1 pkts/90 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 7cdc76e4f..81ef39da8 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -10,44 +10,44 @@ Google 50 4084 5 Viber 4163 392492 4 Amazon 1 66 1 - 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 126/Google][10 pkts/757 bytes] - 2 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][9 pkts/692 bytes] - 3 TCP 93.184.221.200:80 <-> 192.168.200.222:60828 [proto: 7/HTTP][1 pkts/60 bytes] - 4 TCP 158.85.58.23:443 <-> 192.168.200.222:44058 [proto: 91/SSL][5 pkts/412 bytes] + 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][10 pkts/757 bytes] + 2 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][9 pkts/692 bytes] + 3 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][5 pkts/412 bytes] 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][23 pkts/3345 bytes] 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 8 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes] - 9 TCP 54.169.63.186:443 <-> 192.168.200.222:39339 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 10 TCP 93.184.221.200:80 <-> 192.168.200.222:33161 [proto: 7/HTTP][1 pkts/60 bytes] + 8 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][1 pkts/66 bytes] + 9 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 10 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] - 12 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][1 pkts/60 bytes] - 13 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] - 14 TCP 112.124.219.93:80 <-> 192.168.200.222:46761 [proto: 7/HTTP][7 pkts/436 bytes] - 15 TCP 93.184.221.200:80 <-> 192.168.200.222:52977 [proto: 7/HTTP][1 pkts/60 bytes] + 12 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] + 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] + 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] + 15 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 20 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][5 pkts/424 bytes] - 21 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 22 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] - 23 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][12 pkts/1161 bytes] - 24 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] - 25 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][1 pkts/60 bytes] + 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] + 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] + 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] + 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][12 pkts/1161 bytes] + 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] + 25 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] - 27 UDP 54.169.63.186:7987 <-> 192.168.200.222:48564 [proto: 144/Viber][2 pkts/138 bytes] - 28 UDP 54.169.63.186:7985 <-> 192.168.200.222:48564 [proto: 144/Viber][4143 pkts/390781 bytes] - 29 TCP 93.184.221.200:80 <-> 192.168.200.222:50854 [proto: 7/HTTP][1 pkts/60 bytes] - 30 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes] - 31 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][16 pkts/1419 bytes][client: settings.crashlytics.com] + 27 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] + 28 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][4143 pkts/390781 bytes] + 29 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 30 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes] + 31 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][16 pkts/1419 bytes][client: settings.crashlytics.com] Undetected flows: - 1 TCP 113.31.80.142:7003 <-> 192.168.200.222:55554 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 175.157.52.135:37299 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 175.157.52.135:37301 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 113.31.80.142:7003 <-> 192.168.200.222:55565 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 10.216.246.82:59027 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 175.157.52.135:37300 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 175.157.52.135:37302 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out index 200394193..27b64d3d0 100644 --- a/tests/result/amqp.pcap.out +++ b/tests/result/amqp.pcap.out @@ -1,5 +1,5 @@ AMQP 160 23514 3 1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][108 pkts/14423 bytes] - 2 TCP 127.0.0.1:44204 <-> 127.0.1.1:5672 [proto: 192/AMQP][22 pkts/5026 bytes] + 2 TCP 127.0.1.1:5672 <-> 127.0.0.1:44204 [proto: 192/AMQP][22 pkts/5026 bytes] 3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][30 pkts/4065 bytes] diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out index 415673d20..a0993283b 100644 --- a/tests/result/bittorrent.pcap.out +++ b/tests/result/bittorrent.pcap.out @@ -1,7 +1,7 @@ BitTorrent 299 305728 24 1 TCP 192.168.1.3:52908 <-> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 2 TCP 79.53.228.2:14627 <-> 192.168.1.3:52896 [proto: 37/BitTorrent][5 pkts/1180 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 2 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][5 pkts/1180 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 3 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][5 pkts/1205 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 4 TCP 192.168.1.3:52925 <-> 93.65.227.100:19116 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 5 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][4 pkts/1401 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] @@ -17,7 +17,7 @@ BitTorrent 299 305728 24 15 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][7 pkts/1550 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 16 TCP 192.168.1.3:52893 <-> 79.55.129.22:12097 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 17 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][4 pkts/612 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] - 18 TCP 79.53.228.2:14627 <-> 192.168.1.3:52909 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] + 18 TCP 192.168.1.3:52909 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][1 pkts/134 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 19 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][6 pkts/1261 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 20 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][210 pkts/285139 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] 21 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][3 pkts/930 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126] diff --git a/tests/result/bittorrent_utp.pcap.out b/tests/result/bittorrent_utp.pcap.out index 2078b7210..2b64008b0 100644 --- a/tests/result/bittorrent_utp.pcap.out +++ b/tests/result/bittorrent_utp.pcap.out @@ -1,3 +1,3 @@ BitTorrent 86 41489 1 - 1 UDP 192.168.1.5:40959 <-> 82.243.113.43:64969 [proto: 37/BitTorrent][86 pkts/41489 bytes] + 1 UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][86 pkts/41489 bytes] diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index 67e3d3077..6deb36358 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -2,19 +2,19 @@ COAP 19 1614 8 Dropbox 800 80676 4 MQTT 7695 668291 4 - 1 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61043 [proto: 27/COAP][1 pkts/86 bytes] - 2 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61045 [proto: 27/COAP][1 pkts/86 bytes] - 3 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61047 [proto: 27/COAP][1 pkts/90 bytes] + 1 UDP [2001:620:8:35d9::10]:61043 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 2 UDP [2001:620:8:35d9::10]:61045 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 3 UDP [2001:620:8:35d9::10]:61047 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/90 bytes] 4 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] 5 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20194 bytes] 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][1926 pkts/167126 bytes] 7 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/404 bytes] 8 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][6 pkts/467 bytes] - 9 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61044 [proto: 27/COAP][1 pkts/86 bytes] - 10 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61046 [proto: 27/COAP][1 pkts/86 bytes] + 9 UDP [2001:620:8:35d9::10]:61044 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] + 10 UDP [2001:620:8:35d9::10]:61046 <-> [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 [proto: 27/COAP][1 pkts/86 bytes] 11 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 12 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][1922 pkts/166928 bytes] 14 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][1928 pkts/167509 bytes] - 15 TCP 192.168.56.1:53524 <-> 192.168.56.101:17501 [proto: 222/MQTT][1919 pkts/166728 bytes] + 15 TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][1919 pkts/166728 bytes] 16 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/309 bytes] diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out index db567cb70..618d7ef28 100644 --- a/tests/result/dnscrypt.pcap.out +++ b/tests/result/dnscrypt.pcap.out @@ -1,6 +1,6 @@ DNScrypt 111 44676 4 - 1 TCP 134.119.26.24:443 <-> 192.168.43.167:50258 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] - 2 TCP 134.119.26.24:443 <-> 192.168.43.167:50233 [proto: 91.208/SSL.DNScrypt][39 pkts/16368 bytes][client: simplednscrypt.org] - 3 TCP 134.119.26.24:443 <-> 192.168.43.167:50253 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] - 4 TCP 134.119.26.24:443 <-> 192.168.43.167:50259 [proto: 91.208/SSL.DNScrypt][36 pkts/11278 bytes][client: simplednscrypt.org] + 1 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] + 2 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][39 pkts/16368 bytes][client: simplednscrypt.org] + 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][18 pkts/8515 bytes][client: simplednscrypt.org] + 4 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][36 pkts/11278 bytes][client: simplednscrypt.org] diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index 786dc24de..cb9edfe34 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -21,11 +21,11 @@ Dropbox 1104 246122 16 17 UDP 192.168.1.101:4974 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] 18 UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/774 bytes][Host: client-cf.dropbox.com] 19 UDP 192.168.1.105:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] - 20 UDP 239.255.255.250:1900 <-> 192.168.1.254:50828 [proto: 12/SSDP][44 pkts/19936 bytes] + 20 UDP 192.168.1.254:50828 <-> 239.255.255.250:1900 [proto: 12/SSDP][44 pkts/19936 bytes] 21 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 22 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] 23 UDP 192.168.1.106:57268 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes] - 24 TCP 54.240.174.31:443 <-> 192.168.1.105:44949 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][client: client-cf.dropbox.com] + 24 TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][client: client-cf.dropbox.com] 25 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][20 pkts/3928 bytes][Host: log.getdropbox.com] 26 UDP 192.168.1.101:2169 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] 27 UDP 192.168.1.101:2141 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] diff --git a/tests/result/git.pcap.out b/tests/result/git.pcap.out index 665dad5a8..77e226d41 100644 --- a/tests/result/git.pcap.out +++ b/tests/result/git.pcap.out @@ -1,3 +1,3 @@ Git 90 74005 1 - 1 TCP 5.153.231.21:9418 <-> 192.168.0.77:47991 [proto: 226/Git][90 pkts/74005 bytes] + 1 TCP 192.168.0.77:47991 <-> 5.153.231.21:9418 [proto: 226/Git][90 pkts/74005 bytes] diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index 2e69420db..515659d48 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -1,3 +1,3 @@ Google 28 9108 1 - 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][server: www.google.com] + 1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][server: www.google.com] diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out index 7dff4f8e5..1cd3ffc5a 100644 --- a/tests/result/hangout.pcap.out +++ b/tests/result/hangout.pcap.out @@ -1,3 +1,3 @@ GoogleHangout 19 2774 1 - 1 UDP 10.89.61.13:56406 <-> 74.125.134.127:19305 [proto: 201/GoogleHangout][19 pkts/2774 bytes] + 1 UDP 74.125.134.127:19305 <-> 10.89.61.13:56406 [proto: 201/GoogleHangout][19 pkts/2774 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 6928e61e4..e3685438d 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,17 +5,17 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][2 pkts/172 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37486 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37488 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37494 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37506 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][client: www.ntop.org] - 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:804::200e]:40526 [proto: 91/SSL][2 pkts/172 bytes] - 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1017]:41776 [proto: 91/SSL][14 pkts/2213 bytes] - 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53132 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][client: s-static.ak.facebook.com] - 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53134 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][client: s-static.ak.facebook.com] - 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:803::2008]:58660 [proto: 91/SSL][2 pkts/172 bytes] - 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1012]:59690 [proto: 91/SSL][2 pkts/172 bytes] + 2 TCP [2a03:b0c0:3:d0::70:1001]:37486 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][client: www.ntop.org] + 3 TCP [2a03:b0c0:3:d0::70:1001]:37488 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][client: www.ntop.org] + 4 TCP [2a03:b0c0:3:d0::70:1001]:37494 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][client: www.ntop.org] + 5 TCP [2a03:b0c0:3:d0::70:1001]:37506 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][client: www.ntop.org] + 6 TCP [2a00:1450:4006:804::200e]:40526 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][2 pkts/172 bytes] + 7 TCP [2a00:1450:4001:803::1017]:41776 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][14 pkts/2213 bytes] + 8 TCP [2a02:26f0:ad:197::236]:53132 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][client: s-static.ak.facebook.com] + 9 TCP [2a02:26f0:ad:197::236]:53134 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][client: s-static.ak.facebook.com] + 10 TCP [2a00:1450:4006:803::2008]:58660 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][2 pkts/172 bytes] + 11 TCP [2a00:1450:4001:803::1012]:59690 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 91/SSL][2 pkts/172 bytes] 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][2 pkts/172 bytes] 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][2 pkts/172 bytes] - 14 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1017]:45931 [proto: 188.126/QUIC.Google][62 pkts/15977 bytes][Host: www.google.it] + 14 UDP [2a00:1450:4001:803::1017]:45931 <-> [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 [proto: 188.126/QUIC.Google][62 pkts/15977 bytes][Host: www.google.it] 15 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][3 pkts/502 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 30cba198f..57c8325b0 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 46.101.157.119:80 <-> 192.168.80.160:55804 [proto: 7.229/HTTP.ntop][19 pkts/10643 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.229/HTTP.ntop][19 pkts/10643 bytes][Host: luca.ntop.org] diff --git a/tests/result/mpegts.pcap.out b/tests/result/mpegts.pcap.out index 7dd94beef..bfa70fd3e 100644 --- a/tests/result/mpegts.pcap.out +++ b/tests/result/mpegts.pcap.out @@ -1,3 +1,3 @@ MPEG_TS 1 1362 1 - 1 UDP 230.200.201.23:1234 <-> 10.1.16.48:40737 [VLAN: 3359][proto: 198/MPEG_TS][1 pkts/1362 bytes] + 1 UDP 10.1.16.48:40737 <-> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][1 pkts/1362 bytes] diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out index 28c1075ae..ea994e979 100644 --- a/tests/result/mssql_tds.pcap.out +++ b/tests/result/mssql_tds.pcap.out @@ -1,14 +1,14 @@ MsSQL-TDS 38 16260 12 - 1 TCP 10.0.0.1:1433 <-> 10.111.111.111:2222 [proto: 114/MsSQL-TDS][2 pkts/169 bytes] - 2 TCP 10.0.0.1:1433 <-> 10.111.111.111:4444 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes] - 3 TCP 10.0.0.1:1433 <-> 10.111.111.111:6666 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes] - 4 TCP 10.0.0.1:1433 <-> 10.111.111.111:8888 [proto: 114/MsSQL-TDS][1 pkts/142 bytes] - 5 TCP 10.0.0.1:1433 <-> 10.111.111.111:22222 [proto: 114/MsSQL-TDS][1 pkts/322 bytes] - 6 TCP 10.0.0.1:1433 <-> 10.111.111.111:1111 [proto: 114/MsSQL-TDS][4 pkts/1138 bytes] - 7 TCP 10.0.0.1:1433 <-> 10.111.111.111:3333 [proto: 114/MsSQL-TDS][1 pkts/239 bytes] - 8 TCP 10.0.0.1:1433 <-> 10.111.111.111:5555 [proto: 114/MsSQL-TDS][17 pkts/3073 bytes] - 9 TCP 10.0.0.1:1433 <-> 10.111.111.111:7777 [proto: 114/MsSQL-TDS][1 pkts/425 bytes] - 10 TCP 10.0.0.1:1433 <-> 10.111.111.111:9999 [proto: 114/MsSQL-TDS][1 pkts/272 bytes] - 11 TCP 10.0.0.1:1433 <-> 10.111.111.111:11111 [proto: 114/MsSQL-TDS][1 pkts/253 bytes] - 12 TCP 10.0.0.1:1433 <-> 10.111.111.111:33333 [proto: 114/MsSQL-TDS][1 pkts/374 bytes] + 1 TCP 10.111.111.111:2222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][2 pkts/169 bytes] + 2 TCP 10.111.111.111:4444 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/1136 bytes] + 3 TCP 10.111.111.111:6666 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes] + 4 TCP 10.111.111.111:8888 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/142 bytes] + 5 TCP 10.111.111.111:22222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/322 bytes] + 6 TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][4 pkts/1138 bytes] + 7 TCP 10.111.111.111:3333 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/239 bytes] + 8 TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][17 pkts/3073 bytes] + 9 TCP 10.111.111.111:7777 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/425 bytes] + 10 TCP 10.111.111.111:9999 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/272 bytes] + 11 TCP 10.111.111.111:11111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/253 bytes] + 12 TCP 10.111.111.111:33333 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][1 pkts/374 bytes] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index ec6e125c6..df8ae9cd8 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -7,12 +7,12 @@ Amazon 2 126 1 1 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][126 pkts/128603 bytes][Host: art-2.nflximg.net] 2 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][637 pkts/745904 bytes][Host: tp.akam.nflximg.com] 3 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/34971 bytes][Host: art-1.nflximg.net] - 4 UDP 192.168.1.1:53 <-> 192.168.1.7:51543 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] - 5 UDP 192.168.1.1:53 <-> 192.168.1.7:51949 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] - 6 UDP 192.168.1.1:53 <-> 192.168.1.7:52095 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] - 7 UDP 192.168.1.1:53 <-> 192.168.1.7:52347 [proto: 5.133/DNS.NetFlix][2 pkts/451 bytes][Host: ios.nccp.netflix.com] - 8 UDP 192.168.1.1:53 <-> 192.168.1.7:57093 [proto: 5/DNS][2 pkts/194 bytes][Host: a1907.dscg.akamai.net] - 9 UDP 192.168.1.1:53 <-> 192.168.1.7:57719 [proto: 5.133/DNS.NetFlix][2 pkts/222 bytes][Host: sha2.san.akam.nflximg.net] + 4 UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] + 5 UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] + 6 UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] + 7 UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/451 bytes][Host: ios.nccp.netflix.com] + 8 UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/194 bytes][Host: a1907.dscg.akamai.net] + 9 UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/222 bytes][Host: sha2.san.akam.nflximg.net] 10 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][53 pkts/45005 bytes] 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][55 pkts/47007 bytes] 12 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][49 pkts/32105 bytes] @@ -25,24 +25,24 @@ Amazon 2 126 1 19 IGMP 192.168.1.7:0 <-> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes] 20 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][27 pkts/16505 bytes][Host: api-global.netflix.com] 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][148 pkts/73954 bytes][client: api-global.netflix.com] - 22 TCP 52.41.30.5:443 <-> 192.168.1.7:53239 [proto: 91.133/SSL.NetFlix][48 pkts/29661 bytes][client: api-global.netflix.com] + 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][48 pkts/29661 bytes][client: api-global.netflix.com] 23 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][69 pkts/43938 bytes][client: api-global.netflix.com] 24 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][45 pkts/27952 bytes][client: ichnaea.netflix.com] 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][31 pkts/10934 bytes][client: ios.nccp.netflix.com] 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][22 pkts/10239 bytes][client: ios.nccp.netflix.com] - 27 TCP 52.41.30.5:443 <-> 192.168.1.7:53249 [proto: 91.133/SSL.NetFlix][52 pkts/25886 bytes][client: api-global.netflix.com] + 27 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][52 pkts/25886 bytes][client: api-global.netflix.com] 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][37 pkts/9285 bytes][client: ichnaea.netflix.com] 29 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][36 pkts/12874 bytes][client: ichnaea.netflix.com] 30 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][71 pkts/58161 bytes][client: ios.nccp.netflix.com] 31 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][63 pkts/47005 bytes][Host: art-2.nflximg.net] 32 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][21 pkts/13259 bytes][Host: art-2.nflximg.net] 33 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/42239 bytes][Host: art-1.nflximg.net] - 34 UDP 192.168.1.1:53 <-> 192.168.1.7:51622 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] - 35 UDP 192.168.1.1:53 <-> 192.168.1.7:51728 [proto: 5/DNS][2 pkts/192 bytes][Host: a803.dscg.akamai.net] - 36 UDP 192.168.1.1:53 <-> 192.168.1.7:52116 [proto: 5.133/DNS.NetFlix][2 pkts/320 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] - 37 UDP 192.168.1.1:53 <-> 192.168.1.7:58102 [proto: 5.133/DNS.NetFlix][2 pkts/271 bytes][Host: appboot.netflix.com] - 38 UDP 192.168.1.1:53 <-> 192.168.1.7:59180 [proto: 5.133/DNS.NetFlix][2 pkts/232 bytes][Host: artwork.akam.nflximg.net] - 39 UDP 192.168.1.1:53 <-> 192.168.1.7:60962 [proto: 5.133/DNS.NetFlix][2 pkts/331 bytes][Host: ichnaea.geo.netflix.com] + 34 UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] + 35 UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/192 bytes][Host: a803.dscg.akamai.net] + 36 UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/320 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] + 37 UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/271 bytes][Host: appboot.netflix.com] + 38 UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/232 bytes][Host: artwork.akam.nflximg.net] + 39 UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][2 pkts/331 bytes][Host: ichnaea.geo.netflix.com] 40 UDP 192.168.1.7:53776 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes] 41 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][58 pkts/47176 bytes] 42 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][50 pkts/25032 bytes] @@ -53,13 +53,13 @@ Amazon 2 126 1 47 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][58 pkts/32796 bytes] 48 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][178 pkts/157382 bytes][Host: 23.246.11.141] 49 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][788 pkts/759283 bytes][Host: 23.246.11.133] - 50 TCP 52.24.87.6:443 <-> 192.168.1.7:52929 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes] + 50 TCP 192.168.1.7:52929 <-> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes] 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][28 pkts/6662 bytes][client: api-global.netflix.com] 52 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][20 pkts/3017 bytes][client: api-global.netflix.com] 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][40 pkts/13487 bytes][client: api-global.netflix.com] 54 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][25 pkts/8201 bytes][client: api-global.netflix.com] 55 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][41 pkts/33170 bytes][Host: appboot.netflix.com] - 56 TCP 52.41.30.5:443 <-> 192.168.1.7:53250 [proto: 91.133/SSL.NetFlix][17 pkts/5314 bytes][client: api-global.netflix.com] + 56 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][17 pkts/5314 bytes][client: api-global.netflix.com] 57 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][25 pkts/8228 bytes][client: ios.nccp.netflix.com] 58 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][34 pkts/12728 bytes][client: ichnaea.netflix.com] 59 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][31 pkts/14720 bytes][client: ios.nccp.netflix.com] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index a55361d5a..8a5eb8fd6 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -5,7 +5,7 @@ Google 2 1093 1 UPnP 1 130 1 iQIYI 1490 1845116 56 - 1 TCP 192.168.115.8:50443 <-> 117.79.81.135:80 [proto: 7/HTTP][1 pkts/347 bytes] + 1 TCP 117.79.81.135:80 <-> 192.168.115.8:50443 [proto: 7/HTTP][1 pkts/347 bytes] 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][2 pkts/836 bytes][Host: pdata.video.qiyi.com] 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1305 bytes][Host: click.hm.baidu.com] 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] @@ -17,7 +17,7 @@ iQIYI 1490 1845116 56 10 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/821 bytes][Host: msg.71.am] 11 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1146 bytes][Host: msg.71.am] 12 TCP 192.168.115.8:50504 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes][Host: msg.71.am] - 13 TCP 192.168.115.8:50506 <-> 202.108.14.219:80 [proto: 7/HTTP][1 pkts/199 bytes] + 13 TCP 202.108.14.219:80 <-> 192.168.115.8:50506 [proto: 7/HTTP][1 pkts/199 bytes] 14 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][2 pkts/1093 bytes][Host: clients1.google.com] 15 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/786 bytes][Host: msg.71.am] 16 UDP 192.168.5.63:39383 <-> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes] @@ -46,7 +46,7 @@ iQIYI 1490 1845116 56 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][2 pkts/674 bytes][Host: nl.rcd.iqiyi.com] 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][2 pkts/721 bytes][Host: api.magicansoft.com] 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][2 pkts/727 bytes][Host: cmc.tanx.com] - 42 TCP 192.168.115.8:50295 <-> 202.108.14.219:80 [proto: 7/HTTP][2 pkts/398 bytes] + 42 TCP 202.108.14.219:80 <-> 192.168.115.8:50295 [proto: 7/HTTP][2 pkts/398 bytes] 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/828 bytes][Host: msg.71.am] 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][2 pkts/772 bytes][Host: msg.71.am] 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][4 pkts/2296 bytes][Host: msg.71.am] @@ -72,18 +72,18 @@ iQIYI 1490 1845116 56 65 UDP 192.168.5.57:59648 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes] 66 UDP 192.168.5.63:60976 <-> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes] 67 UDP 192.168.5.48:63930 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes] - 68 TCP 192.168.115.8:49174 <-> 77.234.41.35:80 [proto: 7/HTTP][5 pkts/3309 bytes] + 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][5 pkts/3309 bytes] 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][23 pkts/25892 bytes][Host: bcu.ff.avast.com] 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1861 bytes][Host: api.cupid.iqiyi.com] 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/895 bytes][Host: api.cupid.iqiyi.com] - 72 TCP 111.206.13.3:80 <-> 192.168.115.8:50492 [proto: 7.206/HTTP.iQIYI][3 pkts/1423 bytes][Host: pdata.video.qiyi.com] + 72 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.206/HTTP.iQIYI][3 pkts/1423 bytes][Host: pdata.video.qiyi.com] 73 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][2 pkts/588 bytes][Host: msg.iqiyi.com] Undetected flows: 1 UDP 192.168.115.8:22793 <-> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes] 2 UDP 192.168.115.8:22793 <-> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes] - 3 UDP 192.168.115.8:22793 <-> 183.228.182.44:13913 [proto: 0/Unknown][3 pkts/257 bytes] + 3 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][3 pkts/257 bytes] 4 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][40 pkts/12412 bytes] 5 UDP 192.168.115.8:22793 <-> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes] 6 UDP 192.168.115.8:22793 <-> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes] @@ -104,13 +104,13 @@ Undetected flows: 21 UDP 192.168.115.8:22793 <-> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes] 22 UDP 192.168.115.8:22793 <-> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes] 23 UDP 192.168.115.8:22793 <-> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes] - 24 UDP 210.44.171.1:29702 <-> 192.168.115.8:22793 [proto: 0/Unknown][2 pkts/132 bytes] - 25 UDP 192.168.115.8:22793 <-> 1.173.5.226:22636 [proto: 0/Unknown][400 pkts/165246 bytes] + 24 UDP 192.168.115.8:22793 <-> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes] + 25 UDP 1.173.5.226:22636 <-> 192.168.115.8:22793 [proto: 0/Unknown][400 pkts/165246 bytes] 26 UDP 192.168.115.8:22793 <-> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes] 27 UDP 192.168.115.8:22793 <-> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes] 28 UDP 192.168.115.8:22793 <-> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes] 29 UDP 192.168.115.8:22793 <-> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes] - 30 UDP 192.168.115.8:22793 <-> 118.171.15.56:5544 [proto: 0/Unknown][101 pkts/38819 bytes] + 30 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][101 pkts/38819 bytes] 31 UDP 192.168.115.8:22793 <-> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes] 32 UDP 192.168.115.8:22793 <-> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes] 33 UDP 192.168.115.8:22793 <-> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes] diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index b79529833..c1eed4b8e 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -6,9 +6,9 @@ QUIC 3 364 1 1 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][3 pkts/2863 bytes][Host: i.ytimg.com] 2 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][2 pkts/2784 bytes][Host: yt3.ggpht.com] - 3 UDP 216.58.212.101:443 <-> 192.168.1.109:57833 [proto: 188.122/QUIC.GMail][413 pkts/254874 bytes][Host: mail.google.com] - 4 UDP 172.217.16.3:443 <-> 192.168.1.105:40461 [proto: 188/QUIC][3 pkts/364 bytes] - 5 UDP 172.217.16.4:443 <-> 192.168.1.105:45669 [proto: 188.126/QUIC.Google][5 pkts/4334 bytes][Host: www.google.com] + 3 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][413 pkts/254874 bytes][Host: mail.google.com] + 4 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][3 pkts/364 bytes] + 5 UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][5 pkts/4334 bytes][Host: www.google.com] 6 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][7 pkts/6545 bytes][Host: www.youtube.com] 7 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][69 pkts/58433 bytes][Host: www.youtube.com] 8 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][6 pkts/5729 bytes][Host: fonts.gstatic.com] @@ -16,4 +16,4 @@ QUIC 3 364 1 Undetected flows: - 1 UDP 10.0.0.3:6121 <-> 10.0.0.4:40134 [proto: 0/Unknown][6 pkts/7072 bytes] + 1 UDP 10.0.0.4:40134 <-> 10.0.0.3:6121 [proto: 0/Unknown][6 pkts/7072 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 8c6781221..d54b359fc 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -4,24 +4,24 @@ Amazon 2 1469 1 QuickPlay 133 96179 11 WeChat 12 4781 5 - 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] - 2 TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] - 3 TCP 120.28.35.40:80 <-> 10.54.169.250:52007 [proto: 7.196/HTTP.QuickPlay][4 pkts/2735 bytes][Host: vod-singtelhawk.quickplay.com] - 4 TCP 120.28.35.40:80 <-> 10.54.169.250:52009 [proto: 7.196/HTTP.QuickPlay][65 pkts/45902 bytes][Host: vod-singtelhawk.quickplay.com] - 5 TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] - 6 TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] - 7 TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.197/HTTP.WeChat][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.197/HTTP.WeChat][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] - 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] - 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] - 13 TCP 54.179.140.65:80 <-> 10.54.169.250:56381 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] - 14 TCP 120.28.5.41:80 <-> 10.54.169.250:44256 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] - 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] - 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] - 17 TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.197/HTTP.WeChat][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] - 19 TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.197/HTTP.WeChat][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.197/HTTP.WeChat][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] + 1 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] + 2 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] + 3 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2735 bytes][Host: vod-singtelhawk.quickplay.com] + 4 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][65 pkts/45902 bytes][Host: vod-singtelhawk.quickplay.com] + 5 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] + 6 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] + 7 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] + 8 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] + 10 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] + 11 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] + 12 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] + 13 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] + 14 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] + 15 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] + 16 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] + 17 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] + 18 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] + 19 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] + 20 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out index 1339732cb..42f9ebf1a 100644 --- a/tests/result/rx.pcap.out +++ b/tests/result/rx.pcap.out @@ -1,7 +1,7 @@ RX 132 26475 5 - 1 UDP 192.167.206.124:7002 <-> 131.114.219.168:38331 [proto: 223/RX][3 pkts/519 bytes] - 2 UDP 192.167.206.124:7002 <-> 131.114.219.168:41559 [proto: 223/RX][3 pkts/519 bytes] - 3 UDP 192.167.206.124:7003 <-> 131.114.219.168:7001 [proto: 223/RX][27 pkts/9919 bytes] + 1 UDP 131.114.219.168:38331 <-> 192.167.206.124:7002 [proto: 223/RX][3 pkts/519 bytes] + 2 UDP 131.114.219.168:41559 <-> 192.167.206.124:7002 [proto: 223/RX][3 pkts/519 bytes] + 3 UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][27 pkts/9919 bytes] 4 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][79 pkts/12376 bytes] - 5 UDP 192.167.206.124:7000 <-> 131.114.219.168:7001 [proto: 223/RX][20 pkts/3142 bytes] + 5 UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][20 pkts/3142 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index e781f27df..fd4ad387f 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,29 +1,29 @@ -Unknown 381 48593 15 +Unknown 404 52712 16 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 96 8876 7 +SSL 88 8268 6 Dropbox 38 17948 5 -Skype 1933 296729 245 +Skype 1918 293218 245 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 1 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1402 bytes] - 2 UDP 111.221.74.15:40024 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 2 UDP 192.168.1.34:13021 <-> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes] 3 UDP 192.168.1.34:13021 <-> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes] 4 UDP 192.168.1.34:13021 <-> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes] 5 UDP 192.168.1.34:13021 <-> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes] - 6 UDP 111.221.74.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 7 UDP 111.221.74.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 8 UDP 111.221.74.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 9 UDP 111.221.74.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/78 bytes] + 6 UDP 192.168.1.34:13021 <-> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes] + 7 UDP 192.168.1.34:13021 <-> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 8 UDP 192.168.1.34:13021 <-> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes] + 9 UDP 192.168.1.34:13021 <-> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes] 10 UDP 192.168.1.34:13021 <-> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes] - 11 UDP 111.221.74.29:40024 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] + 11 UDP 192.168.1.34:13021 <-> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes] 12 UDP 192.168.1.34:13021 <-> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes] 13 UDP 192.168.1.34:13021 <-> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes] 14 UDP 192.168.1.34:13021 <-> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes] @@ -33,13 +33,13 @@ MS_OneDrive 387 198090 1 18 UDP 192.168.1.34:13021 <-> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes] 19 UDP 192.168.1.34:13021 <-> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes] 20 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 21 TCP 91.190.216.23:12350 <-> 192.168.1.34:50126 [proto: 125/Skype][20 pkts/5160 bytes] + 21 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][20 pkts/5160 bytes] 22 UDP 192.168.1.34:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] 23 UDP 192.168.1.92:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] 24 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1152 bytes] 25 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][19 pkts/1510 bytes] - 26 UDP 157.56.52.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] - 27 TCP 76.167.161.6:20274 <-> 192.168.1.34:50135 [proto: 125/Skype][14 pkts/1108 bytes] + 26 UDP 192.168.1.34:13021 <-> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes] + 27 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][14 pkts/1108 bytes] 28 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][15 pkts/1262 bytes] 29 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][15 pkts/1345 bytes] 30 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][15 pkts/1265 bytes] @@ -48,12 +48,12 @@ MS_OneDrive 387 198090 1 33 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1534 bytes] 34 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][15 pkts/1306 bytes] 35 UDP 192.168.1.34:13021 <-> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes] - 36 UDP 157.56.52.28:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/78 bytes] - 37 UDP 157.56.52.15:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 38 UDP 157.56.52.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 39 UDP 157.56.52.17:40013 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 40 UDP 157.56.52.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/78 bytes] - 41 UDP 157.56.52.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 36 UDP 192.168.1.34:13021 <-> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes] + 37 UDP 192.168.1.34:13021 <-> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes] + 38 UDP 192.168.1.34:13021 <-> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 39 UDP 192.168.1.34:13021 <-> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes] + 40 UDP 192.168.1.34:13021 <-> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes] + 41 UDP 192.168.1.34:13021 <-> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes] 42 UDP 192.168.1.34:13021 <-> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes] 43 UDP 192.168.1.34:13021 <-> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes] 44 UDP 192.168.1.34:13021 <-> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes] @@ -76,30 +76,30 @@ MS_OneDrive 387 198090 1 61 UDP 192.168.1.34:13021 <-> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes] 62 UDP 192.168.1.34:13021 <-> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes] 63 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][14 pkts/1132 bytes] - 64 UDP 192.168.1.1:53 <-> 192.168.1.34:49163 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 65 UDP 192.168.1.1:53 <-> 192.168.1.34:49793 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 66 UDP 192.168.1.1:53 <-> 192.168.1.34:49903 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] + 64 UDP 192.168.1.34:49163 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 65 UDP 192.168.1.34:49793 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] + 66 UDP 192.168.1.34:49903 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][15 pkts/1920 bytes] - 68 UDP 192.168.1.1:53 <-> 192.168.1.34:51879 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 69 UDP 192.168.1.1:53 <-> 192.168.1.34:54343 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 70 UDP 192.168.1.1:53 <-> 192.168.1.34:55159 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 71 UDP 192.168.1.1:53 <-> 192.168.1.34:55711 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 72 UDP 192.168.1.1:53 <-> 192.168.1.34:55893 [proto: 5.125/DNS.Skype][5 pkts/360 bytes][Host: ui.skype.com] - 73 UDP 192.168.1.1:53 <-> 192.168.1.34:56387 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 68 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 69 UDP 192.168.1.34:54343 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 70 UDP 192.168.1.34:55159 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 71 UDP 192.168.1.34:55711 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 72 UDP 192.168.1.34:55893 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes][Host: ui.skype.com] + 73 UDP 192.168.1.34:56387 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] 74 UDP 192.168.1.34:13021 <-> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes] 75 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes] 76 UDP 192.168.1.34:13021 <-> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes] 77 UDP 192.168.1.34:13021 <-> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes] 78 UDP 192.168.1.34:13021 <-> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes] 79 UDP 192.168.1.34:13021 <-> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes] - 80 UDP 192.168.1.1:53 <-> 192.168.1.34:58681 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 80 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][20 pkts/1624 bytes] - 82 UDP 192.168.1.1:53 <-> 192.168.1.34:63321 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 82 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 83 UDP 192.168.1.34:49485 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 84 UDP 192.168.1.1:53 <-> 192.168.1.34:63421 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 85 UDP 192.168.1.1:53 <-> 192.168.1.34:64085 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] - 86 UDP 192.168.1.1:53 <-> 192.168.1.34:65045 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] - 87 UDP 192.168.1.1:53 <-> 192.168.1.34:65037 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 84 UDP 192.168.1.34:63421 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 85 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] + 86 UDP 192.168.1.34:65045 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] + 87 UDP 192.168.1.34:65037 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes] 89 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes] 90 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes] @@ -121,7 +121,7 @@ MS_OneDrive 387 198090 1 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] - 109 UDP 65.55.223.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/69 bytes] + 109 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] 110 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] 111 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] 112 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] @@ -133,179 +133,179 @@ MS_OneDrive 387 198090 1 118 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] 119 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] 120 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] - 121 UDP 65.55.223.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 122 UDP 65.55.223.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 123 UDP 65.55.223.21:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] + 121 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] + 123 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] 124 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] 125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] - 126 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] 127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] - 130 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes] + 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 135 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 136 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 137 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 140 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 141 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 158 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 174 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 196 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] - 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 198 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 208 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 210 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] - 211 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] - 212 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] - 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 224 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 226 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 227 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 230 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 234 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 235 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 240 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] - 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 248 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] - 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 250 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] - 251 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] - 252 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] - 253 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] - 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 262 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 263 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 264 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 265 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 266 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 267 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 273 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 135 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 136 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 140 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 194 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 197 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 201 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 202 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 204 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 207 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 212 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 213 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 214 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 221 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 222 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 223 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 226 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 229 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 239 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 252 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 259 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 277 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: 1 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 0/Unknown][31 pkts/4688 bytes] 2 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 0/Unknown][43 pkts/5754 bytes] - 3 TCP 149.13.32.15:13392 <-> 192.168.1.34:50133 [proto: 0/Unknown][16 pkts/2600 bytes] - 4 UDP 192.168.1.1:5351 <-> 192.168.1.34:49511 [proto: 0/Unknown][4 pkts/216 bytes] - 5 UDP 192.168.1.1:5351 <-> 192.168.1.34:54067 [proto: 0/Unknown][4 pkts/216 bytes] + 3 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][16 pkts/2600 bytes] + 4 UDP 192.168.1.34:49511 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 5 UDP 192.168.1.34:54067 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 11 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 14 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] - 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] + 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index e7cbd2a82..2d9048852 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 216 66695 13 +Unknown 236 70600 14 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,17 +7,17 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1261 185232 222 +Skype 1241 181327 221 Apple 84 20699 2 MS_OneDrive 348 181687 1 1 UDP 192.168.1.34:13021 <-> 189.138.161.88:19521 [proto: 125/Skype][1 pkts/60 bytes] 2 TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1490 bytes] - 3 UDP 111.221.74.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] + 3 UDP 192.168.1.34:13021 <-> 111.221.74.15:40026 [proto: 125/Skype][1 pkts/71 bytes] 4 UDP 192.168.1.34:13021 <-> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/67 bytes] 5 UDP 192.168.1.34:13021 <-> 111.221.74.42:40006 [proto: 125/Skype][1 pkts/67 bytes] - 6 UDP 111.221.74.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/72 bytes] - 7 UDP 111.221.74.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/78 bytes] + 6 UDP 192.168.1.34:13021 <-> 111.221.74.24:40032 [proto: 125/Skype][1 pkts/72 bytes] + 7 UDP 192.168.1.34:13021 <-> 111.221.74.28:40026 [proto: 125/Skype][1 pkts/78 bytes] 8 UDP 192.168.1.34:13021 <-> 111.221.77.145:40024 [proto: 125/Skype][1 pkts/68 bytes] 9 UDP 192.168.1.34:13021 <-> 111.221.77.165:40004 [proto: 125/Skype][1 pkts/76 bytes] 10 UDP 192.168.1.34:13021 <-> 111.221.77.160:40016 [proto: 125/Skype][1 pkts/70 bytes] @@ -29,7 +29,7 @@ MS_OneDrive 348 181687 1 16 UDP 192.168.1.92:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] 17 TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/479 bytes] 18 TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][17 pkts/1369 bytes] - 19 UDP 157.56.52.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 19 UDP 192.168.1.34:13021 <-> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/77 bytes] 20 TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][14 pkts/1134 bytes] 21 TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][17 pkts/1712 bytes] 22 TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1428 bytes] @@ -37,12 +37,12 @@ MS_OneDrive 348 181687 1 24 TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][15 pkts/1520 bytes] 25 TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][15 pkts/1415 bytes] 26 UDP 192.168.1.34:13021 <-> 157.55.130.165:40028 [proto: 125/Skype][1 pkts/76 bytes] - 27 UDP 157.56.52.27:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/72 bytes] - 28 UDP 157.56.52.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 29 UDP 157.56.52.15:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 30 UDP 157.56.52.13:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] - 31 UDP 157.56.52.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 32 UDP 157.56.52.17:40013 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] + 27 UDP 192.168.1.34:13021 <-> 157.56.52.27:40025 [proto: 125/Skype][1 pkts/72 bytes] + 28 UDP 192.168.1.34:13021 <-> 157.56.52.12:40031 [proto: 125/Skype][1 pkts/67 bytes] + 29 UDP 192.168.1.34:13021 <-> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/79 bytes] + 30 UDP 192.168.1.34:13021 <-> 157.56.52.13:40021 [proto: 125/Skype][1 pkts/75 bytes] + 31 UDP 192.168.1.34:13021 <-> 157.56.52.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 32 UDP 192.168.1.34:13021 <-> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/66 bytes] 33 UDP 192.168.1.34:13021 <-> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/71 bytes] 34 UDP 192.168.1.34:13021 <-> 157.56.52.39:40031 [proto: 125/Skype][1 pkts/78 bytes] 35 UDP 192.168.1.34:13021 <-> 157.56.52.38:40015 [proto: 125/Skype][1 pkts/75 bytes] @@ -66,27 +66,27 @@ MS_OneDrive 348 181687 1 53 UDP 192.168.1.34:13021 <-> 157.55.235.172:40020 [proto: 125/Skype][1 pkts/69 bytes] 54 UDP 192.168.1.34:13021 <-> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes] 55 UDP 192.168.1.34:13021 <-> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes] - 56 UDP 133.236.67.25:49195 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/60 bytes] - 57 UDP 192.168.1.1:53 <-> 192.168.1.34:50055 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 58 TCP 149.13.32.15:13392 <-> 192.168.1.34:51305 [proto: 125/Skype][18 pkts/1426 bytes] - 59 TCP 149.13.32.15:13392 <-> 192.168.1.34:51309 [proto: 125/Skype][15 pkts/1197 bytes] - 60 UDP 192.168.1.1:53 <-> 192.168.1.34:51753 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 56 UDP 192.168.1.34:13021 <-> 133.236.67.25:49195 [proto: 125/Skype][1 pkts/60 bytes] + 57 UDP 192.168.1.34:50055 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 58 TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1426 bytes] + 59 TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][15 pkts/1197 bytes] + 60 UDP 192.168.1.34:51753 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][16 pkts/1637 bytes] 62 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][16 pkts/1297 bytes] - 63 UDP 111.221.74.14:443 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/60 bytes] + 63 UDP 192.168.1.34:13021 <-> 111.221.74.14:443 [proto: 125/Skype][1 pkts/60 bytes] 64 UDP 192.168.1.34:13021 <-> 213.199.179.160:40030 [proto: 125/Skype][1 pkts/77 bytes] 65 UDP 192.168.1.34:13021 <-> 213.199.179.143:40018 [proto: 125/Skype][1 pkts/78 bytes] 66 UDP 192.168.1.34:13021 <-> 213.199.179.145:40024 [proto: 125/Skype][1 pkts/64 bytes] 67 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes] 68 UDP 192.168.1.34:13021 <-> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes] 69 UDP 192.168.1.34:13021 <-> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes] - 70 UDP 192.168.1.1:53 <-> 192.168.1.34:58631 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 71 UDP 192.168.1.1:53 <-> 192.168.1.34:59113 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 72 UDP 192.168.1.1:53 <-> 192.168.1.34:60413 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 73 UDP 192.168.1.1:53 <-> 192.168.1.34:61095 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 74 UDP 192.168.1.1:53 <-> 192.168.1.34:62875 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 75 UDP 192.168.1.1:53 <-> 192.168.1.34:63661 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 76 UDP 192.168.1.1:53 <-> 192.168.1.34:64971 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 70 UDP 192.168.1.34:58631 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 71 UDP 192.168.1.34:59113 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] + 72 UDP 192.168.1.34:60413 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 73 UDP 192.168.1.34:61095 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 74 UDP 192.168.1.34:62875 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] + 75 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 76 UDP 192.168.1.34:64971 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] 77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][14 pkts/1142 bytes] 78 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][16 pkts/1238 bytes] 79 TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][199 pkts/90615 bytes] @@ -94,11 +94,11 @@ MS_OneDrive 348 181687 1 81 UDP 192.168.1.34:58061 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] 82 IGMP 233.89.188.1:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] 83 UDP 192.168.1.34:59237 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 84 TCP 192.168.1.34:50407 <-> 17.143.160.149:5223 [proto: 140/Apple][8 pkts/1118 bytes] + 84 TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 140/Apple][8 pkts/1118 bytes] 85 UDP 192.168.1.34:13021 <-> 83.31.12.173:23939 [proto: 125/Skype][5 pkts/300 bytes] - 86 UDP 65.55.223.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] + 86 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/67 bytes] 87 UDP 192.168.1.34:13021 <-> 65.55.223.65:33033 [proto: 125/Skype][1 pkts/70 bytes] - 88 TCP 157.56.52.28:40009 <-> 192.168.1.34:51229 [proto: 125/Skype][16 pkts/1292 bytes] + 88 TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][16 pkts/1292 bytes] 89 TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][18 pkts/1454 bytes] 90 TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1330 bytes] 91 TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][16 pkts/1265 bytes] @@ -113,171 +113,171 @@ MS_OneDrive 348 181687 1 100 UDP 192.168.1.34:13021 <-> 64.4.23.154:40032 [proto: 125/Skype][1 pkts/70 bytes] 101 UDP 192.168.1.34:13021 <-> 64.4.23.149:40030 [proto: 125/Skype][1 pkts/71 bytes] 102 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/74 bytes] - 103 UDP 65.55.223.17:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 104 UDP 65.55.223.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] - 105 UDP 65.55.223.22:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 106 UDP 65.55.223.20:40023 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 107 UDP 65.55.223.18:40025 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 108 UDP 65.55.223.27:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 109 UDP 65.55.223.24:40029 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 103 UDP 192.168.1.34:13021 <-> 65.55.223.17:40025 [proto: 125/Skype][1 pkts/70 bytes] + 104 UDP 192.168.1.34:13021 <-> 65.55.223.13:40009 [proto: 125/Skype][1 pkts/71 bytes] + 105 UDP 192.168.1.34:13021 <-> 65.55.223.22:40009 [proto: 125/Skype][1 pkts/74 bytes] + 106 UDP 192.168.1.34:13021 <-> 65.55.223.20:40023 [proto: 125/Skype][1 pkts/66 bytes] + 107 UDP 192.168.1.34:13021 <-> 65.55.223.18:40025 [proto: 125/Skype][1 pkts/67 bytes] + 108 UDP 192.168.1.34:13021 <-> 65.55.223.27:40029 [proto: 125/Skype][1 pkts/79 bytes] + 109 UDP 192.168.1.34:13021 <-> 65.55.223.24:40029 [proto: 125/Skype][1 pkts/77 bytes] 110 TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][6 pkts/377 bytes] 111 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][10 pkts/599 bytes] 112 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 113 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 114 TCP 192.168.1.34:51222 <-> 108.160.163.108:443 [proto: 91.121/SSL.Dropbox][8 pkts/2990 bytes] + 113 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/67 bytes] + 114 TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][8 pkts/2990 bytes] 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][20 pkts/3905 bytes] - 119 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 120 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 121 UDP 111.221.74.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 122 UDP 111.221.74.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 123 UDP 111.221.74.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 124 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 128 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 129 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 130 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 134 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] - 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 136 TCP 91.190.216.24:12350 <-> 192.168.1.34:51297 [proto: 125/Skype][15 pkts/3532 bytes] - 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 138 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 140 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] - 141 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] - 142 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 143 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes] - 144 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] - 145 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 146 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 147 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 148 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 149 UDP 157.56.52.19:40020 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 150 UDP 157.56.52.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 151 UDP 157.56.52.25:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 152 UDP 157.56.52.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 157 UDP 157.56.52.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] - 158 UDP 157.56.52.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 159 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 160 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 161 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 162 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 163 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 164 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 165 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 166 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 167 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 178 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 179 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes] - 180 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 182 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 183 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 184 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 185 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 186 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 187 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] - 188 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 189 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 190 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 191 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 192 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 193 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 194 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 195 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 196 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 198 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 199 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] - 200 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 201 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 204 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 205 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 206 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 207 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 209 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 210 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] - 211 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 212 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 213 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 214 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 215 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] - 216 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] - 217 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] - 218 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes] - 219 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 220 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 221 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] - 222 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] - 223 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 224 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 225 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 226 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 227 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 228 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] - 229 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 230 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 231 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 232 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 233 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 234 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 235 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 236 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 237 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 238 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 239 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 240 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 241 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 242 UDP 65.55.223.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 243 UDP 65.55.223.32:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 244 UDP 65.55.223.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 245 UDP 65.55.223.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 246 UDP 65.55.223.15:40030 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 247 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 249 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 250 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 251 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 252 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes] - 253 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] - 254 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] + 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] + 119 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] + 120 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] + 121 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] + 122 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 123 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] + 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] + 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] + 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] + 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] + 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] + 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] + 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] + 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] + 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] + 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] + 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] + 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] + 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] + 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] + 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] + 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] + 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] + 148 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] + 149 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] + 150 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] + 151 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] + 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] + 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] + 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] + 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] + 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] + 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] + 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] + 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] + 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] + 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] + 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] + 177 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] + 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] + 182 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] + 185 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] + 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] + 188 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 189 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] + 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] + 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] + 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] + 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] + 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] + 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] + 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] + 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 201 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 202 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] + 204 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 206 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 207 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 208 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] + 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] + 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] + 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] + 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] + 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] + 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] + 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] + 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] + 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] + 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] + 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] + 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] + 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] + 227 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] + 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] + 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] + 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] + 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] + 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] + 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] + 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] + 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] + 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] + 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] + 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] + 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] + 241 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] + 242 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] + 243 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] + 244 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] + 245 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] + 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] + 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] + 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] + 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] + 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][14 pkts/1203 bytes] + 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] + 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] Undetected flows: 1 TCP 192.168.1.34:51294 <-> 81.83.77.141:17639 [proto: 0/Unknown][33 pkts/5097 bytes] - 2 TCP 149.13.32.15:13392 <-> 192.168.1.34:51307 [proto: 0/Unknown][26 pkts/17499 bytes] - 3 TCP 149.13.32.15:13392 <-> 192.168.1.34:51317 [proto: 0/Unknown][20 pkts/6208 bytes] + 2 TCP 192.168.1.34:51307 <-> 149.13.32.15:13392 [proto: 0/Unknown][26 pkts/17499 bytes] + 3 TCP 192.168.1.34:51317 <-> 149.13.32.15:13392 [proto: 0/Unknown][20 pkts/6208 bytes] 4 TCP 192.168.1.34:51301 <-> 82.224.110.241:38895 [proto: 0/Unknown][18 pkts/1482 bytes] 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] - 8 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] - 9 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] - 10 TCP 76.167.161.6:20274 <-> 192.168.1.34:51300 [proto: 0/Unknown][3 pkts/206 bytes] - 11 TCP 149.13.32.15:13392 <-> 192.168.1.34:51312 [proto: 0/Unknown][25 pkts/15642 bytes] - 12 UDP 192.168.1.1:5351 <-> 192.168.1.34:59052 [proto: 0/Unknown][4 pkts/216 bytes] - 13 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] + 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] + 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] + 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] + 13 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] diff --git a/tests/result/smpp_in_general.pcap.out b/tests/result/smpp_in_general.pcap.out index 1ec966e82..e7c0293d6 100644 --- a/tests/result/smpp_in_general.pcap.out +++ b/tests/result/smpp_in_general.pcap.out @@ -1,3 +1,3 @@ SMPP 17 1144 1 - 1 TCP 10.226.202.53:9000 <-> 10.226.202.118:1770 [proto: 207/SMPP][17 pkts/1144 bytes] + 1 TCP 10.226.202.118:1770 <-> 10.226.202.53:9000 [proto: 207/SMPP][17 pkts/1144 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 97c178b41..f2d26ea0a 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -10,13 +10,13 @@ QUIC 6 475 1 Github 3 234 1 Starcraft 236 51494 6 - 1 TCP 80.239.186.21:80 <-> 192.168.1.100:3516 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] - 2 TCP 80.239.186.26:80 <-> 192.168.1.100:3518 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] - 3 TCP 80.239.186.21:80 <-> 192.168.1.100:3522 [proto: 7/HTTP][11 pkts/3620 bytes][Host: eu.launcher.battle.net] - 4 TCP 80.239.186.26:80 <-> 192.168.1.100:3524 [proto: 7/HTTP][10 pkts/1214 bytes][Host: nydus.battle.net] - 5 TCP 80.239.186.40:80 <-> 192.168.1.100:3526 [proto: 7/HTTP][11 pkts/3686 bytes][Host: eu.battle.net] + 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] + 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] + 3 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][11 pkts/3620 bytes][Host: eu.launcher.battle.net] + 4 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1214 bytes][Host: nydus.battle.net] + 5 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][11 pkts/3686 bytes][Host: eu.battle.net] 6 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][13 pkts/902 bytes] - 7 UDP 239.255.255.250:1900 <-> 192.168.1.254:38605 [proto: 12/SSDP][11 pkts/4984 bytes] + 7 UDP 192.168.1.254:38605 <-> 239.255.255.250:1900 [proto: 12/SSDP][11 pkts/4984 bytes] 8 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/336 bytes][Host: nydus.battle.net] 9 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/417 bytes][Host: 254.1.168.192.in-addr.arpa] 10 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/455 bytes][Host: 22.40.194.173.in-addr.arpa] @@ -32,11 +32,11 @@ Starcraft 236 51494 6 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 23 TCP 80.239.186.26:80 <-> 192.168.1.100:3515 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] - 24 TCP 80.239.186.21:80 <-> 192.168.1.100:3519 [proto: 7/HTTP][9 pkts/979 bytes][Host: eu.launcher.battle.net] - 25 TCP 80.239.186.26:80 <-> 192.168.1.100:3521 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] - 26 TCP 80.239.186.26:80 <-> 192.168.1.100:3523 [proto: 7/HTTP][10 pkts/1208 bytes][Host: nydus.battle.net] - 27 TCP 80.239.186.40:80 <-> 192.168.1.100:3525 [proto: 7/HTTP][12 pkts/3933 bytes][Host: eu.battle.net] + 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] + 24 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][9 pkts/979 bytes][Host: eu.launcher.battle.net] + 25 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] + 26 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1208 bytes][Host: nydus.battle.net] + 27 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][12 pkts/3933 bytes][Host: eu.battle.net] 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] 30 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/121 bytes] @@ -60,5 +60,5 @@ Starcraft 236 51494 6 48 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 49 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 50 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 51 TCP 12.129.222.54:80 <-> 192.168.1.100:3512 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com] - 52 UDP 62.115.246.51:1119 <-> 192.168.1.100:53146 [proto: 213/Starcraft][2 pkts/104 bytes] + 51 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com] + 52 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][2 pkts/104 bytes] diff --git a/tests/result/teredo.pcap.out b/tests/result/teredo.pcap.out index 6c65bc313..d73d8c080 100644 --- a/tests/result/teredo.pcap.out +++ b/tests/result/teredo.pcap.out @@ -1,7 +1,7 @@ Teredo 24 2574 5 - 1 UDP 194.136.28.76:3544 <-> 10.112.16.106:52513 [proto: 214/Teredo][4 pkts/508 bytes] - 2 UDP 194.136.28.76:3544 <-> 10.112.16.89:60381 [proto: 214/Teredo][2 pkts/254 bytes] + 1 UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][4 pkts/508 bytes] + 2 UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] 3 UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][14 pkts/1304 bytes] 4 UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] - 5 UDP 194.136.28.76:3544 <-> 10.112.16.92:63448 [proto: 214/Teredo][2 pkts/254 bytes] + 5 UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/254 bytes] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 134965393..f733c4f84 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -5,13 +5,13 @@ Dropbox 10 1860 1 Tor 3676 3014362 7 1 UDP 192.168.1.1:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes] - 2 UDP [fe80::c583:1972:5728:7323]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][6 pkts/906 bytes] - 3 TCP 212.83.155.250:443 <-> 192.168.1.252:51174 [proto: 163/Tor][32 pkts/10431 bytes] - 4 TCP 46.59.52.31:443 <-> 192.168.1.252:51111 [proto: 163/Tor][34 pkts/11142 bytes] - 5 TCP 91.143.93.242:443 <-> 192.168.1.252:51175 [proto: 163/Tor][38 pkts/12520 bytes] - 6 TCP 157.56.30.46:443 <-> 192.168.1.252:51104 [proto: 91/SSL][1 pkts/60 bytes] + 2 UDP [ff02::1:2]:546 <-> [fe80::c583:1972:5728:7323]:547 [proto: 103/DHCPV6][6 pkts/906 bytes] + 3 TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][32 pkts/10431 bytes] + 4 TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][34 pkts/11142 bytes] + 5 TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][38 pkts/12520 bytes] + 6 TCP 192.168.1.252:51104 <-> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes] 7 UDP 192.168.1.252:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes] - 8 TCP 38.229.70.53:443 <-> 192.168.1.252:51112 [proto: 163/Tor][1576 pkts/1388792 bytes] - 9 TCP 38.229.70.53:443 <-> 192.168.1.252:51176 [proto: 163/Tor][1826 pkts/1513278 bytes] - 10 TCP 62.210.137.230:443 <-> 192.168.1.252:51185 [proto: 163/Tor][29 pkts/9661 bytes] - 11 TCP 91.143.93.242:443 <-> 192.168.1.252:51110 [proto: 163/Tor][141 pkts/68538 bytes] + 8 TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][1576 pkts/1388792 bytes] + 9 TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][1826 pkts/1513278 bytes] + 10 TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][29 pkts/9661 bytes] + 11 TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][141 pkts/68538 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 51b426378..c311e74b3 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -13,85 +13,85 @@ WhatsApp 31 6224 2 Viber 10081 1413446 4 Amazon 8 528 1 - 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] - 2 UDP 122.146.250.88:9415 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 3 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][16 pkts/5838 bytes] + 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] + 2 UDP 192.168.200.222:39413 <-> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] + 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][16 pkts/5838 bytes] 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] - 5 TCP 93.184.221.200:80 <-> 192.168.200.222:60828 [proto: 7/HTTP][5 pkts/300 bytes] - 6 TCP 158.85.58.23:443 <-> 192.168.200.222:44058 [proto: 91/SSL][7 pkts/532 bytes] - 7 UDP 8.8.8.8:53 <-> 192.168.200.222:15836 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] - 8 UDP 84.202.23.122:22737 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 9 UDP 178.57.5.53:64731 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/498 bytes] - 10 UDP 60.71.113.134:37764 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 11 UDP 23.113.222.89:49548 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/503 bytes] - 12 UDP 1.163.234.205:58738 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/471 bytes] + 5 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] + 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] + 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] + 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] + 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] + 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] + 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 14 UDP 90.19.187.56:40500 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 15 UDP 80.47.129.1:44420 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 16 UDP 70.112.231.62:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][3 pkts/438 bytes] + 14 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] + 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] + 16 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] - 18 UDP 94.6.33.9:46735 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] + 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 20 UDP 88.176.55.218:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] + 20 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 22 TCP 54.251.141.219:80 <-> 192.168.200.222:38778 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] - 23 UDP 8.8.8.8:53 <-> 192.168.200.222:47874 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] - 24 TCP 54.169.63.186:443 <-> 192.168.200.222:39339 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 25 UDP 92.249.148.218:53810 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 26 TCP 93.184.221.200:80 <-> 192.168.200.222:33161 [proto: 7/HTTP][5 pkts/300 bytes] + 22 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] + 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] + 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] + 26 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] - 28 UDP 8.8.8.8:53 <-> 192.168.200.222:55854 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] - 29 UDP 8.8.8.8:53 <-> 192.168.200.222:58434 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] - 30 UDP 2.85.108.0:21241 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 31 TCP 112.124.219.82:80 <-> 192.168.200.222:36675 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 32 UDP 8.8.8.8:53 <-> 192.168.200.222:60474 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] - 33 UDP 24.43.1.206:17193 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][8 pkts/1992 bytes] + 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] + 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] + 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] + 31 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 32 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] + 33 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 36 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] + 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] - 38 UDP 80.234.25.211:12624 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 39 TCP 112.124.219.93:80 <-> 192.168.200.222:46761 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 40 TCP 93.184.221.200:80 <-> 192.168.200.222:52977 [proto: 7/HTTP][5 pkts/300 bytes] + 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] + 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 40 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] - 42 UDP 8.8.8.8:53 <-> 192.168.200.222:16965 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] - 43 UDP 24.43.1.206:40959 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][4 pkts/996 bytes] - 44 UDP 46.181.170.37:36237 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 45 UDP 8.8.8.8:53 <-> 192.168.200.222:22761 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 46 UDP 188.165.225.138:6881 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/480 bytes] - 47 UDP 8.8.8.8:53 <-> 192.168.200.222:39149 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] + 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] + 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] + 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] + 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] + 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 50 UDP 178.157.199.144:22133 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 51 UDP 8.8.8.8:53 <-> 192.168.200.222:39695 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] + 50 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] + 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] 53 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 54 UDP 8.8.8.8:53 <-> 192.168.200.222:43901 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] - 55 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][7 pkts/532 bytes] - 56 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] - 57 UDP 8.8.8.8:53 <-> 192.168.200.222:52263 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] + 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] + 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] + 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] + 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] + 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] - 60 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] - 61 UDP 37.214.167.82:11905 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 62 UDP 8.8.8.8:53 <-> 192.168.200.222:58921 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] - 63 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][5 pkts/300 bytes] + 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] + 61 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] + 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] + 63 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] - 65 UDP 93.100.186.199:6881 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/498 bytes] - 66 UDP 54.169.63.186:7985 <-> 192.168.200.222:48564 [proto: 144/Viber][10057 pkts/1410853 bytes] - 67 UDP 54.169.63.186:7987 <-> 192.168.200.222:48564 [proto: 144/Viber][2 pkts/138 bytes] - 68 TCP 93.184.221.200:80 <-> 192.168.200.222:50854 [proto: 7/HTTP][5 pkts/300 bytes] + 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] + 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] + 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] + 68 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] - 70 UDP 92.245.59.202:12998 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] - 71 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] + 71 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] + 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: - 1 TCP 113.31.80.142:7003 <-> 192.168.200.222:55554 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 175.157.52.135:37299 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 175.157.52.135:37301 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 113.31.80.142:7003 <-> 192.168.200.222:55565 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 10.216.246.82:59027 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 175.157.52.135:37300 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 175.157.52.135:37302 <-> 192.168.200.222:48564 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out index ad20b1441..03faca104 100644 --- a/tests/result/vnc.pcap.out +++ b/tests/result/vnc.pcap.out @@ -1,4 +1,4 @@ VNC 4551 329158 2 - 1 TCP 192.168.2.110:6900 <-> 95.237.48.208:51559 [proto: 89/VNC][1008 pkts/72613 bytes] - 2 TCP 192.168.2.110:6900 <-> 95.237.48.208:59791 [proto: 89/VNC][3543 pkts/256545 bytes] + 1 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][1008 pkts/72613 bytes] + 2 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][3543 pkts/256545 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 2d0d2f207..f73d020a8 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -11,12 +11,12 @@ WhatsApp 15 1341 1 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][32 pkts/44619 bytes][server: *.world.waze.com] 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][20 pkts/5673 bytes][server: *.world.waze.com] 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][28 pkts/27886 bytes][server: *.world.waze.com] - 5 TCP 200.160.4.49:80 <-> 10.16.37.157:41823 [proto: 7/HTTP][4 pkts/228 bytes] - 6 TCP 200.160.4.31:80 <-> 10.16.37.157:43991 [proto: 7/HTTP][4 pkts/228 bytes] + 5 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] + 6 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][4 pkts/228 bytes] 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][18 pkts/5553 bytes][server: *.waze.com] 8 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][4 pkts/216 bytes] - 9 TCP 200.160.4.49:80 <-> 10.16.37.157:46473 [proto: 7/HTTP][4 pkts/228 bytes] - 10 TCP 200.160.4.49:80 <-> 10.16.37.157:52953 [proto: 7/HTTP][4 pkts/228 bytes] + 9 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] + 10 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][107 pkts/85712 bytes][server: *.world.waze.com] 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][37 pkts/11984 bytes][server: *.world.waze.com] 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][24 pkts/6585 bytes][server: *.world.waze.com] @@ -33,7 +33,7 @@ WhatsApp 15 1341 1 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][server: *.waze.com] 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][21 pkts/7715 bytes][server: *.waze.com] 26 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][2 pkts/180 bytes] - 27 TCP 200.160.4.49:80 <-> 10.16.37.157:52746 [proto: 7/HTTP][4 pkts/228 bytes] + 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/228 bytes] 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/216 bytes] 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][4 pkts/216 bytes] 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][23 pkts/5742 bytes][server: *.world.waze.com] @@ -42,4 +42,4 @@ WhatsApp 15 1341 1 Undetected flows: - 1 TCP 174.37.231.81:5222 <-> 10.16.37.157:42256 [proto: 0/Unknown][10 pkts/786 bytes] + 1 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 0/Unknown][10 pkts/786 bytes] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 2bca4171c..3d17c6a68 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -19,7 +19,7 @@ Amazon 3 174 1 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][11 pkts/4584 bytes][server: *.webex.com] 12 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][16 pkts/1171 bytes] 13 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][10 pkts/1391 bytes][Host: cp.pushwoosh.com] - 14 TCP 107.20.242.44:443 <-> 10.133.206.47:59447 [proto: 91.178/SSL.Amazon][3 pkts/174 bytes] + 14 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][3 pkts/174 bytes] 15 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] 16 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][23 pkts/6641 bytes][server: *.webex.com] 17 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] @@ -48,7 +48,7 @@ Amazon 3 174 1 40 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][17 pkts/7990 bytes][server: *.webex.com] 41 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][client: ssl.google-analytics.com] 42 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] - 43 TCP 185.63.147.10:443 <-> 10.133.206.47:54651 [proto: 91/SSL][3 pkts/174 bytes] + 43 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][3 pkts/174 bytes] 44 UDP 10.8.0.1:64538 <-> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes] 45 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][5 pkts/317 bytes] 46 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index b81a52377..ed61d910e 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -18,15 +18,15 @@ WeChat 1277 615827 51 4 UDP 192.168.1.103:42589 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes][Host: ssl.gstatic.com] 5 UDP 192.168.1.103:43317 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] 6 UDP 192.168.1.103:43705 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes][Host: webpush.web.wechat.com.lan] - 7 TCP 203.205.158.34:443 <-> 192.168.1.103:43850 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com] + 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com] 8 UDP 192.168.1.103:44063 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 1.debian.pool.ntp.org] 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes] - 10 TCP 172.217.23.78:443 <-> 192.168.1.103:53220 [proto: 91.126/SSL.Google][8 pkts/583 bytes] - 11 TCP 216.58.205.78:443 <-> 192.168.1.103:47627 [proto: 91.126/SSL.Google][7 pkts/517 bytes] + 10 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][8 pkts/583 bytes] + 11 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][7 pkts/517 bytes] 12 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][6 pkts/396 bytes] 13 UDP 192.168.1.103:53515 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] - 14 TCP 192.168.1.103:54084 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes] - 15 TCP 192.168.1.103:54058 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes] + 14 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes] + 15 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes] 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/11506 bytes][client: web.wechat.com] 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][40 pkts/18455 bytes][client: web.wechat.com] @@ -50,28 +50,28 @@ WeChat 1277 615827 51 36 TCP 192.168.1.103:58226 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes] 37 UDP 192.168.1.103:59567 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes][Host: ssl.gstatic.com.lan] 38 TCP 192.168.1.103:58143 <-> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes] - 39 UDP 216.58.198.46:443 <-> 192.168.1.103:57591 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com] + 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com] 40 UDP 192.168.1.100:57401 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: mcztmpkc] - 41 TCP 95.101.34.33:80 <-> 192.168.1.103:34996 [proto: 7/HTTP][9 pkts/594 bytes] - 42 TCP 95.101.34.33:80 <-> 192.168.1.103:35000 [proto: 7/HTTP][9 pkts/594 bytes] + 41 TCP 192.168.1.103:34996 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 42 TCP 192.168.1.103:35000 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes] 44 TCP 192.168.1.103:54205 <-> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] - 46 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50440 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] + 46 UDP [ff02::1:3]:50440 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] 47 TCP 192.168.1.103:52020 <-> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes] - 48 UDP 172.217.23.67:443 <-> 192.168.1.103:35601 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] - 49 TCP 172.217.22.14:443 <-> 192.168.1.103:38657 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com] + 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] + 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com] 50 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: iphonedimonica] 51 UDP 192.168.1.103:37578 <-> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes] 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes] 53 UDP 192.168.1.103:42074 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes][Host: ssl.gstatic.com.lan] 54 UDP 192.168.1.103:42856 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes][Host: 1.debian.pool.ntp.org.lan] 55 ICMPV6 [::]:0 <-> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes] - 56 TCP 203.205.158.34:443 <-> 192.168.1.103:43851 [proto: 91/SSL][9 pkts/524 bytes] + 56 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][9 pkts/524 bytes] 57 UDP 192.168.1.103:44346 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] 58 UDP 192.168.1.103:45366 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] - 60 UDP 172.217.23.67:443 <-> 192.168.1.103:51507 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com] + 60 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com] 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/366 bytes][Host: safebrowsing.googleusercontent.com] 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][3 pkts/198 bytes] 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][41 pkts/26587 bytes][client: web.wechat.com] @@ -104,16 +104,16 @@ WeChat 1277 615827 51 90 IGMP 224.0.0.22:0 <-> 192.168.1.103:0 [proto: 82/IGMP][4 pkts/216 bytes] 91 IGMP 224.0.0.22:0 <-> 192.168.1.108:0 [proto: 82/IGMP][1 pkts/54 bytes] 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][20 pkts/1320 bytes] - 93 TCP 95.101.34.33:80 <-> 192.168.1.103:34999 [proto: 7/HTTP][9 pkts/594 bytes] - 94 TCP 95.101.34.33:80 <-> 192.168.1.103:34981 [proto: 7/HTTP][9 pkts/594 bytes] - 95 TCP 95.101.34.34:80 <-> 192.168.1.103:39207 [proto: 7/HTTP][9 pkts/594 bytes] - 96 TCP 95.101.34.34:80 <-> 192.168.1.103:39195 [proto: 7/HTTP][8 pkts/528 bytes] - 97 TCP 95.101.34.34:80 <-> 192.168.1.103:39231 [proto: 7/HTTP][9 pkts/594 bytes] + 93 TCP 192.168.1.103:34999 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 94 TCP 192.168.1.103:34981 <-> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes] + 95 TCP 192.168.1.103:39207 <-> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] + 96 TCP 192.168.1.103:39195 <-> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes] + 97 TCP 192.168.1.103:39231 <-> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes] 98 UDP 192.168.1.103:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes] 99 UDP 192.168.1.100:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes] 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/610 bytes][Host: res.wx.qq.com] - 101 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:49195 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] - 102 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50577 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] + 101 UDP [ff02::1:3]:49195 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] + 102 UDP [ff02::1:3]:50577 <-> [fe80::91f9:3df3:7436:6cd6]:5355 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] Undetected flows: diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index c1d4bc2b7..0114702b8 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -6,16 +6,16 @@ Amazon 2 132 1 QUIC 23 4118 2 Sina(Weibo) 418 258007 15 - 1 TCP 140.205.174.1:443 <-> 192.168.1.105:48352 [proto: 91/SSL][1 pkts/74 bytes] - 2 TCP 140.205.174.1:443 <-> 192.168.1.105:48356 [proto: 91/SSL][1 pkts/74 bytes] + 1 TCP 192.168.1.105:48352 <-> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] + 2 TCP 192.168.1.105:48356 <-> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] 3 TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] - 4 TCP 216.58.212.65:443 <-> 192.168.1.105:34699 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 5 TCP 222.73.28.96:80 <-> 192.168.1.105:42275 [proto: 7.200/HTTP.Sina(Weibo)][4 pkts/676 bytes][Host: u1.img.mobile.sina.cn] - 6 UDP 192.168.1.1:53 <-> 192.168.1.105:50533 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes][Host: data.weibo.com] - 7 UDP 192.168.1.1:53 <-> 192.168.1.105:53543 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/266 bytes][Host: img.t.sinajs.cn] + 4 TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 5 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][4 pkts/676 bytes][Host: u1.img.mobile.sina.cn] + 6 UDP 192.168.1.105:50533 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/74 bytes][Host: data.weibo.com] + 7 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/266 bytes][Host: img.t.sinajs.cn] 8 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][9 pkts/1944 bytes] - 9 TCP 216.58.214.78:443 <-> 192.168.1.105:58481 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 10 UDP 192.168.1.1:53 <-> 192.168.1.105:7148 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/215 bytes][Host: www.weibo.com] + 9 TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 10 UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/215 bytes][Host: www.weibo.com] 11 TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][106 pkts/76903 bytes][Host: img.t.sinajs.cn] 12 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][41 pkts/23245 bytes][Host: img.t.sinajs.cn] 13 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][53 pkts/36468 bytes][Host: img.t.sinajs.cn] @@ -23,30 +23,30 @@ Sina(Weibo) 418 258007 15 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][5 pkts/744 bytes][Host: js.t.sinajs.cn] 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][4 pkts/448 bytes][client: g.alicdn.com] 17 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/194 bytes] - 18 TCP 42.156.184.19:443 <-> 192.168.1.105:52272 [proto: 91/SSL][1 pkts/74 bytes] - 19 TCP 42.156.184.19:443 <-> 192.168.1.105:52274 [proto: 91/SSL][1 pkts/74 bytes] - 20 UDP 192.168.1.1:53 <-> 192.168.1.105:11798 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes][Host: account.weibo.com] - 21 UDP 192.168.1.1:53 <-> 192.168.1.105:16804 [proto: 5/DNS][1 pkts/70 bytes][Host: c.weibo.cn] - 22 TCP 140.205.170.63:443 <-> 192.168.1.105:47721 [proto: 91/SSL][1 pkts/74 bytes] - 23 TCP 140.205.170.63:443 <-> 192.168.1.105:47723 [proto: 91/SSL][1 pkts/74 bytes] - 24 TCP 140.205.174.1:443 <-> 192.168.1.105:48353 [proto: 91/SSL][1 pkts/74 bytes] - 25 UDP 192.168.1.1:53 <-> 192.168.1.105:33822 [proto: 5/DNS][2 pkts/242 bytes][Host: login.taobao.com] + 18 TCP 192.168.1.105:52272 <-> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] + 19 TCP 192.168.1.105:52274 <-> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] + 20 UDP 192.168.1.105:11798 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][1 pkts/77 bytes][Host: account.weibo.com] + 21 UDP 192.168.1.105:16804 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/70 bytes][Host: c.weibo.cn] + 22 TCP 192.168.1.105:47721 <-> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] + 23 TCP 192.168.1.105:47723 <-> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes] + 24 TCP 192.168.1.105:48353 <-> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes] + 25 UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/242 bytes][Host: login.taobao.com] 26 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][9 pkts/1599 bytes][Host: weibo.com] 27 TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][3 pkts/194 bytes] 28 TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 29 TCP 216.58.212.69:443 <-> 192.168.1.105:37802 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 30 UDP 192.168.1.1:53 <-> 192.168.1.105:41352 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/264 bytes][Host: js.t.sinajs.cn] - 31 TCP 222.73.28.96:80 <-> 192.168.1.105:42280 [proto: 7/HTTP][1 pkts/74 bytes] - 32 UDP 192.168.1.1:53 <-> 192.168.1.105:50640 [proto: 5/DNS][2 pkts/234 bytes][Host: acjstb.aliyun.com] - 33 UDP 192.168.1.1:53 <-> 192.168.1.105:51440 [proto: 5/DNS][2 pkts/243 bytes][Host: g.alicdn.com] - 34 UDP 192.168.1.1:53 <-> 192.168.1.105:53466 [proto: 5/DNS][2 pkts/186 bytes][Host: log.mmstat.com] - 35 UDP 192.168.1.1:53 <-> 192.168.1.105:54988 [proto: 5/DNS][2 pkts/154 bytes][Host: weibo.com] + 29 TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 30 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/264 bytes][Host: js.t.sinajs.cn] + 31 TCP 192.168.1.105:42280 <-> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes] + 32 UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/234 bytes][Host: acjstb.aliyun.com] + 33 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/243 bytes][Host: g.alicdn.com] + 34 UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/186 bytes][Host: log.mmstat.com] + 35 UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/154 bytes][Host: weibo.com] 36 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][14 pkts/2174 bytes] - 37 TCP 216.58.214.78:443 <-> 192.168.1.105:58480 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 37 TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 38 TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][2 pkts/132 bytes] 39 TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][72 pkts/54281 bytes][Host: img.t.sinajs.cn] 40 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][13 pkts/4701 bytes][Host: img.t.sinajs.cn] 41 TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][3 pkts/214 bytes] - 42 TCP 42.156.184.19:443 <-> 192.168.1.105:52271 [proto: 91/SSL][1 pkts/74 bytes] - 43 UDP 192.168.1.1:53 <-> 192.168.1.105:18035 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/240 bytes][Host: u1.img.mobile.sina.cn] + 42 TCP 192.168.1.105:52271 <-> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes] + 43 UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][2 pkts/240 bytes][Host: u1.img.mobile.sina.cn] 44 TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][79 pkts/37492 bytes][Host: www.weibo.com] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 50231ba14..f689282ed 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -16,8 +16,8 @@ WhatsAppVoice 706 91156 4 2 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes] 3 ICMP 192.168.2.4:0 <-> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes] 4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][198 pkts/30418 bytes] - 5 UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 6 UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] + 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] @@ -48,7 +48,7 @@ WhatsAppVoice 706 91156 4 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] - 37 UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] + 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out index 6f873ed4a..ea3c32a15 100644 --- a/tests/result/whatsapp_login_chat.pcap.out +++ b/tests/result/whatsapp_login_chat.pcap.out @@ -7,10 +7,10 @@ Spotify 1 86 1 1 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] 2 UDP [fe80::189c:c31b:1298:224]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][1 pkts/111 bytes] - 3 UDP 192.168.2.1:53 <-> 192.168.2.4:61697 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net] + 3 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net] 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][44 pkts/21371 bytes] 5 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes][Host: lucas-imac] 6 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][30 pkts/2963 bytes] 7 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes] - 8 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][6 pkts/2095 bytes] + 8 TCP 17.110.229.14:5223 <-> 192.168.2.4:49193 [proto: 140/Apple][6 pkts/2095 bytes] 9 UDP 192.168.2.4:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/91 bytes] -- cgit v1.2.3 From 9a94c34b91250643c383904b14352e282cfb056c Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 20 Apr 2017 23:00:11 +0200 Subject: fix for https://github.com/ntop/nDPI/issues/364 --- example/ndpi_util.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 445ade1ac..d6be479a0 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -220,7 +220,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow return NULL; if((iph->ihl * 4) > ipsize || ipsize < ntohs(iph->tot_len) - || (iph->frag_off & htons(0x1FFF)) != 0) + /* || (iph->frag_off & htons(0x1FFF)) != 0 */) return NULL; l4_offset = iph->ihl * 4; @@ -521,6 +521,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, u_int16_t sport, dport, payload_len; u_int8_t *payload; u_int8_t src_to_dst_direction = 1; + struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; if(iph) flow = get_ndpi_flow_info(workflow, IPVERSION, vlan_id, iph, NULL, @@ -542,8 +543,10 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, ndpi_flow = flow->ndpi_flow; flow->packets++, flow->bytes += rawsize; flow->last_seen = time; - } else - return(flow->detected_protocol); + } else { // flow is NULL + workflow->stats.total_discarded_bytes++; + return (nproto); + } /* Protocol already detected */ if(flow->detection_completed) return(flow->detected_protocol); -- cgit v1.2.3 From e2f2111637638192b0e8c40aaf90046904873a4a Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 21 Apr 2017 01:42:54 +0200 Subject: update bittorrent detection - fix https://github.com/ntop/nDPI/issues/362 --- src/lib/ndpi_content_match.c.inc | 56 +++++++++++++++++++++++++++++++++++++++- src/lib/ndpi_main.c | 2 +- 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 6bf18ffbc..85cfc0ec9 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -833,6 +833,21 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, + /* + BitTorrent + */ + + { 0xB9381424 /* 185.56.20.36/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xC0DEED0A /* 192.222.237.10/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x4DDEAE14 /* 77.222.174.20/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x25779CBD /* 37.119.156.189/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x05277C26 /* 5.39.124.38/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x4FC0AB43 /* 79.192.171.67/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xAC100010 /* 172.16.0.16/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xB2A4F550 /* 178.164.245.80/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xAE597B3E /* 174.89.123.62/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + + /* Tor http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv @@ -7952,14 +7967,18 @@ ndpi_protocol_match host_match[] = { { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -7967,12 +7986,15 @@ ndpi_protocol_match host_match[] = { { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -7986,18 +8008,25 @@ ndpi_protocol_match host_match[] = { { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "ggpht.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8007,20 +8036,27 @@ ndpi_protocol_match host_match[] = { { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.dspg.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8029,17 +8065,26 @@ ndpi_protocol_match host_match[] = { { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8060,6 +8105,7 @@ ndpi_protocol_match host_match[] = { { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8068,17 +8114,22 @@ ndpi_protocol_match host_match[] = { { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8144,7 +8195,10 @@ ndpi_protocol_match host_match[] = { { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5e864383a..a7d5f7bd8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -902,7 +902,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, no_master, no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 51413, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, no_master, -- cgit v1.2.3 From c96507b7a462e9b02b592eb5dfc494590456560d Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 21 Apr 2017 02:01:09 +0200 Subject: updated tests pcap --- tests/pcap/bittorrent_ip.pcap | Bin 0 -> 524448 bytes tests/result/bittorrent_ip.pcap.out | 4 ++++ 2 files changed, 4 insertions(+) create mode 100644 tests/pcap/bittorrent_ip.pcap create mode 100644 tests/result/bittorrent_ip.pcap.out diff --git a/tests/pcap/bittorrent_ip.pcap b/tests/pcap/bittorrent_ip.pcap new file mode 100644 index 000000000..8c7ff6ed5 Binary files /dev/null and b/tests/pcap/bittorrent_ip.pcap differ diff --git a/tests/result/bittorrent_ip.pcap.out b/tests/result/bittorrent_ip.pcap.out new file mode 100644 index 000000000..93ae22bff --- /dev/null +++ b/tests/result/bittorrent_ip.pcap.out @@ -0,0 +1,4 @@ +BitTorrent 479 508018 2 + + 1 TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][48 pkts/37932 bytes] + 2 TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][431 pkts/470086 bytes] -- cgit v1.2.3 From b9a2511ea80341a5b7186dc49835e4173c4437e5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 23 Apr 2017 19:58:41 +0200 Subject: Initial Wireshark nDPI integration --- example/ndpiReader.c | 10 +++---- example/ndpi_util.c | 85 ++++++++++++++++++++++++++-------------------------- wireshark/README.md | 20 +++++++++++++ wireshark/ndpi.lua | 47 +++++++++++++++++++++++++++++ 4 files changed, 114 insertions(+), 48 deletions(-) create mode 100644 wireshark/README.md create mode 100644 wireshark/ndpi.lua diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2b02093cb..254934ba9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -93,6 +93,7 @@ struct port_stats *srcStats = NULL, *dstStats = NULL; struct ndpi_packet_trailer { u_int32_t magic; /* 0x19682017 */ u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; + char name[16]; }; static pcap_dumper_t *extcap_dumper = NULL; @@ -249,14 +250,12 @@ void extcap_config() { int i, argidx = 0; struct ndpi_detection_module_struct *ndpi_mod; -#if 1 + /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface Name}{type=string}" "{tooltip=The interface name}\n", argidx++); -#else printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); -#endif printf("arg {number=%u}{call=-9}{display=nDPI Protocol}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); @@ -1494,8 +1493,9 @@ static void pcap_packet_callback_checked(u_char *args, struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; memcpy(extcap_buf, packet, h->caplen); - trailer->magic = 0x19682017; - trailer->master_protocol = p.master_protocol, trailer->app_protocol = p.app_protocol; + trailer->magic = htonl(0x19680924); + trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol); + ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name)); crc = (uint32_t*)&extcap_buf[h->caplen+sizeof(struct ndpi_packet_trailer)]; *crc = 0; ethernet_crc32((const void*)extcap_buf, h->caplen+sizeof(struct ndpi_packet_trailer), crc); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d6be479a0..941e7f88d 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -260,7 +260,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) { u_int tcp_len; - // tcp + // tcp workflow->stats.tcp_count++; *tcph = (struct ndpi_tcphdr *)l4; *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest); @@ -288,7 +288,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { // udp - + workflow->stats.udp_count++; *udph = (struct ndpi_udphdr *)l4; *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest); @@ -350,7 +350,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow newflow->lower_port = lower_port, newflow->upper_port = upper_port; newflow->ip_version = version; newflow->src_to_dst_direction = *src_to_dst_direction; - + if(version == IPVERSION) { inet_ntop(AF_INET, &lower_ip, newflow->lower_name, sizeof(newflow->lower_name)); inet_ntop(AF_INET, &upper_ip, newflow->upper_name, sizeof(newflow->upper_name)); @@ -442,19 +442,19 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { if(!flow->ndpi_flow) return; - - snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", + + snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name); /* BITTORRENT */ if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { int i, j, n = 0; - + for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); j += 2, n += flow->ndpi_flow->bittorent_hash[i]; } - + if(n == 0) flow->bittorent_hash[0] = '\0'; } /* MDNS */ @@ -545,7 +545,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow->last_seen = time; } else { // flow is NULL workflow->stats.total_discarded_bytes++; - return (nproto); + return(nproto); } /* Protocol already detected */ @@ -558,17 +558,16 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { - /* New protocol detected or give up */ + /* New protocol detected or give up */ flow->detection_completed = 1; - } - if(flow->detection_completed) { + process_ndpi_collected_info(workflow, flow); + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow); - } + } - process_ndpi_collected_info(workflow, flow); return(flow->detected_protocol); } @@ -602,7 +601,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, struct ndpi_ipv6hdr *iph6; struct ndpi_proto nproto = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; - + /* lengths and offsets */ u_int16_t eth_offset = 0; u_int16_t radio_len; @@ -916,11 +915,11 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* ********************************************************** */ static uint32_t crc32_for_byte(uint32_t r) { - int j; - - for(j = 0; j < 8; ++j) - r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; - return r ^ (uint32_t)0xFF000000L; + int j; + + for(j = 0; j < 8; ++j) + r = (r & 1? 0: (uint32_t)0xEDB88320L) ^ r >> 1; + return r ^ (uint32_t)0xFF000000L; } /* Any unsigned integer type with at least 32 bits may be used as @@ -929,31 +928,31 @@ static uint32_t crc32_for_byte(uint32_t r) { typedef unsigned long accum_t; static void init_tables(uint32_t* table, uint32_t* wtable) { - size_t i, k, w, j; - - for(i = 0; i < 0x100; ++i) - table[i] = crc32_for_byte(i); - for(k = 0; k < sizeof(accum_t); ++k) - for(i = 0; i < 0x100; ++i) { - for(j = w = 0; j < sizeof(accum_t); ++j) - w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; - wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); - } + size_t i, k, w, j; + + for(i = 0; i < 0x100; ++i) + table[i] = crc32_for_byte(i); + for(k = 0; k < sizeof(accum_t); ++k) + for(i = 0; i < 0x100; ++i) { + for(j = w = 0; j < sizeof(accum_t); ++j) + w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8; + wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0); + } } void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc) { - static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; - size_t n_accum = n_bytes/sizeof(accum_t); - size_t i, k, j; - - if(!*table) - init_tables(table, wtable); - for(i = 0; i < n_accum; ++i) { - accum_t a = *crc ^ ((accum_t*)data)[i]; - for(j = *crc = 0; j < sizeof(accum_t); ++j) - *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; - } - - for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) - *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; + static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)]; + size_t n_accum = n_bytes/sizeof(accum_t); + size_t i, k, j; + + if(!*table) + init_tables(table, wtable); + for(i = 0; i < n_accum; ++i) { + accum_t a = *crc ^ ((accum_t*)data)[i]; + for(j = *crc = 0; j < sizeof(accum_t); ++j) + *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)]; + } + + for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i) + *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8; } diff --git a/wireshark/README.md b/wireshark/README.md new file mode 100644 index 000000000..1811c663e --- /dev/null +++ b/wireshark/README.md @@ -0,0 +1,20 @@ +# nDPI Wireshark Plugin + +## Introduction + +nDPI can provide Wireshark protocol dissection to complement internal protocol decoding. In order to do this, the ndpiReader application is used to provide Wireshark nDPI protocol dissection, and a Wireshark plugin interprets nDPI information. + +## Installation + +- Copy the ndpiReader application (it is located under nDPI/example) to the Extcap path. See Wireshark -> About menu for identifying the extcap directory. Under OSX it is usually /Applications/Wireshark.app/Contents/MacOS/extcap +- Copy the ndpi.lua plugin under ~/.wireshark/plugins (or in the global Wireshark plugins directory) + +## Usage + +At Wireshark startup you will find a new extcap interface named "nDPI interface". Select that interface and specify an interface name (for live capture) or a pcap file path (for reading packets from a pcap file). You can choose a nDPI protocol list from the dropdown menu in case you want Wireshark to dissect only protocols of the specified nDPI application protocol. + +During capture the ndpiReader plugin will pass Wireshark the nDPI protocol information adding an ethernet packet trailer that contains nDPI information. The lua plugin interprets this information and it displays it in the Wireshark GUI. + +## nDPI Packet Filtering + +As nDPI is natively integrated into Wireshark, you can filter packets using the usual filtering mechanism. Example use "ndpi.protocol.name==BitTorrent" to filter all BitTorrent traffic. diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua new file mode 100644 index 000000000..2065d2335 --- /dev/null +++ b/wireshark/ndpi.lua @@ -0,0 +1,47 @@ +-- +-- (C) 2017 - ntop.org +-- +-- This plugin is part of nDPI (https://github.com/ntop/nDPI) +-- +-- +local ndpi_proto = Proto("ndpi", "nDPI", "nDPI Protocol Interpreter") + +ndpi_proto.fields = {} +local fds = ndpi_proto.fields + +fds.network_protocol = ProtoField.new("nDPI Network Protocol", "ndpi.protocol.network", ftypes.UINT8, nil, base.DEC) +fds.application_protocol = ProtoField.new("nDPI Application Protocol", "ndpi.protocol.application", ftypes.UINT8, nil, base.DEC) +fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STRING) + +local f_eth_trailer = Field.new("eth.trailer") + +-- ############################################### + +-- the dissector function callback +function ndpi_proto.dissector(tvb, pinfo, tree) + local pktlen = tvb:len() + local eth_trailer = f_eth_trailer() + local magic = tostring(tvb(pktlen-28,4)) + + if(magic == "19680924") then + local ndpi_subtree = tree:add(ndpi_proto, tvb(), "nDPI Protocol") + local network_protocol = tvb(pktlen-24,2) + local application_protocol = tvb(pktlen-22,2) + local name = tvb(pktlen-20,16) + local name_str = name:string(ENC_UTF_8) + + ndpi_subtree:add(fds.network_protocol, network_protocol) + ndpi_subtree:add(fds.application_protocol, application_protocol) + ndpi_subtree:add(fds.name, name) + + local pname = ""..application_protocol + if(pname ~= "0000") then + -- Set protocol name in the wireshark protocol column (if not Unknown) + pinfo.cols.protocol = name_str + end + end +end + +register_postdissector(ndpi_proto) + +-- ############################################### -- cgit v1.2.3 From 43f18ddb0f5b849deb454fa68e447a22912b9ba9 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 24 Apr 2017 00:45:43 +0200 Subject: Updated Wireshark lua dissector Added -v to ndpiReader to print port stats Recomputed protocol test results --- example/ndpiReader.c | 23 +- tests/result/Instagram.pcap.out | 14 +- tests/result/KakaoTalk_chat.pcap.out | 6 +- tests/result/Viber_session.pcap.out | 40 ++-- tests/result/ocs.pcap.out | 4 +- tests/result/skype.pcap.out | 386 +++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 2 +- tests/result/starcraft_battle.pcap.out | 8 +- tests/result/viber_mobile.pcap.out | 160 ++++++------- tests/result/whatsapp_login_call.pcap.out | 105 ++++---- wireshark/ndpi.lua | 135 ++++++++++- 11 files changed, 512 insertions(+), 371 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 254934ba9..e23e0c1f9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -167,7 +167,7 @@ static void help(u_int long_help) { " -w | Write test output on the specified file. This is useful for\n" " | testing purposes in order to compare results across runs\n" " -h | This help\n" - " -v <1|2> | Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose\n"); + " -v <1|2|3> | Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose, 3=port stats\n"); #ifndef WIN32 printf("\nExcap (wireshark) options:\n" @@ -240,7 +240,7 @@ void extcap_interfaces() { void extcap_dlts() { u_int dlts_number = DLT_EN10MB; - printf("dlt {number=%u}{name=%s}{display=%s}\n", dlts_number, "ndpi", "nDPI interface"); + printf("dlt {number=%u}{name=%s}{display=%s}\n", dlts_number, "ndpi", "nDPI Interface"); exit(0); } @@ -251,13 +251,16 @@ void extcap_config() { struct ndpi_detection_module_struct *ndpi_mod; /* -i */ - printf("arg {number=%u}{call=-i}{display=Capture Interface Name}{type=string}" + printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); +#if 0 printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); +#endif - printf("arg {number=%u}{call=-9}{display=nDPI Protocol}{type=selector}" + + printf("arg {number=%u}{call=-9}{display=nDPI Protocol Filter}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); setupDetection(0, NULL); @@ -558,6 +561,9 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { #endif FILE *out = results_file ? results_file : stdout; + if((verbose != 1) && (verbose != 2)) + return; + if(!json_flag) { fprintf(out, "\t%u", ++num_flows); @@ -1060,10 +1066,10 @@ static void printResults(u_int64_t tot_usec) { for(i=0; indpi_flows_root[i], node_proto_guess_walker, &thread_id); - if(verbose) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); + if(verbose == 3) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); } - if(verbose) { + if(verbose == 3) { HASH_SORT(srcStats, port_stats_sort); HASH_SORT(dstStats, port_stats_sort); } @@ -1242,7 +1248,7 @@ static void printResults(u_int64_t tot_usec) { // printf("\n\nTotal Flow Traffic: %llu (diff: %llu)\n", total_flow_bytes, cumulative_stats.total_ip_bytes-total_flow_bytes); - if(verbose) { + if((verbose == 1) || (verbose == 2)) { FILE *out = results_file ? results_file : stdout; if(!json_flag) fprintf(out, "\n"); @@ -1289,7 +1295,7 @@ static void printResults(u_int64_t tot_usec) { #endif } - if(verbose) { + if(verbose == 3) { printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); @@ -1493,6 +1499,7 @@ static void pcap_packet_callback_checked(u_char *args, struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; memcpy(extcap_buf, packet, h->caplen); + memset(trailer, 0, sizeof(struct ndpi_packet_trailer)); trailer->magic = htonl(0x19680924); trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol); ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name)); diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index edd889471..83b0492bb 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -1,30 +1,30 @@ Unknown 1 66 1 -HTTP 116 91784 6 +HTTP 266 245342 7 ICMP 5 510 1 -SSL 2 169 1 -Facebook 251 215986 5 +SSL 93 57298 4 +Facebook 10 5299 1 Dropbox 5 725 2 Instagram 363 255094 16 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] 3 UDP 192.168.0.103:27124 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] - 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] + 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91/SSL][11 pkts/5397 bytes] 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][34 pkts/29039 bytes] 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] - 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] + 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] - 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] + 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91/SSL][68 pkts/45688 bytes] + 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91/SSL][12 pkts/6044 bytes] 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][2 pkts/140 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index 4fee1d276..b1df9ee34 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,9 +1,9 @@ DNS 2 217 1 -HTTP 1 56 1 +HTTP 15 840 2 ICMP 1 147 1 SSL 29 4579 3 Facebook 215 51809 12 -Google 16 1031 3 +Google 2 247 2 HTTP_Proxy 26 3926 1 Amazon 2 181 1 KakaoTalk 55 9990 15 @@ -36,7 +36,7 @@ KakaoTalk 55 9990 15 26 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] - 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] + 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][14 pkts/784 bytes] 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][5 pkts/280 bytes] 32 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 81ef39da8..f396686c7 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -1,13 +1,13 @@ -Unknown 163 9995 7 +Unknown 145 9356 7 HTTP 13 796 7 SSL_No_Cert 34 4141 1 ICMP 2 196 1 -SSL 80 7703 8 -Facebook 29 3944 2 +SSL 104 9782 9 +Facebook 59 5744 3 Dropbox 1 97 1 GMail 21 1891 1 -Google 50 4084 5 -Viber 4163 392492 4 +Google 26 2005 4 +Viber 4151 391331 3 Amazon 1 66 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][10 pkts/757 bytes] @@ -22,17 +22,17 @@ Amazon 1 66 1 10 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] 12 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] - 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] - 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] - 15 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] - 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] - 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] - 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] - 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][12 pkts/1161 bytes] + 13 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 119/Facebook][30 pkts/1800 bytes] + 14 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91/SSL][24 pkts/2079 bytes] + 15 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] + 16 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] + 18 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 19 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] + 20 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 21 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] + 22 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] + 23 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] 25 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] @@ -45,9 +45,9 @@ Amazon 1 66 1 Undetected flows: 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 4 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 5 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 0/Unknown][12 pkts/1161 bytes] 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index abb202085..feb238eb8 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -1,15 +1,15 @@ Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 -SSL 20 2715 1 Google 41 5525 6 +Amazon 20 2715 1 OCS 863 57552 7 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] + 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91.178/SSL.Amazon][20 pkts/2715 bytes] 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes] 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index fd4ad387f..0f0a3cc5e 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,14 +1,14 @@ -Unknown 404 52712 16 +Unknown 416 54589 17 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 88 8268 6 -Dropbox 38 17948 5 -Skype 1918 293218 245 -Apple 15 2045 2 +SSL 96 8876 7 +Dropbox 52 19156 6 +Skype 1896 291402 243 +Apple 3 168 1 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 @@ -111,185 +111,184 @@ MS_OneDrive 387 198090 1 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] 97 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] 98 UDP 192.168.1.34:13021 <-> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes] - 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][12 pkts/1877 bytes] - 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] - 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] - 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] - 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] - 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] - 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] - 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] - 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] - 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] - 109 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] - 110 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] - 111 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] - 112 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] - 113 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] - 114 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] - 115 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] - 116 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] - 117 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] - 118 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] - 119 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] - 120 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] - 121 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] - 122 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] - 123 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] - 124 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] - 125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] - 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] - 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] - 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] - 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 135 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] - 136 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] - 140 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 197 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 201 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 207 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 212 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 213 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 214 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 221 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 222 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 223 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 226 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 229 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 239 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 252 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 264 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 265 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 266 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 277 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 99 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] + 100 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] + 101 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] + 102 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] + 103 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] + 104 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] + 105 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] + 106 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] + 107 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] + 108 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] + 109 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] + 110 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] + 111 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] + 112 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] + 113 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] + 114 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] + 115 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] + 116 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] + 117 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] + 118 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] + 119 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] + 120 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] + 121 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] + 122 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] + 123 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] + 124 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] + 127 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] + 128 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] + 129 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] + 130 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 135 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 136 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 140 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 148 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 149 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 150 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 151 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 152 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 156 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 157 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 158 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 159 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 160 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 161 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 162 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 163 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 164 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 166 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 167 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 193 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 194 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 195 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 196 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 197 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 198 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 199 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 200 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 201 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 202 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 203 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 204 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 205 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 206 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 207 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 208 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 209 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 210 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 211 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 212 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 213 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 214 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 215 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 220 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 221 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 222 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 224 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 225 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 226 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 227 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 228 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 229 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 230 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 231 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 232 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 233 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 234 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 235 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 236 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 237 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 238 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 239 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 240 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 241 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 244 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 245 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 246 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 247 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 248 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 249 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 250 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 251 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 252 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 253 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 254 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 255 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 258 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 259 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 267 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 268 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 269 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 270 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 271 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 272 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.121/SSL.Dropbox][14 pkts/1208 bytes] + 273 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 274 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 275 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 276 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -300,12 +299,13 @@ Undetected flows: 5 UDP 192.168.1.34:54067 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] - 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 8 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 0/Unknown][12 pkts/1877 bytes] + 9 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] + 10 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] + 11 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 12 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 13 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 14 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 15 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 16 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 17 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 2d9048852..6f39106c4 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -261,7 +261,7 @@ MS_OneDrive 348 181687 1 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][14 pkts/1203 bytes] + 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index f2d26ea0a..3d096ba01 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -4,11 +4,11 @@ SSDP 11 4984 1 HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 -SSL 38 2548 11 +SSL 30 1998 9 Google 16 1709 4 QUIC 6 475 1 Github 3 234 1 -Starcraft 236 51494 6 +Starcraft 244 52044 8 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] @@ -28,8 +28,8 @@ Starcraft 236 51494 6 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] - 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] + 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] + 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index c311e74b3..80e00c267 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -1,4 +1,4 @@ -Unknown 163 9995 7 +Unknown 195 17876 9 DNS 16 1943 7 HTTP 43 4771 7 BitTorrent 57 13074 27 @@ -8,90 +8,90 @@ SSL 79 21658 7 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 -Google 76 17175 8 +Google 60 11337 7 WhatsApp 31 6224 2 -Viber 10081 1413446 4 +Viber 10065 1411403 3 Amazon 8 528 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] 2 UDP 192.168.200.222:39413 <-> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] - 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][16 pkts/5838 bytes] - 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] - 5 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] - 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] - 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] - 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] - 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] - 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] - 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] - 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 14 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] - 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] - 16 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] - 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] - 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] - 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 20 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 22 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] - 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] - 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] - 26 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] - 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] - 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] - 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] - 31 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 32 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] - 33 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] - 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] - 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] - 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] - 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] - 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 40 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] - 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] - 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] - 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] - 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] - 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] - 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] - 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 50 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] - 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] - 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] - 53 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] - 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] - 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] - 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] - 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] - 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] - 61 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] - 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] - 63 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] - 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] - 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] - 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] - 68 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] - 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] - 71 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 3 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] + 4 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 5 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] + 6 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] + 7 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] + 8 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] + 9 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] + 10 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] + 11 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] + 12 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] + 13 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] + 14 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] + 15 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] + 16 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] + 17 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] + 18 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 19 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] + 20 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] + 21 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] + 22 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] + 23 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 24 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] + 25 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 26 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] + 27 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] + 28 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] + 29 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] + 30 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 31 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] + 32 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] + 33 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] + 34 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] + 35 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] + 36 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] + 37 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] + 38 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 39 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 40 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] + 41 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] + 42 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] + 43 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] + 44 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 45 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] + 46 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] + 47 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] + 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 49 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] + 50 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] + 51 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] + 52 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 53 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] + 54 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] + 55 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] + 56 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] + 57 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] + 58 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] + 59 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] + 60 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] + 61 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 62 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] + 63 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] + 64 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] + 65 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] + 66 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 67 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] + 68 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] + 69 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] + 70 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: - 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 0/Unknown][16 pkts/5838 bytes] + 2 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 5 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 6 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 0/Unknown][16 pkts/2043 bytes] + 8 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 9 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index f689282ed..99ff51ed5 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -1,7 +1,7 @@ +Unknown 27 2322 2 HTTP 11 726 3 MDNS 8 952 4 DHCP 10 3420 1 -STUN 27 2322 2 ICMP 10 700 1 SSL 8 589 2 Facebook 70 9464 14 @@ -19,53 +19,56 @@ WhatsAppVoice 706 91156 4 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] - 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] - 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 21 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 22 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 23 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 24 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 29 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] - 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] - 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] - 33 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] - 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] - 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] - 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] - 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] - 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] - 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] - 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] - 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] - 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] - 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] - 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] - 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 55 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] - 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 8 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 9 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 10 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 11 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 12 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 14 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] + 15 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] + 16 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 21 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 22 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 23 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] + 24 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 26 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 27 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 28 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] + 29 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 30 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] + 31 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] + 32 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] + 33 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] + 34 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] + 35 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] + 36 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] + 37 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] + 38 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 39 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 40 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 41 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 42 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 43 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] + 44 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 45 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 46 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 47 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 48 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] + 49 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] + 50 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] + 51 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] + 52 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 53 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 54 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] + 55 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + + +Undetected flows: + 1 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 0/Unknown][15 pkts/1290 bytes] + 2 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 0/Unknown][12 pkts/1032 bytes] diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 2065d2335..177e0f121 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -15,8 +15,36 @@ fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STR local f_eth_trailer = Field.new("eth.trailer") +local ndpi_protos = {} +local ndpi_senders = {} +local ndpi_receivers = {} + -- ############################################### +function ndpi_proto.init() + ndpi_protos = {} + ndpi_senders = {} + ndpi_receivers = {} +end + +function slen(str) + local i = 1 + local len = 0 + local zero = string.char(0) + + for i = 1, 16 do + local c = str:sub(i,i) + + if(c ~= zero) then + len = len + 1 + else + break + end + end + + return(str:sub(1, len)) +end + -- the dissector function callback function ndpi_proto.dissector(tvb, pinfo, tree) local pktlen = tvb:len() @@ -28,8 +56,9 @@ function ndpi_proto.dissector(tvb, pinfo, tree) local network_protocol = tvb(pktlen-24,2) local application_protocol = tvb(pktlen-22,2) local name = tvb(pktlen-20,16) - local name_str = name:string(ENC_UTF_8) - + local name_str = name:string(ENC_ASCII) + local key + ndpi_subtree:add(fds.network_protocol, network_protocol) ndpi_subtree:add(fds.application_protocol, application_protocol) ndpi_subtree:add(fds.name, name) @@ -39,9 +68,111 @@ function ndpi_proto.dissector(tvb, pinfo, tree) -- Set protocol name in the wireshark protocol column (if not Unknown) pinfo.cols.protocol = name_str end + + key = tostring(slen(name_str)) + if(ndpi_protos[key] == nil) then ndpi_protos[key] = 0 end + ndpi_protos[key] = ndpi_protos[key] + pinfo.len + + key = tostring(pinfo.src) + if(ndpi_senders[key] == nil) then ndpi_senders[key] = 0 end + ndpi_senders[key] = ndpi_senders[key] + pinfo.len + + key = tostring(pinfo.dst) + if(ndpi_receivers[key] == nil) then ndpi_receivers[key] = 0 end + ndpi_receivers[key] = ndpi_receivers[key] + pinfo.len end end register_postdissector(ndpi_proto) -- ############################################### + +function round(num, idp) return tonumber(string.format("%." .. (idp or 0) .. "f", num)) end + +-- Convert bytes to human readable format +function bytesToSize(bytes) + if(bytes == nil) then + return("0") + else + precision = 2 + kilobyte = 1024; + megabyte = kilobyte * 1024; + gigabyte = megabyte * 1024; + terabyte = gigabyte * 1024; + + bytes = tonumber(bytes) + if((bytes >= 0) and (bytes < kilobyte)) then + return round(bytes, precision) .. " Bytes"; + elseif((bytes >= kilobyte) and (bytes < megabyte)) then + return round(bytes / kilobyte, precision) .. ' KB'; + elseif((bytes >= megabyte) and (bytes < gigabyte)) then + return round(bytes / megabyte, precision) .. ' MB'; + elseif((bytes >= gigabyte) and (bytes < terabyte)) then + return round(bytes / gigabyte, precision) .. ' GB'; + elseif(bytes >= terabyte) then + return round(bytes / terabyte, precision) .. ' TB'; + else + return round(bytes, precision) .. ' Bytes'; + end + end +end + +function pairsByValues(t, f) + local a = {} + for n in pairs(t) do table.insert(a, n) end + table.sort(a, function(x, y) return f(t[x], t[y]) end) + local i = 0 -- iterator variable + local iter = function () -- iterator function + i = i + 1 + if a[i] == nil then return nil + else return a[i], t[a[i]] + end + end + return iter +end + +function asc(a,b) return (a < b) end +function rev(a,b) return (a > b) end + +local function ndpi_dialog_menu() + local win = TextWindow.new("nDPI Protocol Statistics"); + local label = "" + local i + local max_i = 10 + + if(ndpi_protos ~= {}) then + label = "nDPI Protocol Breakdown\n" + label = label .. "-----------------------\n" + + i = 0 + for k,v in pairsByValues(ndpi_protos, rev) do + -- label = label .. k .. "\t".. bytesToSize(v) .. "\n" + label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + if(i == max_i) then break else i = i + 1 end + end + + -- ####### + + label = label .. "\nTop Senders\n" + label = label .. "-----------\n" + i = 0 + for k,v in pairsByValues(ndpi_senders, rev) do + label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + if(i == max_i) then break else i = i + 1 end + end + + -- ####### + + label = label .. "\nTop Receivers\n" + label = label .. "-------------\n" + i = 0 + for k,v in pairsByValues(ndpi_receivers, rev) do + label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + if(i == max_i) then break else i = i + 1 end + end + + win:set(label) + end +end + +register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED) -- cgit v1.2.3 From 6c2c885176c6f102f15fc6b781525c23b1435cb7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 25 Apr 2017 10:42:03 +0200 Subject: Extcap crash fix --- example/ndpiReader.c | 44 +++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e23e0c1f9..cd83b9ff5 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -97,7 +97,7 @@ struct ndpi_packet_trailer { }; static pcap_dumper_t *extcap_dumper = NULL; -static char extcap_buf[2048]; +static char extcap_buf[16384]; static char *extcap_capture_fifo = NULL; static u_int16_t extcap_packet_filter = (u_int16_t)-1; @@ -296,13 +296,6 @@ void extcap_capture() { #ifdef DEBUG_TRACE if(trace) fprintf(trace, "Starting packet capture [%p]\n", extcap_dumper); #endif - - test_lib(); - pcap_dump_close(extcap_dumper); - -#ifdef DEBUG_TRACE - if(trace) fprintf(trace, "End of packet capture [%p]\n", extcap_dumper); -#endif } /* ********************************** */ @@ -1494,31 +1487,39 @@ static void pcap_packet_callback_checked(u_char *args, || (p.master_protocol == extcap_packet_filter) ) ) { - struct pcap_pkthdr *h = (struct pcap_pkthdr*)header; + struct pcap_pkthdr h; uint32_t *crc, delta = sizeof(struct ndpi_packet_trailer) + 4 /* ethernet trailer */; - struct ndpi_packet_trailer *trailer = (struct ndpi_packet_trailer*)&extcap_buf[h->caplen]; + struct ndpi_packet_trailer *trailer; - memcpy(extcap_buf, packet, h->caplen); + memcpy(&h, header, sizeof(h)); + + if(h.caplen > (sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4)) { + printf("INTERNAL ERROR: caplen=%u\n", h.caplen); + h.caplen = sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4; + } + + trailer = (struct ndpi_packet_trailer*)&extcap_buf[h.caplen]; + memcpy(extcap_buf, packet, h.caplen); memset(trailer, 0, sizeof(struct ndpi_packet_trailer)); trailer->magic = htonl(0x19680924); trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol); ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name)); - crc = (uint32_t*)&extcap_buf[h->caplen+sizeof(struct ndpi_packet_trailer)]; + crc = (uint32_t*)&extcap_buf[h.caplen+sizeof(struct ndpi_packet_trailer)]; *crc = 0; - ethernet_crc32((const void*)extcap_buf, h->caplen+sizeof(struct ndpi_packet_trailer), crc); - h->caplen += delta, h->len += delta; + ethernet_crc32((const void*)extcap_buf, h.caplen+sizeof(struct ndpi_packet_trailer), crc); + h.caplen += delta, h.len += delta; #ifdef DEBUG_TRACE - if(trace) fprintf(trace, "Dumping %u bytes packet\n", header->caplen); + if(trace) fprintf(trace, "Dumping %u bytes packet\n", h.caplen); #endif - pcap_dump((u_char*)extcap_dumper, h, (const u_char *)extcap_buf); + pcap_dump((u_char*)extcap_dumper, &h, (const u_char *)extcap_buf); } /* check for buffer changes */ if(memcmp(packet, packet_checked, header->caplen) != 0) - printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu]\n", - thread_id, (unsigned long)ndpi_thread_info[thread_id].workflow->stats.raw_packet_count); + printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu, caplen=%u]\n", + thread_id, (unsigned long)ndpi_thread_info[thread_id].workflow->stats.raw_packet_count, header->caplen); free(packet_checked); } @@ -1685,9 +1686,10 @@ int main(int argc, char **argv) { for(i=0; i Date: Tue, 25 Apr 2017 11:21:40 +0200 Subject: Improced extcap configuration window with sorted protocol list Reported flow stats in Statistics -> nDPI menu --- example/ndpiReader.c | 41 ++++++++++++++++++++++++++++++-------- wireshark/ndpi.lua | 56 ++++++++++++++++++++++++---------------------------- 2 files changed, 59 insertions(+), 38 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index cd83b9ff5..1f982b60b 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -246,10 +246,23 @@ void extcap_dlts() { /* ********************************** */ +struct ndpi_proto_sorter { + int id; + char name[16]; +}; + +int cmpProto(const void *_a, const void *_b) { + struct ndpi_proto_sorter *a = (struct ndpi_proto_sorter*)_a; + struct ndpi_proto_sorter *b = (struct ndpi_proto_sorter*)_b; + + return(strcmp(a->name, b->name)); +} + void extcap_config() { int i, argidx = 0; struct ndpi_detection_module_struct *ndpi_mod; - + struct ndpi_proto_sorter *protos; + /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); @@ -258,20 +271,31 @@ void extcap_config() { printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); #endif + + setupDetection(0, NULL); + ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; + + protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter)*ndpi_mod->ndpi_num_supported_protocols); + if(!protos) exit(0); + + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { + protos[i].id = i; + snprintf(protos[i].name, sizeof(protos[i].name), "%s", ndpi_mod->proto_defaults[i].protoName); + } + qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto); printf("arg {number=%u}{call=-9}{display=nDPI Protocol Filter}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); - setupDetection(0, NULL); - ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; - printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); - + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) - printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, i, - ndpi_mod->proto_defaults[i].protoName, i); + printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, protos[i].id, + protos[i].name, protos[i].id); + free(protos); + exit(0); } @@ -1507,13 +1531,14 @@ static void pcap_packet_callback_checked(u_char *args, crc = (uint32_t*)&extcap_buf[h.caplen+sizeof(struct ndpi_packet_trailer)]; *crc = 0; ethernet_crc32((const void*)extcap_buf, h.caplen+sizeof(struct ndpi_packet_trailer), crc); - h.caplen += delta, h.len += delta; + h.caplen += delta, h.len += delta; #ifdef DEBUG_TRACE if(trace) fprintf(trace, "Dumping %u bytes packet\n", h.caplen); #endif pcap_dump((u_char*)extcap_dumper, &h, (const u_char *)extcap_buf); + pcap_dump_flush(extcap_dumper); } /* check for buffer changes */ diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 177e0f121..3d35c9083 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -15,16 +15,15 @@ fds.name = ProtoField.new("nDPI Protocol Name", "ndpi.protocol.name", ftypes.STR local f_eth_trailer = Field.new("eth.trailer") -local ndpi_protos = {} -local ndpi_senders = {} -local ndpi_receivers = {} +local ndpi_protos = {} +local ndpi_flows = {} +local compute_flows_stats = true -- ############################################### function ndpi_proto.init() ndpi_protos = {} - ndpi_senders = {} - ndpi_receivers = {} + ndpi_flows = {} end function slen(str) @@ -57,7 +56,7 @@ function ndpi_proto.dissector(tvb, pinfo, tree) local application_protocol = tvb(pktlen-22,2) local name = tvb(pktlen-20,16) local name_str = name:string(ENC_ASCII) - local key + local ndpikey, srckey, dstkey, flowkey ndpi_subtree:add(fds.network_protocol, network_protocol) ndpi_subtree:add(fds.application_protocol, application_protocol) @@ -69,17 +68,22 @@ function ndpi_proto.dissector(tvb, pinfo, tree) pinfo.cols.protocol = name_str end - key = tostring(slen(name_str)) - if(ndpi_protos[key] == nil) then ndpi_protos[key] = 0 end - ndpi_protos[key] = ndpi_protos[key] + pinfo.len + if(compute_flows_stats) then + ndpikey = tostring(slen(name_str)) - key = tostring(pinfo.src) - if(ndpi_senders[key] == nil) then ndpi_senders[key] = 0 end - ndpi_senders[key] = ndpi_senders[key] + pinfo.len + if(ndpi_protos[ndpikey] == nil) then ndpi_protos[ndpikey] = 0 end + ndpi_protos[ndpikey] = ndpi_protos[ndpikey] + pinfo.len + + srckey = tostring(pinfo.src) + dstkey = tostring(pinfo.dst) + + flowkey = srckey.." / "..dstkey.." ["..ndpikey.."]" + if(ndpi_flows[flowkey] == nil) then + ndpi_flows[flowkey] = 0 + end - key = tostring(pinfo.dst) - if(ndpi_receivers[key] == nil) then ndpi_receivers[key] = 0 end - ndpi_receivers[key] = ndpi_receivers[key] + pinfo.len + ndpi_flows[flowkey] = ndpi_flows[flowkey] + pinfo.len + end end end @@ -147,27 +151,17 @@ local function ndpi_dialog_menu() i = 0 for k,v in pairsByValues(ndpi_protos, rev) do -- label = label .. k .. "\t".. bytesToSize(v) .. "\n" - label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v)) if(i == max_i) then break else i = i + 1 end end -- ####### - label = label .. "\nTop Senders\n" + label = label .. "\nTop nDPI Flows\n" label = label .. "-----------\n" i = 0 - for k,v in pairsByValues(ndpi_senders, rev) do - label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) - if(i == max_i) then break else i = i + 1 end - end - - -- ####### - - label = label .. "\nTop Receivers\n" - label = label .. "-------------\n" - i = 0 - for k,v in pairsByValues(ndpi_receivers, rev) do - label = label .. string.format("%-24s\t%s\n", k, bytesToSize(v)) + for k,v in pairsByValues(ndpi_flows, rev) do + label = label .. string.format("%-32s\t%s\n", k, bytesToSize(v)) if(i == max_i) then break else i = i + 1 end end @@ -175,4 +169,6 @@ local function ndpi_dialog_menu() end end -register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED) +if(compute_flows_stats) then + register_menu("nDPI", ndpi_dialog_menu, MENU_STAT_UNSORTED) +end -- cgit v1.2.3 From 6cae3a7dceff002852778f1a09caf9571687f8b5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 27 Apr 2017 12:17:32 +0200 Subject: Removed Napatech dependency --- configure.ac | 9 --------- 1 file changed, 9 deletions(-) diff --git a/configure.ac b/configure.ac index 239187360..c970cbe5b 100644 --- a/configure.ac +++ b/configure.ac @@ -82,15 +82,6 @@ AS_IF([test "x$enable_json_c" != "xno"], [ []) ]) -OLD_LIBS=$LIBS -LIBS="-L/opt/napatech3/lib $LIBS" -AC_CHECK_LIB([ntapi], - [NT_Init], - [PCAP_LIB="$PCAP_LIB -L/opt/napatech3/lib -lntapi"], - [], [] ) -LIBS=$OLD_LIBS - - AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc]) -- cgit v1.2.3 From e1b905124fce4d1aac35006f6721e27c1ee81228 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 27 Apr 2017 14:57:04 +0200 Subject: Improved SSL dissection --- example/ndpi_util.c | 7 +- tests/result/Instagram.pcap.out | 14 +- tests/result/KakaoTalk_chat.pcap.out | 6 +- tests/result/Viber_session.pcap.out | 40 ++-- tests/result/ocs.pcap.out | 4 +- tests/result/skype.pcap.out | 384 +++++++++++++++--------------- tests/result/skype_no_unknown.pcap.out | 290 +++++++++++----------- tests/result/starcraft_battle.pcap.out | 8 +- tests/result/viber_mobile.pcap.out | 160 ++++++------- tests/result/whatsapp_login_call.pcap.out | 105 ++++---- 10 files changed, 507 insertions(+), 511 deletions(-) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 941e7f88d..eb6744ccc 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -561,11 +561,10 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, /* New protocol detected or give up */ flow->detection_completed = 1; - process_ndpi_collected_info(workflow, flow); - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) - flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, - flow->ndpi_flow); + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, + flow->ndpi_flow); + process_ndpi_collected_info(workflow, flow); } return(flow->detected_protocol); diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 83b0492bb..edd889471 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -1,30 +1,30 @@ Unknown 1 66 1 -HTTP 266 245342 7 +HTTP 116 91784 6 ICMP 5 510 1 -SSL 93 57298 4 -Facebook 10 5299 1 +SSL 2 169 1 +Facebook 251 215986 5 Dropbox 5 725 2 Instagram 363 255094 16 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/Dropbox][1 pkts/145 bytes] 2 UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net] 3 UDP 192.168.0.103:27124 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com] - 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91/SSL][11 pkts/5397 bytes] + 4 TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][11 pkts/5397 bytes] 5 TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][10 pkts/5299 bytes] 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes] 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] 8 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][34 pkts/29039 bytes] 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] - 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][150 pkts/153558 bytes] + 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] 15 TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] 17 UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] - 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91/SSL][68 pkts/45688 bytes] - 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91/SSL][12 pkts/6044 bytes] + 18 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] + 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][12 pkts/6044 bytes] 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes] 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] 22 TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][2 pkts/140 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index b1df9ee34..4fee1d276 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,9 +1,9 @@ DNS 2 217 1 -HTTP 15 840 2 +HTTP 1 56 1 ICMP 1 147 1 SSL 29 4579 3 Facebook 215 51809 12 -Google 2 247 2 +Google 16 1031 3 HTTP_Proxy 26 3926 1 Amazon 2 181 1 KakaoTalk 55 9990 15 @@ -36,7 +36,7 @@ KakaoTalk 55 9990 15 26 TCP 10.24.82.188:34686 <-> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes] 27 UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] 28 UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] - 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][14 pkts/784 bytes] + 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] 30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] 31 TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][5 pkts/280 bytes] 32 TCP 10.24.82.188:49217 <-> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index f396686c7..81ef39da8 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -1,13 +1,13 @@ -Unknown 145 9356 7 +Unknown 163 9995 7 HTTP 13 796 7 SSL_No_Cert 34 4141 1 ICMP 2 196 1 -SSL 104 9782 9 -Facebook 59 5744 3 +SSL 80 7703 8 +Facebook 29 3944 2 Dropbox 1 97 1 GMail 21 1891 1 -Google 26 2005 4 -Viber 4151 391331 3 +Google 50 4084 5 +Viber 4163 392492 4 Amazon 1 66 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][10 pkts/757 bytes] @@ -22,17 +22,17 @@ Amazon 1 66 1 10 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 11 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][6 pkts/599 bytes] 12 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][1 pkts/60 bytes] - 13 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 119/Facebook][30 pkts/1800 bytes] - 14 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91/SSL][24 pkts/2079 bytes] - 15 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] - 16 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] - 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] - 18 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 19 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] - 20 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 21 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] - 22 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 23 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] + 13 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][24 pkts/2079 bytes] + 14 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][7 pkts/436 bytes] + 15 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] + 16 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][5 pkts/385 bytes] + 17 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 18 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][5 pkts/385 bytes] + 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 20 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][5 pkts/424 bytes] + 21 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] + 22 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] + 23 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 144/Viber][12 pkts/1161 bytes] 24 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] 25 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] @@ -45,9 +45,9 @@ Amazon 1 66 1 Undetected flows: 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 3 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 4 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 5 TCP 192.168.200.222:43454 <-> 52.0.253.46:4244 [proto: 0/Unknown][12 pkts/1161 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index feb238eb8..abb202085 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -1,15 +1,15 @@ Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 +SSL 20 2715 1 Google 41 5525 6 -Amazon 20 2715 1 OCS 863 57552 7 1 TCP 192.168.180.2:42590 <-> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes][Host: www.ocs.fr] 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91.178/SSL.Amazon][20 pkts/2715 bytes] + 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes] 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 0f0a3cc5e..69fff20f5 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 416 54589 17 +Unknown 381 48593 15 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -6,9 +6,9 @@ SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 -Dropbox 52 19156 6 -Skype 1896 291402 243 -Apple 3 168 1 +Dropbox 38 17948 5 +Skype 1933 296729 245 +Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 @@ -111,184 +111,186 @@ MS_OneDrive 387 198090 1 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] 97 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] 98 UDP 192.168.1.34:13021 <-> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes] - 99 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] - 100 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] - 101 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] - 102 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] - 103 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] - 104 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] - 105 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] - 106 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] - 107 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] - 108 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] - 109 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] - 110 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] - 111 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] - 112 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] - 113 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] - 114 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] - 115 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] - 116 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] - 117 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] - 118 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] - 119 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] - 120 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] - 122 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] - 123 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] - 124 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] - 127 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] - 128 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] - 129 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] - 130 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] - 134 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] - 135 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] - 136 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] - 139 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] - 140 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 148 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 149 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 150 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 151 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 152 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 156 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] - 157 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 158 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 159 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 160 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 161 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 162 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 163 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 164 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 166 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 167 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 193 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 194 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] - 195 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 196 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 197 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 198 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 199 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 200 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 201 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 203 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 204 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 205 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 206 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 208 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] - 209 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] - 210 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] - 211 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 212 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 213 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 214 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 220 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 221 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 222 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 224 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 225 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 226 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 227 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 228 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 229 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 230 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 231 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 232 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 233 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 234 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 236 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 237 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 238 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] - 239 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 240 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 241 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 244 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 245 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 246 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] - 247 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 248 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] - 249 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] - 250 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] - 251 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] - 252 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 253 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 254 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 258 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] - 261 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] - 262 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] - 263 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] - 264 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] - 265 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] - 266 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 267 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 268 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 269 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 270 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 271 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 272 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.121/SSL.Dropbox][14 pkts/1208 bytes] - 273 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 274 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 275 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 276 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][12 pkts/1877 bytes] + 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][16 pkts/1306 bytes] + 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][17 pkts/1400 bytes] + 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][17 pkts/1353 bytes] + 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][15 pkts/1229 bytes] + 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][17 pkts/1355 bytes] + 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][17 pkts/1441 bytes] + 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][17 pkts/1327 bytes] + 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][17 pkts/1338 bytes] + 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][17 pkts/1371 bytes] + 109 UDP 192.168.1.34:13021 <-> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes] + 110 UDP 192.168.1.34:13021 <-> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes] + 111 UDP 192.168.1.34:13021 <-> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes] + 112 UDP 192.168.1.34:13021 <-> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes] + 113 UDP 192.168.1.34:13021 <-> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes] + 114 UDP 192.168.1.34:13021 <-> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes] + 115 UDP 192.168.1.34:13021 <-> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes] + 116 UDP 192.168.1.34:13021 <-> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes] + 117 UDP 192.168.1.34:13021 <-> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes] + 118 UDP 192.168.1.34:13021 <-> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes] + 119 UDP 192.168.1.34:13021 <-> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes] + 120 UDP 192.168.1.34:13021 <-> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes] + 121 UDP 192.168.1.34:13021 <-> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 192.168.1.34:13021 <-> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes] + 123 UDP 192.168.1.34:13021 <-> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes] + 124 UDP 192.168.1.34:13021 <-> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes] + 125 UDP 192.168.1.34:13021 <-> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes] + 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][13 pkts/1287 bytes] + 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] + 130 UDP 192.168.1.34:13021 <-> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes] + 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] + 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 135 UDP 192.168.1.34:13021 <-> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes] + 136 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes] + 137 UDP 192.168.1.34:13021 <-> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 140 UDP 192.168.1.34:13021 <-> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes] + 141 UDP 192.168.1.34:13021 <-> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1254 bytes] + 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.34:49360 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][18 pkts/1412 bytes] + 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 198 UDP 192.168.1.34:49990 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 202 UDP 192.168.1.34:51802 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52714 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.34:52850 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 205 UDP 192.168.1.34:52742 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 208 UDP 192.168.1.34:54396 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][17 pkts/1370 bytes] + 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][17 pkts/1401 bytes] + 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][17 pkts/1381 bytes] + 213 UDP 192.168.1.34:57288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 214 UDP 192.168.1.34:57406 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 215 UDP 192.168.1.34:57726 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 222 UDP 192.168.1.34:58458 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 UDP 192.168.1.34:58368 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 224 UDP 192.168.1.34:60288 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 227 UDP 192.168.1.34:63108 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 230 UDP 192.168.1.34:65426 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 234 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 235 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 240 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][472 pkts/164627 bytes] + 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][17 pkts/1386 bytes] + 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][15 pkts/1311 bytes] + 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][15 pkts/1452 bytes] + 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][14 pkts/1390 bytes] + 253 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes] + 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 192.168.1.34:13021 <-> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes] + 263 UDP 192.168.1.34:13021 <-> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes] + 264 UDP 192.168.1.34:13021 <-> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes] + 265 UDP 192.168.1.34:13021 <-> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes] + 266 UDP 192.168.1.34:13021 <-> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes] + 267 UDP 192.168.1.34:13021 <-> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes] + 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 273 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 278 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -299,13 +301,11 @@ Undetected flows: 5 UDP 192.168.1.34:54067 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] - 8 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 0/Unknown][12 pkts/1877 bytes] - 9 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 10 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 11 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 12 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 13 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 14 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 15 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 16 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] - 17 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] + 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][100 pkts/12266 bytes] + 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 6f39106c4..3e631832f 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 236 70600 14 +Unknown 216 66695 13 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1241 181327 221 +Skype 1261 185232 222 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -128,142 +128,143 @@ MS_OneDrive 348 181687 1 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 119 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] - 120 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] - 122 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] - 123 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] - 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] - 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] - 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] - 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] - 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] - 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 148 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] - 149 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] - 150 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] - 151 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] - 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] - 157 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] - 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 177 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] - 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 182 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 185 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] - 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 188 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 189 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] - 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 201 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 202 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 204 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 206 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 208 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] - 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] - 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] - 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] - 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] - 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] - 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] - 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 227 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] - 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 241 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] - 242 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] - 243 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] - 244 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] - 245 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] - 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 249 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] - 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] - 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] + 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][20 pkts/3905 bytes] + 119 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] + 120 UDP 192.168.1.34:13021 <-> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes] + 121 UDP 192.168.1.34:13021 <-> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 192.168.1.34:13021 <-> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes] + 123 UDP 192.168.1.34:13021 <-> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes] + 124 UDP 192.168.1.34:13021 <-> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] + 128 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] + 129 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] + 130 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] + 134 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] + 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] + 136 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][15 pkts/3532 bytes] + 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] + 138 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] + 139 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 140 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] + 141 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][15 pkts/1258 bytes] + 142 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] + 143 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 125/Skype][13 pkts/1157 bytes] + 144 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] + 145 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 146 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] + 147 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] + 148 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] + 149 UDP 192.168.1.34:13021 <-> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes] + 150 UDP 192.168.1.34:13021 <-> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes] + 151 UDP 192.168.1.34:13021 <-> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes] + 152 UDP 192.168.1.34:13021 <-> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes] + 158 UDP 192.168.1.34:13021 <-> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes] + 159 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] + 160 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] + 161 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] + 162 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] + 163 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] + 164 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] + 165 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] + 166 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] + 167 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] + 178 UDP 192.168.1.34:49864 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 179 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][14 pkts/1176 bytes] + 180 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 181 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 182 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] + 183 UDP 192.168.1.34:53372 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 184 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 185 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] + 186 UDP 192.168.1.34:55028 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 187 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] + 188 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] + 189 UDP 192.168.1.34:55866 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 190 UDP 192.168.1.34:57592 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 191 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 192 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] + 193 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] + 194 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] + 195 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] + 196 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] + 197 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] + 198 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] + 199 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] + 200 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] + 201 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 202 UDP 192.168.1.34:60688 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 203 UDP 192.168.1.34:61016 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 204 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] + 205 UDP 192.168.1.34:63342 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 206 UDP 192.168.1.34:63514 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 207 UDP 192.168.1.34:64240 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 UDP 192.168.1.34:64258 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 209 UDP 192.168.1.34:64364 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 210 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] + 211 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] + 212 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] + 213 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] + 214 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 215 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] + 216 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] + 217 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] + 218 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][14 pkts/1163 bytes] + 219 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] + 220 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] + 221 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] + 222 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] + 223 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 224 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 225 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] + 226 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 227 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] + 228 UDP 192.168.0.254:1025 <-> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes] + 229 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] + 230 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] + 231 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] + 232 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 233 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] + 234 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] + 235 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] + 236 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] + 237 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] + 238 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] + 239 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] + 240 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] + 241 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] + 242 UDP 192.168.1.34:13021 <-> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes] + 243 UDP 192.168.1.34:13021 <-> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes] + 244 UDP 192.168.1.34:13021 <-> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes] + 245 UDP 192.168.1.34:13021 <-> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes] + 246 UDP 192.168.1.34:13021 <-> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes] + 247 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] + 248 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] + 249 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] + 250 UDP [ff02::fb]:5353 <-> [fe80::c62c:3ff:fe06:49fe]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 251 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] + 252 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 125/Skype][14 pkts/1203 bytes] + 253 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] + 254 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] Undetected flows: @@ -274,10 +275,9 @@ Undetected flows: 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] - 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] - 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] - 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] - 13 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] - 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 8 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] + 9 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] + 10 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][3 pkts/206 bytes] + 11 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][25 pkts/15642 bytes] + 12 UDP 192.168.1.34:59052 <-> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes] + 13 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 3d096ba01..f2d26ea0a 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -4,11 +4,11 @@ SSDP 11 4984 1 HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 -SSL 30 1998 9 +SSL 38 2548 11 Google 16 1709 4 QUIC 6 475 1 Github 3 234 1 -Starcraft 244 52044 8 +Starcraft 236 51494 6 1 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][12 pkts/3680 bytes][Host: eu.launcher.battle.net] 2 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1226 bytes][Host: nydus.battle.net] @@ -28,8 +28,8 @@ Starcraft 244 52044 8 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net] 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] - 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91.213/SSL.Starcraft][4 pkts/275 bytes] + 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] + 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 23 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 80e00c267..c311e74b3 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -1,4 +1,4 @@ -Unknown 195 17876 9 +Unknown 163 9995 7 DNS 16 1943 7 HTTP 43 4771 7 BitTorrent 57 13074 27 @@ -8,90 +8,90 @@ SSL 79 21658 7 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 -Google 60 11337 7 +Google 76 17175 8 WhatsApp 31 6224 2 -Viber 10065 1411403 3 +Viber 10081 1413446 4 Amazon 8 528 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] 2 UDP 192.168.200.222:39413 <-> 122.146.250.88:9415 [proto: 37/BitTorrent][1 pkts/146 bytes] - 3 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] - 4 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 5 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] - 6 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] - 7 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] - 8 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] - 9 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] - 10 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] - 11 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] - 12 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] - 13 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] - 14 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] - 15 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] - 16 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] - 17 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] - 18 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] - 19 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] - 20 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] - 21 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] - 22 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] - 23 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] - 24 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] - 25 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 26 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] - 27 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] - 28 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] - 29 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] - 30 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 31 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] - 32 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] - 33 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] - 34 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 35 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] - 36 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] - 37 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] - 38 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 39 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 40 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] - 41 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] - 42 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] - 43 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] - 44 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] - 45 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] - 46 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] - 47 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] - 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] - 49 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] - 50 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] - 51 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] - 52 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] - 53 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] - 54 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] - 55 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] - 56 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 57 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] - 58 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] - 59 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] - 60 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] - 61 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 62 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] - 63 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] - 64 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] - 65 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] - 66 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] - 67 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] - 68 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] - 69 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 70 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] + 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][16 pkts/5838 bytes] + 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] + 5 TCP 192.168.200.222:60828 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][7 pkts/532 bytes] + 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][2 pkts/241 bytes][Host: mail.google.com] + 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][2 pkts/505 bytes] + 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][2 pkts/498 bytes] + 10 UDP 192.168.200.222:39413 <-> 60.71.113.134:37764 [proto: 37/BitTorrent][2 pkts/505 bytes] + 11 UDP 192.168.200.222:39413 <-> 23.113.222.89:49548 [proto: 37/BitTorrent][2 pkts/503 bytes] + 12 UDP 192.168.200.222:39413 <-> 1.163.234.205:58738 [proto: 37/BitTorrent][2 pkts/471 bytes] + 13 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][5 pkts/385 bytes] + 14 UDP 192.168.200.222:39413 <-> 90.19.187.56:40500 [proto: 37/BitTorrent][1 pkts/146 bytes] + 15 UDP 192.168.200.222:39413 <-> 80.47.129.1:44420 [proto: 37/BitTorrent][2 pkts/505 bytes] + 16 UDP 192.168.200.222:39413 <-> 70.112.231.62:51413 [proto: 37/BitTorrent][3 pkts/438 bytes] + 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] + 18 UDP 192.168.200.222:39413 <-> 94.6.33.9:46735 [proto: 37/BitTorrent][2 pkts/505 bytes] + 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 20 UDP 192.168.200.222:39413 <-> 88.176.55.218:51413 [proto: 37/BitTorrent][1 pkts/146 bytes] + 21 UDP 192.168.200.222:39413 <-> 182.57.65.243:27736 [proto: 37/BitTorrent][2 pkts/292 bytes] + 22 TCP 192.168.200.222:38778 <-> 54.251.141.219:80 [proto: 7.178/HTTP.Amazon][8 pkts/528 bytes] + 23 UDP 192.168.200.222:47874 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/197 bytes][Host: mtalk.google.com] + 24 TCP 192.168.200.222:39339 <-> 54.169.63.186:443 [proto: 91.144/SSL.Viber][6 pkts/412 bytes] + 25 UDP 192.168.200.222:39413 <-> 92.249.148.218:53810 [proto: 37/BitTorrent][2 pkts/505 bytes] + 26 TCP 192.168.200.222:33161 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 27 TCP 192.168.200.222:52491 <-> 31.13.79.245:443 [proto: 91.119/SSL.Facebook][11 pkts/1073 bytes] + 28 UDP 192.168.200.222:55854 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/236 bytes][Host: s.jpush.cn] + 29 UDP 192.168.200.222:58434 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/349 bytes][Host: e.crashlytics.com] + 30 UDP 192.168.200.222:39413 <-> 2.85.108.0:21241 [proto: 37/BitTorrent][2 pkts/505 bytes] + 31 TCP 192.168.200.222:36675 <-> 112.124.219.82:80 [proto: 7/HTTP][9 pkts/2188 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 32 UDP 192.168.200.222:60474 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/218 bytes][Host: easytomessage.com] + 33 UDP 192.168.200.222:39413 <-> 24.43.1.206:17193 [proto: 37/BitTorrent][8 pkts/1992 bytes] + 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81.126/ICMP.Google][1 pkts/148 bytes] + 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] + 36 TCP 192.168.200.222:51055 <-> 74.125.68.156:443 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] + 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] + 38 UDP 192.168.200.222:39413 <-> 80.234.25.211:12624 [proto: 37/BitTorrent][2 pkts/505 bytes] + 39 TCP 192.168.200.222:46761 <-> 112.124.219.93:80 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 40 TCP 192.168.200.222:52977 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 41 UDP 192.168.200.222:39413 <-> 120.57.18.255:10201 [proto: 37/BitTorrent][2 pkts/505 bytes] + 42 UDP 192.168.200.222:16965 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/366 bytes][Host: settings.crashlytics.com] + 43 UDP 192.168.200.222:39413 <-> 24.43.1.206:40959 [proto: 37/BitTorrent][4 pkts/996 bytes] + 44 UDP 192.168.200.222:39413 <-> 46.181.170.37:36237 [proto: 37/BitTorrent][2 pkts/505 bytes] + 45 UDP 192.168.200.222:22761 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/246 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] + 46 UDP 192.168.200.222:39413 <-> 188.165.225.138:6881 [proto: 37/BitTorrent][2 pkts/480 bytes] + 47 UDP 192.168.200.222:39149 <-> 8.8.8.8:53 [proto: 5/DNS][2 pkts/192 bytes][Host: sis.jpush.io] + 48 TCP 222.165.163.93:443 <-> 192.168.200.222:52635 [proto: 91/SSL][7 pkts/529 bytes] + 49 TCP 222.165.163.93:443 <-> 192.168.200.222:52641 [proto: 91/SSL][5 pkts/385 bytes] + 50 UDP 192.168.200.222:39413 <-> 178.157.199.144:22133 [proto: 37/BitTorrent][1 pkts/146 bytes] + 51 UDP 192.168.200.222:39695 <-> 8.8.8.8:53 [proto: 5.119/DNS.Facebook][2 pkts/214 bytes][Host: graph.facebook.com] + 52 TCP 222.165.163.91:443 <-> 192.168.200.222:56243 [proto: 91/SSL][7 pkts/529 bytes] + 53 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] + 54 UDP 192.168.200.222:43901 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][2 pkts/263 bytes][Host: googleads.g.doubleclick.net] + 55 TCP 74.125.68.239:443 <-> 192.168.200.222:37376 [proto: 91.126/SSL.Google][7 pkts/532 bytes] + 56 TCP 192.168.200.222:43287 <-> 52.0.253.46:443 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] + 57 UDP 192.168.200.222:52263 <-> 8.8.8.8:53 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] + 58 TCP 192.168.200.222:51146 <-> 23.21.254.189:443 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] + 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] + 60 TCP 192.168.200.222:42040 <-> 74.125.200.18:443 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] + 61 UDP 192.168.200.222:39413 <-> 37.214.167.82:11905 [proto: 37/BitTorrent][1 pkts/146 bytes] + 62 UDP 192.168.200.222:58921 <-> 8.8.8.8:53 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] + 63 TCP 192.168.200.222:43646 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 64 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 142/WhatsApp][29 pkts/5946 bytes] + 65 UDP 192.168.200.222:39413 <-> 93.100.186.199:6881 [proto: 37/BitTorrent][2 pkts/498 bytes] + 66 UDP 192.168.200.222:48564 <-> 54.169.63.186:7985 [proto: 144/Viber][10057 pkts/1410853 bytes] + 67 UDP 192.168.200.222:48564 <-> 54.169.63.186:7987 [proto: 144/Viber][2 pkts/138 bytes] + 68 TCP 192.168.200.222:50854 <-> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes] + 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] + 70 UDP 192.168.200.222:39413 <-> 92.245.59.202:12998 [proto: 37/BitTorrent][2 pkts/505 bytes] + 71 TCP 192.168.200.222:51765 <-> 108.160.172.205:443 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] + 72 TCP 192.168.200.222:52269 <-> 107.22.192.179:443 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: - 1 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 0/Unknown][16 pkts/5838 bytes] - 2 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] - 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] - 4 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] - 5 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] - 6 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] - 7 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 0/Unknown][16 pkts/2043 bytes] - 8 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] - 9 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] + 1 TCP 192.168.200.222:55554 <-> 113.31.80.142:7003 [proto: 0/Unknown][6 pkts/446 bytes] + 2 UDP 192.168.200.222:48564 <-> 175.157.52.135:37299 [proto: 0/Unknown][30 pkts/1800 bytes] + 3 UDP 192.168.200.222:48564 <-> 175.157.52.135:37301 [proto: 0/Unknown][30 pkts/1800 bytes] + 4 TCP 192.168.200.222:55565 <-> 113.31.80.142:7003 [proto: 0/Unknown][7 pkts/549 bytes] + 5 UDP 192.168.200.222:48564 <-> 10.216.246.82:59027 [proto: 0/Unknown][30 pkts/1800 bytes] + 6 UDP 192.168.200.222:48564 <-> 175.157.52.135:37300 [proto: 0/Unknown][30 pkts/1800 bytes] + 7 UDP 192.168.200.222:48564 <-> 175.157.52.135:37302 [proto: 0/Unknown][30 pkts/1800 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 99ff51ed5..f689282ed 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -1,7 +1,7 @@ -Unknown 27 2322 2 HTTP 11 726 3 MDNS 8 952 4 DHCP 10 3420 1 +STUN 27 2322 2 ICMP 10 700 1 SSL 8 589 2 Facebook 70 9464 14 @@ -19,56 +19,53 @@ WhatsAppVoice 706 91156 4 5 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 6 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com] 7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 8 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 9 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 10 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 11 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 12 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 14 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] - 15 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] - 16 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 21 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 22 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 23 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] - 24 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 26 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 27 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 28 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] - 29 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] - 30 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] - 31 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] - 32 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] - 33 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] - 34 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] - 35 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] - 36 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] - 37 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] - 38 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 39 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 40 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 41 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 42 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 43 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] - 44 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 45 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 46 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 47 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 48 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] - 49 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] - 50 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] - 51 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] - 52 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 53 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] - 54 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] - 55 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - - -Undetected flows: - 1 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 0/Unknown][15 pkts/1290 bytes] - 2 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 0/Unknown][12 pkts/1032 bytes] + 8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes] + 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] + 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 21 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 22 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 23 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 24 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][24 pkts/4825 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 26 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 27 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 28 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 29 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][20 pkts/2993 bytes] + 30 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] + 31 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][3 pkts/198 bytes] + 32 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][3 pkts/198 bytes] + 33 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][10 pkts/3420 bytes][Host: lucas-imac] + 34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes] + 35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes] + 36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes] + 37 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net] + 38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 78/STUN][12 pkts/1032 bytes] + 39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes] + 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] + 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] + 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] + 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] + 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] + 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] + 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 55 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] + 56 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][5 pkts/330 bytes] + 57 UDP [fe80::c42c:3ff:fe60:6a64]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] -- cgit v1.2.3 From af5021d571b682d540b796eb59f31dcddd3f3aa0 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 29 Apr 2017 08:32:28 +0000 Subject: Fixed warning --- src/lib/protocols/oscar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c index 869b36378..d6ca25cde 100644 --- a/src/lib/protocols/oscar.c +++ b/src/lib/protocols/oscar.c @@ -579,7 +579,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct { /* request ID */ req_ID = get_u_int32_t(packet->payload, 12); - if((req_ID <= 4294967295)) + if((req_ID <= ((u_int32_t)-1))) { NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); -- cgit v1.2.3 From 064b50df819918734062294984e529bd62bd594c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 30 Apr 2017 10:12:28 +0200 Subject: Added -m for splitting analysis in sub-analysis steps --- example/ndpiReader.c | 102 ++++++++++++++++++++++++++++++++------------------- example/ndpi_util.c | 2 +- example/ndpi_util.h | 1 + 3 files changed, 67 insertions(+), 38 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 1f982b60b..59ca8b3a1 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -69,10 +69,12 @@ static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0; +static u_int32_t pcap_analysis_duration = (u_int32_t)-1; static u_int16_t decode_tunnels = 0; static u_int16_t num_loops = 1; static u_int8_t shutdown_app = 0, quiet_mode = 0; static u_int8_t num_threads = 1; +static struct timeval begin, end; #ifdef linux static int core_affinity[MAX_NUM_READER_THREADS]; #endif @@ -146,13 +148,14 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle); static void help(u_int long_help) { printf("Welcome to nDPI %s\n\n", ndpi_revision()); - printf("ndpiReader -i [-f ][-s ]\n" + printf("ndpiReader -i [-f ][-s ][-m ]\n" " [-p ][-l [-q][-d][-h][-t][-v ]\n" " [-n ] [-w ] [-j ]\n\n" "Usage:\n" " -i | Specify a pcap file/playlist to read packets from or a device for live capture (comma-separated list)\n" " -f | Specify a BPF filter for filtering selected traffic\n" " -s | Maximum capture duration in seconds (live traffic capture only)\n" + " -m | Split analysis duration in max seconds\n" " -p .protos | Specify a protocol file (eg. protos.txt)\n" " -l | Number of detection loops (test only)\n" " -n | Number of threads. Default: number of interfaces in -i. Ignored with pcap files.\n" @@ -262,7 +265,7 @@ void extcap_config() { int i, argidx = 0; struct ndpi_detection_module_struct *ndpi_mod; struct ndpi_proto_sorter *protos; - + /* -i */ printf("arg {number=%u}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}" "{tooltip=The interface name}\n", argidx++); @@ -271,12 +274,12 @@ void extcap_config() { printf("arg {number=%u}{call=-i}{display=Pcap File to Analize}{type=fileselect}" "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++); #endif - + setupDetection(0, NULL); ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct; - + protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter)*ndpi_mod->ndpi_num_supported_protocols); - if(!protos) exit(0); + if(!protos) exit(0); for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { protos[i].id = i; @@ -284,18 +287,18 @@ void extcap_config() { } qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto); - + printf("arg {number=%u}{call=-9}{display=nDPI Protocol Filter}{type=selector}" "{tooltip=nDPI Protocol to be filtered}\n", argidx); printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)"); - + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) printf("value {arg=%d}{value=%d}{display=%s (%u)}\n", argidx, protos[i].id, protos[i].name, protos[i].id); free(protos); - + exit(0); } @@ -341,7 +344,7 @@ static void parseOptions(int argc, char **argv) { if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); #endif - while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:", longopts, &option_idx)) != EOF) { + while ((opt = getopt_long(argc, argv, "df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); #endif @@ -356,6 +359,10 @@ static void parseOptions(int argc, char **argv) { _pcap_file[0] = optarg; break; + case 'm': + pcap_analysis_duration = atol(optarg); + break; + case 'f': case '6': _bpf_filter = optarg; @@ -580,7 +587,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if((verbose != 1) && (verbose != 2)) return; - + if(!json_flag) { fprintf(out, "\t%u", ++num_flows); @@ -937,7 +944,6 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { * @brief End of detection and free flow */ static void terminateDetection(u_int16_t thread_id) { - ndpi_workflow_free(ndpi_thread_info[thread_id].workflow); } @@ -1047,12 +1053,12 @@ static int port_stats_sort(void *_a, void *_b) { void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; int i = 0; - + HASH_ITER(hh, stats, s, tmp) { i++; printf("\t%2d\tPort %5u\t[%u pkts/%u bytes]\n", i, s->port, s->num_pkts, s->num_bytes); if(i >= 10) break; - } + } } /* *********************************************** */ @@ -1061,7 +1067,6 @@ void printPortStats(struct port_stats *stats) { * @brief Print result */ static void printResults(u_int64_t tot_usec) { - u_int32_t i; u_int64_t total_flow_bytes = 0; u_int32_t avg_pkt_size = 0; @@ -1073,10 +1078,10 @@ static void printResults(u_int64_t tot_usec) { json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; - + memset(&cumulative_stats, 0, sizeof(cumulative_stats)); - for(thread_id = 0; thread_id < num_threads; thread_id++) { + for(thread_id = 0; thread_id < num_threads; thread_id++) { if((ndpi_thread_info[thread_id].workflow->stats.total_wire_bytes == 0) && (ndpi_thread_info[thread_id].workflow->stats.raw_packet_count == 0)) continue; @@ -1090,7 +1095,7 @@ static void printResults(u_int64_t tot_usec) { HASH_SORT(srcStats, port_stats_sort); HASH_SORT(dstStats, port_stats_sort); } - + /* Stats aggregation */ cumulative_stats.guessed_flow_protocols += ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols; cumulative_stats.raw_packet_count += ndpi_thread_info[thread_id].workflow->stats.raw_packet_count; @@ -1117,6 +1122,8 @@ static void printResults(u_int64_t tot_usec) { cumulative_stats.max_packet_len += ndpi_thread_info[thread_id].workflow->stats.max_packet_len; } + if(cumulative_stats.total_wire_bytes == 0) return; + if(!quiet_mode) { printf("\nnDPI Memory statistics:\n"); printf("\tnDPI Memory (once): %-13s\n", formatBytes(sizeof(struct ndpi_detection_module_struct), buf, sizeof(buf))); @@ -1155,7 +1162,7 @@ static void printResults(u_int64_t tot_usec) { printf("\tPacket Len > 1500: %-13lu\n", (unsigned long)cumulative_stats.packet_len[5]); if(tot_usec > 0) { - char buf[32], buf1[32]; + char buf[32], buf1[32], when[64]; float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; float traffic_duration; @@ -1164,6 +1171,11 @@ static void printResults(u_int64_t tot_usec) { printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)traffic_duration; b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)traffic_duration; + + strftime(when, sizeof(when), "%d/%b/%Y %H:%M:%S", localtime(&pcap_start.tv_sec)); + printf("\tAnalysis begin: %s\n", when); + strftime(when, sizeof(when), "%d/%b/%Y %H:%M:%S", localtime(&pcap_end.tv_sec)); + printf("\tAnalysis end: %s\n", when); printf("\tTraffic throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); printf("\tTraffic duration: %.3f sec\n", traffic_duration/1000000); } @@ -1315,11 +1327,12 @@ static void printResults(u_int64_t tot_usec) { if(verbose == 3) { printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); - + printf("\nDestination Ports Stats:\n"); printPortStats(dstStats); - + deletePortsStats(srcStats), deletePortsStats(dstStats); + srcStats = NULL, dstStats = NULL; } } @@ -1328,14 +1341,11 @@ static void printResults(u_int64_t tot_usec) { * @brief Force a pcap_dispatch() or pcap_loop() call to return */ static void breakPcapLoop(u_int16_t thread_id) { - if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) { pcap_breakloop(ndpi_thread_info[thread_id].workflow->pcap_handle); } } - - /** * @brief Sigproc is executed for each packet in the pcap file */ @@ -1453,9 +1463,9 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi /** * @brief Check pcap packet */ -static void pcap_packet_callback_checked(u_char *args, - const struct pcap_pkthdr *header, - const u_char *packet) { +static void pcap_process_packet(u_char *args, + const struct pcap_pkthdr *header, + const u_char *packet) { struct ndpi_proto p; u_int16_t thread_id = *((u_int16_t*)args); @@ -1516,13 +1526,13 @@ static void pcap_packet_callback_checked(u_char *args, struct ndpi_packet_trailer *trailer; memcpy(&h, header, sizeof(h)); - + if(h.caplen > (sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4)) { printf("INTERNAL ERROR: caplen=%u\n", h.caplen); - h.caplen = sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4; + h.caplen = sizeof(extcap_buf)-sizeof(struct ndpi_packet_trailer) - 4; } - trailer = (struct ndpi_packet_trailer*)&extcap_buf[h.caplen]; + trailer = (struct ndpi_packet_trailer*)&extcap_buf[h.caplen]; memcpy(extcap_buf, packet, h.caplen); memset(trailer, 0, sizeof(struct ndpi_packet_trailer)); trailer->magic = htonl(0x19680924); @@ -1546,6 +1556,28 @@ static void pcap_packet_callback_checked(u_char *args, printf("INTERNAL ERROR: ingress packet was modified by nDPI: this should not happen [thread_id=%u, packetId=%lu, caplen=%u]\n", thread_id, (unsigned long)ndpi_thread_info[thread_id].workflow->stats.raw_packet_count, header->caplen); free(packet_checked); + + if((pcap_end.tv_sec-pcap_start.tv_sec) > pcap_analysis_duration) { + int i; + u_int64_t tot_usec; + + gettimeofday(&end, NULL); + tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); + + printResults(tot_usec); + + for(i=0; iprefs.num_roots; i++) { + ndpi_tdestroy(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], ndpi_flow_info_freer); + ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i] = NULL; + + memset(&ndpi_thread_info[thread_id].workflow->stats, 0, sizeof(struct ndpi_stats)); + } + + printf("\n-------------------------------------------\n\n"); + + memcpy(&begin, &end, sizeof(begin)); + memcpy(&pcap_start, &pcap_end, sizeof(pcap_start)); + } } @@ -1553,12 +1585,10 @@ static void pcap_packet_callback_checked(u_char *args, * @brief Call pcap_loop() to process packets from a live capture or savefile */ static void runPcapLoop(u_int16_t thread_id) { - if((!shutdown_app) && (ndpi_thread_info[thread_id].workflow->pcap_handle != NULL)) - pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &pcap_packet_callback_checked, (u_char*)&thread_id); + pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &pcap_process_packet, (u_char*)&thread_id); } - /** * @brief Process a running thread */ @@ -1583,7 +1613,7 @@ void * processing_thread(void *_thread_id) { if((!json_flag) && (!quiet_mode)) printf("Running thread %ld...\n", thread_id); pcap_loop: - runPcapLoop(thread_id); + runPcapLoop(thread_id); if(playlist_fp[thread_id] != NULL) { /* playlist: read next file */ char filename[256]; @@ -1603,7 +1633,7 @@ void * processing_thread(void *_thread_id) { * @brief Begin, process, end detection process */ void test_lib() { - struct timeval begin, end; + struct timeval end; u_int64_t tot_usec; long thread_id; @@ -1690,8 +1720,6 @@ int main(int argc, char **argv) { automataUnitTest(); memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); - memset(&pcap_start, 0, sizeof(pcap_start)); - memset(&pcap_end, 0, sizeof(pcap_end)); parseOptions(argc, argv); @@ -1714,7 +1742,7 @@ int main(int argc, char **argv) { if(results_path) free(results_path); if(results_file) fclose(results_file); if(extcap_dumper) pcap_dump_close(extcap_dumper); - + return 0; } diff --git a/example/ndpi_util.c b/example/ndpi_util.c index eb6744ccc..1ba77eb80 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -129,7 +129,7 @@ struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * pre /* ***************************************************** */ -static void ndpi_flow_info_freer(void *node) { +void ndpi_flow_info_freer(void *node) { struct ndpi_flow_info *flow = (struct ndpi_flow_info*)node; ndpi_free_flow_info_half(flow); diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 335c94ddf..9d8f1e446 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -161,4 +161,5 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow * int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); void ethernet_crc32(const void* data, size_t n_bytes, uint32_t* crc); +void ndpi_flow_info_freer(void *node); #endif -- cgit v1.2.3 From 4030b52ecb5c7a98eeb3eadc362eab60521fb565 Mon Sep 17 00:00:00 2001 From: berat Date: Mon, 1 May 2017 14:07:41 +0200 Subject: Added IP Statistics to Port Stats --- example/ndpiReader.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++++--- example/ndpi_util.h | 3 +- 2 files changed, 172 insertions(+), 10 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 59ca8b3a1..63e33d783 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -84,9 +84,24 @@ static time_t capture_for = 0; static time_t capture_until = 0; static u_int32_t num_flows; +struct info_pair{ + u_int32_t addr; + int count; +}; + +typedef struct node_a{ + u_int32_t addr; + int count; + struct node_a *left, *right; +}addr_node; + struct port_stats { u_int32_t port; /* we'll use this field as the key */ u_int32_t num_pkts, num_bytes; + u_int32_t num_addr; /*to hold number of distinct IP addresses*/ + u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses*/ + addr_node *addr_tree; /* to hold distinct IP addresses*/ + struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS]; UT_hash_handle hh; /* makes this structure hashable */ }; @@ -136,6 +151,9 @@ FILE *trace = NULL; /********************** FUNCTIONS ********************* */ + + + /** * @brief Set main components necessary to the detection */ @@ -764,8 +782,99 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ -static void updatePortStats(struct port_stats **stats, u_int32_t port, u_int32_t num_pkts, u_int32_t num_bytes) { +int updateIpTree(const u_int32_t key, addr_node **vrootp){ + addr_node *q; + addr_node **rootp = vrootp; + + if(rootp == (addr_node **)0) + return 0; + + while (*rootp != (addr_node *)0) { /* Knuth's T1: */ + + if(key == ((*rootp)->addr)) { /* T2: */ + return ++((*rootp)->count); + } + + rootp = (key < ((*rootp)->addr)) ? + &(*rootp)->left : /* T3: follow left branch */ + &(*rootp)->right; /* T4: follow right branch */ + } + q = (addr_node *) malloc(sizeof(addr_node)); /* T5: key not found */ + if(q != (addr_node *)0) { /* make new node */ + *rootp = q; /* link new node to old */ + q->addr = key; /* initialize new node */ + q->count = 1; + q->left = q->right = (addr_node *)0; + return q->count; + } + +} + +/* *********************************************** */ + +void freeIpTree(addr_node *root) { + while (root != NULL) { + addr_node *left = root->left; + if (left == NULL) { + addr_node *right = root->right; + root->right = NULL; + root = right; + } else { + /* Rotate the left child up.*/ + root->left = left->right; + left->right = root; + root = left; + } + } +} + +/* *********************************************** */ + +void updateTopIpAddress(u_int32_t addr, int count, struct info_pair top[], int size){ + int update = 0; + int min_i = 0; + int min = count; + + if(count == 0) return; + + struct info_pair pair; + pair.addr = addr, pair.count = count; + + /* if the same ip with a bigger + count just update it */ + for(int i=0; iport = port, s->num_pkts = 0, s->num_bytes = 0; + s->num_addr = 1, s->cumulative_addr = 1; + + memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); + updateTopIpAddress(addr, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + + s->addr_tree = (addr_node *) malloc(sizeof(addr_node)); + if(!s->addr_tree) return; + + s->addr_tree->addr = addr; + s->addr_tree->count = 1; + s->addr_tree->left = NULL; + s->addr_tree->right = NULL; + HASH_ADD_INT(*stats, port, s); } + int count = updateIpTree(addr, &(*s).addr_tree); + if(count == UPDATED_TREE) s->num_addr++; + if(count) { + s->cumulative_addr++; + updateTopIpAddress(addr, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + } + s->num_pkts += num_pkts, s->num_bytes += num_bytes; + } /* *********************************************** */ @@ -786,6 +916,8 @@ static void deletePortsStats(struct port_stats *stats) { HASH_ITER(hh, stats, current_port, tmp) { HASH_DEL(stats, current_port); + freeIpTree(current_port->addr_tree); + free(current_port->addr_tree); free(current_port); } } @@ -798,14 +930,18 @@ static void deletePortsStats(struct port_stats *stats) { static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t sport, dport; + u_int32_t saddr, daddr; - if(flow->src_to_dst_direction == 1) - sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); - else - sport = ntohs(flow->upper_port), dport = ntohs(flow->lower_port); - - updatePortStats(&srcStats, sport, flow->packets, flow->bytes); - updatePortStats(&dstStats, dport, flow->packets, flow->bytes); + if(flow->src_to_dst_direction == 1) { + sport = ntohs(flow->lower_port), dport = ntohs(flow->upper_port); + saddr = flow->lower_ip, daddr = flow->upper_ip; + } + else { + sport = ntohs(flow->upper_port), dport = ntohs(flow->lower_port); + saddr = flow->upper_ip, daddr = flow->lower_ip; + } + updatePortStats(&srcStats, sport, saddr, flow->packets, flow->bytes); + updatePortStats(&dstStats, dport, daddr, flow->packets, flow->bytes); } /* *********************************************** */ @@ -1050,13 +1186,38 @@ static int port_stats_sort(void *_a, void *_b) { /* *********************************************** */ +static int info_pair_cmp (const void *_a, const void *_b) +{ + struct info_pair *a = (struct info_pair *)_a; + struct info_pair *b = (struct info_pair *)_b; + return b->count - a->count; +} + +/* *********************************************** */ + void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; + char ip_name[48]; int i = 0; + int first = 1; + HASH_ITER(hh, stats, s, tmp) { i++; - printf("\t%2d\tPort %5u\t[%u pkts/%u bytes]\n", i, s->port, s->num_pkts, s->num_bytes); + printf("\t%2d\tPort %5u\t[%u IP address/%u pkts/%u bytes]\n", i, s->port, s->num_addr, s->num_pkts, s->num_bytes); + + qsort(&s->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); + + for(int i=0;itop_ip_addrs[i].count != 0) { + inet_ntop(AF_INET, &s->top_ip_addrs[i].addr, ip_name, sizeof(ip_name)); + printf("\t\t\t\t%s\t%s ~ %.2f%%\n", (first) ? "Top IP Stats:" : "\t", + ip_name, ((s->top_ip_addrs[i].count) * 100.0) / s->cumulative_addr); + first = 0; + } + } + printf("\n"); + first = 1; if(i >= 10) break; } } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 9d8f1e446..ca9f20274 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -38,7 +38,8 @@ #define NUM_ROOTS 512 #define MAX_NDPI_FLOWS 200000000 #define TICK_RESOLUTION 1000 - +#define MAX_NUM_IP_ADDRESS 5 /* len of ip address array */ +#define UPDATED_TREE 1 // flow tracking typedef struct ndpi_flow_info { -- cgit v1.2.3 From 32d02836f01c2c2938750e608c64e0c98775649b Mon Sep 17 00:00:00 2001 From: berat Date: Mon, 1 May 2017 14:37:12 +0200 Subject: fixed syntax for gcc compiler --- example/ndpiReader.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 63e33d783..8fa1b10ce 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -832,6 +832,7 @@ void freeIpTree(addr_node *root) { void updateTopIpAddress(u_int32_t addr, int count, struct info_pair top[], int size){ int update = 0; + int i; int min_i = 0; int min = count; @@ -842,7 +843,7 @@ void updateTopIpAddress(u_int32_t addr, int count, struct info_pair top[], int s /* if the same ip with a bigger count just update it */ - for(int i=0; itop_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); - for(int i=0;itop_ip_addrs[i].count != 0) { - inet_ntop(AF_INET, &s->top_ip_addrs[i].addr, ip_name, sizeof(ip_name)); + for(j=0; jtop_ip_addrs[j].count != 0) { + inet_ntop(AF_INET, &s->top_ip_addrs[j].addr, ip_name, sizeof(ip_name)); printf("\t\t\t\t%s\t%s ~ %.2f%%\n", (first) ? "Top IP Stats:" : "\t", - ip_name, ((s->top_ip_addrs[i].count) * 100.0) / s->cumulative_addr); + ip_name, ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); first = 0; } } + printf("\n"); first = 1; + if(i >= 10) break; } } -- cgit v1.2.3 From a03a343723889c49c33c1011aac13ef61c36f7b7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 1 May 2017 19:44:46 +0200 Subject: Minor code cleanup --- example/ndpiReader.c | 103 ++++++++++++++++++++++++++------------------------- 1 file changed, 52 insertions(+), 51 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8fa1b10ce..ac3d75e77 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -98,9 +98,9 @@ typedef struct node_a{ struct port_stats { u_int32_t port; /* we'll use this field as the key */ u_int32_t num_pkts, num_bytes; - u_int32_t num_addr; /*to hold number of distinct IP addresses*/ - u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses*/ - addr_node *addr_tree; /* to hold distinct IP addresses*/ + u_int32_t num_addr; /*to hold number of distinct IP addresses */ + u_int32_t cumulative_addr; /*to hold cumulative some of IP addresses */ + addr_node *addr_tree; /* to hold distinct IP addresses */ struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS]; UT_hash_handle hh; /* makes this structure hashable */ }; @@ -782,50 +782,52 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ -int updateIpTree(const u_int32_t key, addr_node **vrootp){ - addr_node *q; - addr_node **rootp = vrootp; +int updateIpTree(const u_int32_t key, addr_node **vrootp) { + addr_node *q; + addr_node **rootp = vrootp; - if(rootp == (addr_node **)0) - return 0; + if(rootp == (addr_node **)0) + return 0; - while (*rootp != (addr_node *)0) { /* Knuth's T1: */ + while (*rootp != (addr_node *)0) { /* Knuth's T1: */ + if(key == ((*rootp)->addr)) { /* T2: */ + return ++((*rootp)->count); + } - if(key == ((*rootp)->addr)) { /* T2: */ - return ++((*rootp)->count); - } + rootp = (key < ((*rootp)->addr)) ? + &(*rootp)->left : /* T3: follow left branch */ + &(*rootp)->right; /* T4: follow right branch */ + } - rootp = (key < ((*rootp)->addr)) ? - &(*rootp)->left : /* T3: follow left branch */ - &(*rootp)->right; /* T4: follow right branch */ - } - q = (addr_node *) malloc(sizeof(addr_node)); /* T5: key not found */ - if(q != (addr_node *)0) { /* make new node */ - *rootp = q; /* link new node to old */ - q->addr = key; /* initialize new node */ - q->count = 1; - q->left = q->right = (addr_node *)0; - return q->count; - } + q = (addr_node *) malloc(sizeof(addr_node)); /* T5: key not found */ + if(q != (addr_node *)0) { /* make new node */ + *rootp = q; /* link new node to old */ + q->addr = key; /* initialize new node */ + q->count = UPDATED_TREE; + q->left = q->right = (addr_node *)0; + return q->count; + } + return(0); } /* *********************************************** */ void freeIpTree(addr_node *root) { - while (root != NULL) { - addr_node *left = root->left; - if (left == NULL) { - addr_node *right = root->right; - root->right = NULL; - root = right; - } else { - /* Rotate the left child up.*/ - root->left = left->right; - left->right = root; - root = left; - } + while (root != NULL) { + addr_node *left = root->left; + + if(left == NULL) { + addr_node *right = root->right; + root->right = NULL; + root = right; + } else { + /* Rotate the left child up.*/ + root->left = left->right; + left->right = root; + root = left; } + } } /* *********************************************** */ @@ -844,7 +846,7 @@ void updateTopIpAddress(u_int32_t addr, int count, struct info_pair top[], int s /* if the same ip with a bigger count just update it */ for(i=0; inum_addr++; + if(count) { s->cumulative_addr++; updateTopIpAddress(addr, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); } s->num_pkts += num_pkts, s->num_bytes += num_bytes; - } /* *********************************************** */ @@ -1199,21 +1202,19 @@ static int info_pair_cmp (const void *_a, const void *_b) void printPortStats(struct port_stats *stats) { struct port_stats *s, *tmp; char ip_name[48]; - int i = 0; - int j = 0; - int first = 1; - + int i = 0, j = 0, first = 1; HASH_ITER(hh, stats, s, tmp) { i++; - printf("\t%2d\tPort %5u\t[%u IP address/%u pkts/%u bytes]\n", i, s->port, s->num_addr, s->num_pkts, s->num_bytes); + printf("\t%2d\tPort %5u\t[%u IP address(es)/%u pkts/%u bytes]\n\t\tTop IP Stats:\n", + i, s->port, s->num_addr, s->num_pkts, s->num_bytes); qsort(&s->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); for(j=0; jtop_ip_addrs[j].count != 0) { + if(s->top_ip_addrs[j].count != 0) { inet_ntop(AF_INET, &s->top_ip_addrs[j].addr, ip_name, sizeof(ip_name)); - printf("\t\t\t\t%s\t%s ~ %.2f%%\n", (first) ? "Top IP Stats:" : "\t", + printf("\t\t%-16s ~ %.2f%%\n", ip_name, ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); first = 0; } @@ -1331,7 +1332,7 @@ static void printResults(u_int64_t tot_usec) { float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; float traffic_duration; - if (live_capture) traffic_duration = tot_usec; + if(live_capture) traffic_duration = tot_usec; else traffic_duration = (pcap_end.tv_sec*1000000 + pcap_end.tv_usec) - (pcap_start.tv_sec*1000000 + pcap_start.tv_usec); printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)traffic_duration; @@ -1647,8 +1648,8 @@ static void pcap_process_packet(u_char *args, } /* Check if capture is live or not */ - if (!live_capture) { - if (!pcap_start.tv_sec) pcap_start.tv_sec = header->ts.tv_sec, pcap_start.tv_usec = header->ts.tv_usec; + if(!live_capture) { + if(!pcap_start.tv_sec) pcap_start.tv_sec = header->ts.tv_sec, pcap_start.tv_usec = header->ts.tv_usec; pcap_end.tv_sec = header->ts.tv_sec, pcap_end.tv_usec = header->ts.tv_usec; } -- cgit v1.2.3